summaryrefslogtreecommitdiff
path: root/auth.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2009-12-29 21:32:03 +0000
committerColin Watson <cjwatson@debian.org>2009-12-29 21:32:03 +0000
commit04942aa41fa94ec6f2c3ce1d348f600f31bb7c78 (patch)
treeaf8e928bd79d3f2d0219bb5b2c78b573ec31d94c /auth.c
parent9ad7b718d42e43f3a285fcbc8f91193931fce324 (diff)
parent16704d57999d987fb8d9ba53379841a79f016d67 (diff)
import openssh-4.2p1-gsskex-20050926-2.patch
Diffstat (limited to 'auth.c')
-rw-r--r--auth.c71
1 files changed, 28 insertions, 43 deletions
diff --git a/auth.c b/auth.c
index 256807683..2dc5c2be6 100644
--- a/auth.c
+++ b/auth.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: auth.c,v 1.57 2005/01/22 08:17:59 dtucker Exp $"); 26RCSID("$OpenBSD: auth.c,v 1.60 2005/06/17 02:44:32 djm Exp $");
27 27
28#ifdef HAVE_LOGIN_H 28#ifdef HAVE_LOGIN_H
29#include <login.h> 29#include <login.h>
@@ -76,7 +76,7 @@ allowed_user(struct passwd * pw)
76 struct stat st; 76 struct stat st;
77 const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL; 77 const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL;
78 char *shell; 78 char *shell;
79 int i; 79 u_int i;
80#ifdef USE_SHADOW 80#ifdef USE_SHADOW
81 struct spwd *spw = NULL; 81 struct spwd *spw = NULL;
82#endif 82#endif
@@ -97,7 +97,11 @@ allowed_user(struct passwd * pw)
97 /* grab passwd field for locked account check */ 97 /* grab passwd field for locked account check */
98#ifdef USE_SHADOW 98#ifdef USE_SHADOW
99 if (spw != NULL) 99 if (spw != NULL)
100#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
101 passwd = get_iaf_password(pw);
102#else
100 passwd = spw->sp_pwdp; 103 passwd = spw->sp_pwdp;
104#endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */
101#else 105#else
102 passwd = pw->pw_passwd; 106 passwd = pw->pw_passwd;
103#endif 107#endif
@@ -119,6 +123,9 @@ allowed_user(struct passwd * pw)
119 if (strstr(passwd, LOCKED_PASSWD_SUBSTR)) 123 if (strstr(passwd, LOCKED_PASSWD_SUBSTR))
120 locked = 1; 124 locked = 1;
121#endif 125#endif
126#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
127 free(passwd);
128#endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */
122 if (locked) { 129 if (locked) {
123 logit("User %.100s not allowed because account is locked", 130 logit("User %.100s not allowed because account is locked",
124 pw->pw_name); 131 pw->pw_name);
@@ -145,7 +152,8 @@ allowed_user(struct passwd * pw)
145 return 0; 152 return 0;
146 } 153 }
147 154
148 if (options.num_deny_users > 0 || options.num_allow_users > 0) { 155 if (options.num_deny_users > 0 || options.num_allow_users > 0 ||
156 options.num_deny_groups > 0 || options.num_allow_groups > 0) {
149 hostname = get_canonical_hostname(options.use_dns); 157 hostname = get_canonical_hostname(options.use_dns);
150 ipaddr = get_remote_ipaddr(); 158 ipaddr = get_remote_ipaddr();
151 } 159 }
@@ -325,64 +333,41 @@ auth_root_allowed(char *method)
325 * 333 *
326 * This returns a buffer allocated by xmalloc. 334 * This returns a buffer allocated by xmalloc.
327 */ 335 */
328char * 336static char *
329expand_filename(const char *filename, struct passwd *pw) 337expand_authorized_keys(const char *filename, struct passwd *pw)
330{ 338{
331 Buffer buffer; 339 char *file, *ret;
332 char *file;
333 const char *cp;
334 340
335 /* 341 file = percent_expand(filename, "h", pw->pw_dir,
336 * Build the filename string in the buffer by making the appropriate 342 "u", pw->pw_name, (char *)NULL);
337 * substitutions to the given file name.
338 */
339 buffer_init(&buffer);
340 for (cp = filename; *cp; cp++) {
341 if (cp[0] == '%' && cp[1] == '%') {
342 buffer_append(&buffer, "%", 1);
343 cp++;
344 continue;
345 }
346 if (cp[0] == '%' && cp[1] == 'h') {
347 buffer_append(&buffer, pw->pw_dir, strlen(pw->pw_dir));
348 cp++;
349 continue;
350 }
351 if (cp[0] == '%' && cp[1] == 'u') {
352 buffer_append(&buffer, pw->pw_name,
353 strlen(pw->pw_name));
354 cp++;
355 continue;
356 }
357 buffer_append(&buffer, cp, 1);
358 }
359 buffer_append(&buffer, "\0", 1);
360 343
361 /* 344 /*
362 * Ensure that filename starts anchored. If not, be backward 345 * Ensure that filename starts anchored. If not, be backward
363 * compatible and prepend the '%h/' 346 * compatible and prepend the '%h/'
364 */ 347 */
365 file = xmalloc(MAXPATHLEN); 348 if (*file == '/')
366 cp = buffer_ptr(&buffer); 349 return (file);
367 if (*cp != '/') 350
368 snprintf(file, MAXPATHLEN, "%s/%s", pw->pw_dir, cp); 351 ret = xmalloc(MAXPATHLEN);
369 else 352 if (strlcpy(ret, pw->pw_dir, MAXPATHLEN) >= MAXPATHLEN ||
370 strlcpy(file, cp, MAXPATHLEN); 353 strlcat(ret, "/", MAXPATHLEN) >= MAXPATHLEN ||
354 strlcat(ret, file, MAXPATHLEN) >= MAXPATHLEN)
355 fatal("expand_authorized_keys: path too long");
371 356
372 buffer_free(&buffer); 357 xfree(file);
373 return file; 358 return (ret);
374} 359}
375 360
376char * 361char *
377authorized_keys_file(struct passwd *pw) 362authorized_keys_file(struct passwd *pw)
378{ 363{
379 return expand_filename(options.authorized_keys_file, pw); 364 return expand_authorized_keys(options.authorized_keys_file, pw);
380} 365}
381 366
382char * 367char *
383authorized_keys_file2(struct passwd *pw) 368authorized_keys_file2(struct passwd *pw)
384{ 369{
385 return expand_filename(options.authorized_keys_file2, pw); 370 return expand_authorized_keys(options.authorized_keys_file2, pw);
386} 371}
387 372
388/* return ok if key exists in sysfile or userfile */ 373/* return ok if key exists in sysfile or userfile */
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-17 10:44:17 +0000