summaryrefslogtreecommitdiff
path: root/auth.c
diff options
context:
space:
mode:
Diffstat (limited to 'auth.c')
-rw-r--r--auth.c68
1 files changed, 26 insertions, 42 deletions
diff --git a/auth.c b/auth.c
index 46b013137..2dc5c2be6 100644
--- a/auth.c
+++ b/auth.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: auth.c,v 1.58 2005/03/14 11:44:42 dtucker Exp $"); 26RCSID("$OpenBSD: auth.c,v 1.60 2005/06/17 02:44:32 djm Exp $");
27 27
28#ifdef HAVE_LOGIN_H 28#ifdef HAVE_LOGIN_H
29#include <login.h> 29#include <login.h>
@@ -76,7 +76,7 @@ allowed_user(struct passwd * pw)
76 struct stat st; 76 struct stat st;
77 const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL; 77 const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL;
78 char *shell; 78 char *shell;
79 int i; 79 u_int i;
80#ifdef USE_SHADOW 80#ifdef USE_SHADOW
81 struct spwd *spw = NULL; 81 struct spwd *spw = NULL;
82#endif 82#endif
@@ -97,7 +97,11 @@ allowed_user(struct passwd * pw)
97 /* grab passwd field for locked account check */ 97 /* grab passwd field for locked account check */
98#ifdef USE_SHADOW 98#ifdef USE_SHADOW
99 if (spw != NULL) 99 if (spw != NULL)
100#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
101 passwd = get_iaf_password(pw);
102#else
100 passwd = spw->sp_pwdp; 103 passwd = spw->sp_pwdp;
104#endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */
101#else 105#else
102 passwd = pw->pw_passwd; 106 passwd = pw->pw_passwd;
103#endif 107#endif
@@ -119,6 +123,9 @@ allowed_user(struct passwd * pw)
119 if (strstr(passwd, LOCKED_PASSWD_SUBSTR)) 123 if (strstr(passwd, LOCKED_PASSWD_SUBSTR))
120 locked = 1; 124 locked = 1;
121#endif 125#endif
126#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
127 free(passwd);
128#endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */
122 if (locked) { 129 if (locked) {
123 logit("User %.100s not allowed because account is locked", 130 logit("User %.100s not allowed because account is locked",
124 pw->pw_name); 131 pw->pw_name);
@@ -326,64 +333,41 @@ auth_root_allowed(char *method)
326 * 333 *
327 * This returns a buffer allocated by xmalloc. 334 * This returns a buffer allocated by xmalloc.
328 */ 335 */
329char * 336static char *
330expand_filename(const char *filename, struct passwd *pw) 337expand_authorized_keys(const char *filename, struct passwd *pw)
331{ 338{
332 Buffer buffer; 339 char *file, *ret;
333 char *file;
334 const char *cp;
335 340
336 /* 341 file = percent_expand(filename, "h", pw->pw_dir,
337 * Build the filename string in the buffer by making the appropriate 342 "u", pw->pw_name, (char *)NULL);
338 * substitutions to the given file name.
339 */
340 buffer_init(&buffer);
341 for (cp = filename; *cp; cp++) {
342 if (cp[0] == '%' && cp[1] == '%') {
343 buffer_append(&buffer, "%", 1);
344 cp++;
345 continue;
346 }
347 if (cp[0] == '%' && cp[1] == 'h') {
348 buffer_append(&buffer, pw->pw_dir, strlen(pw->pw_dir));
349 cp++;
350 continue;
351 }
352 if (cp[0] == '%' && cp[1] == 'u') {
353 buffer_append(&buffer, pw->pw_name,
354 strlen(pw->pw_name));
355 cp++;
356 continue;
357 }
358 buffer_append(&buffer, cp, 1);
359 }
360 buffer_append(&buffer, "\0", 1);
361 343
362 /* 344 /*
363 * Ensure that filename starts anchored. If not, be backward 345 * Ensure that filename starts anchored. If not, be backward
364 * compatible and prepend the '%h/' 346 * compatible and prepend the '%h/'
365 */ 347 */
366 file = xmalloc(MAXPATHLEN); 348 if (*file == '/')
367 cp = buffer_ptr(&buffer); 349 return (file);
368 if (*cp != '/') 350
369 snprintf(file, MAXPATHLEN, "%s/%s", pw->pw_dir, cp); 351 ret = xmalloc(MAXPATHLEN);
370 else 352 if (strlcpy(ret, pw->pw_dir, MAXPATHLEN) >= MAXPATHLEN ||
371 strlcpy(file, cp, MAXPATHLEN); 353 strlcat(ret, "/", MAXPATHLEN) >= MAXPATHLEN ||
354 strlcat(ret, file, MAXPATHLEN) >= MAXPATHLEN)
355 fatal("expand_authorized_keys: path too long");
372 356
373 buffer_free(&buffer); 357 xfree(file);
374 return file; 358 return (ret);
375} 359}
376 360
377char * 361char *
378authorized_keys_file(struct passwd *pw) 362authorized_keys_file(struct passwd *pw)
379{ 363{
380 return expand_filename(options.authorized_keys_file, pw); 364 return expand_authorized_keys(options.authorized_keys_file, pw);
381} 365}
382 366
383char * 367char *
384authorized_keys_file2(struct passwd *pw) 368authorized_keys_file2(struct passwd *pw)
385{ 369{
386 return expand_filename(options.authorized_keys_file2, pw); 370 return expand_authorized_keys(options.authorized_keys_file2, pw);
387} 371}
388 372
389/* return ok if key exists in sysfile or userfile */ 373/* return ok if key exists in sysfile or userfile */