diff options
Diffstat (limited to 'auth.c')
| -rw-r--r-- | auth.c | 32 |
1 files changed, 19 insertions, 13 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: auth.c,v 1.89 2010/08/04 05:42:47 djm Exp $ */ | 1 | /* $OpenBSD: auth.c,v 1.91 2010/11/29 23:45:51 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -380,16 +380,15 @@ HostStatus | |||
| 380 | check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, | 380 | check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, |
| 381 | const char *sysfile, const char *userfile) | 381 | const char *sysfile, const char *userfile) |
| 382 | { | 382 | { |
| 383 | Key *found; | ||
| 384 | char *user_hostfile; | 383 | char *user_hostfile; |
| 385 | struct stat st; | 384 | struct stat st; |
| 386 | HostStatus host_status; | 385 | HostStatus host_status; |
| 386 | struct hostkeys *hostkeys; | ||
| 387 | const struct hostkey_entry *found; | ||
| 387 | 388 | ||
| 388 | /* Check if we know the host and its host key. */ | 389 | hostkeys = init_hostkeys(); |
| 389 | found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); | 390 | load_hostkeys(hostkeys, host, sysfile); |
| 390 | host_status = check_host_in_hostfile(sysfile, host, key, found, NULL); | 391 | if (userfile != NULL) { |
| 391 | |||
| 392 | if (host_status != HOST_OK && userfile != NULL) { | ||
| 393 | user_hostfile = tilde_expand_filename(userfile, pw->pw_uid); | 392 | user_hostfile = tilde_expand_filename(userfile, pw->pw_uid); |
| 394 | if (options.strict_modes && | 393 | if (options.strict_modes && |
| 395 | (stat(user_hostfile, &st) == 0) && | 394 | (stat(user_hostfile, &st) == 0) && |
| @@ -401,16 +400,23 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, | |||
| 401 | user_hostfile); | 400 | user_hostfile); |
| 402 | } else { | 401 | } else { |
| 403 | temporarily_use_uid(pw); | 402 | temporarily_use_uid(pw); |
| 404 | host_status = check_host_in_hostfile(user_hostfile, | 403 | load_hostkeys(hostkeys, host, user_hostfile); |
| 405 | host, key, found, NULL); | ||
| 406 | restore_uid(); | 404 | restore_uid(); |
| 407 | } | 405 | } |
| 408 | xfree(user_hostfile); | 406 | xfree(user_hostfile); |
| 409 | } | 407 | } |
| 410 | key_free(found); | 408 | host_status = check_key_in_hostkeys(hostkeys, key, &found); |
| 409 | if (host_status == HOST_REVOKED) | ||
| 410 | error("WARNING: revoked key for %s attempted authentication", | ||
| 411 | found->host); | ||
| 412 | else if (host_status == HOST_OK) | ||
| 413 | debug("%s: key for %s found at %s:%ld", __func__, | ||
| 414 | found->host, found->file, found->line); | ||
| 415 | else | ||
| 416 | debug("%s: key for host %s not found", __func__, host); | ||
| 417 | |||
| 418 | free_hostkeys(hostkeys); | ||
| 411 | 419 | ||
| 412 | debug2("check_key_in_hostfiles: key %s for %s", host_status == HOST_OK ? | ||
| 413 | "ok" : "not found", host); | ||
| 414 | return host_status; | 420 | return host_status; |
| 415 | } | 421 | } |
| 416 | 422 | ||
| @@ -516,7 +522,7 @@ auth_openfile(const char *file, struct passwd *pw, int strict_modes, | |||
| 516 | close(fd); | 522 | close(fd); |
| 517 | return NULL; | 523 | return NULL; |
| 518 | } | 524 | } |
| 519 | if (options.strict_modes && | 525 | if (strict_modes && |
| 520 | secure_filename(f, file, pw, line, sizeof(line)) != 0) { | 526 | secure_filename(f, file, pw, line, sizeof(line)) != 0) { |
| 521 | fclose(f); | 527 | fclose(f); |
| 522 | logit("Authentication refused: %s", line); | 528 | logit("Authentication refused: %s", line); |