summaryrefslogtreecommitdiff
path: root/auth.c
diff options
context:
space:
mode:
Diffstat (limited to 'auth.c')
-rw-r--r--auth.c9
1 files changed, 3 insertions, 6 deletions
diff --git a/auth.c b/auth.c
index e6c094d1f..a99c4759b 100644
--- a/auth.c
+++ b/auth.c
@@ -422,8 +422,7 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,
422 user_hostfile = tilde_expand_filename(userfile, pw->pw_uid); 422 user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);
423 if (options.strict_modes && 423 if (options.strict_modes &&
424 (stat(user_hostfile, &st) == 0) && 424 (stat(user_hostfile, &st) == 0) &&
425 ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || 425 !secure_permissions(&st, pw->pw_uid)) {
426 (st.st_mode & 022) != 0)) {
427 logit("Authentication refused for %.100s: " 426 logit("Authentication refused for %.100s: "
428 "bad owner or modes for %.200s", 427 "bad owner or modes for %.200s",
429 pw->pw_name, user_hostfile); 428 pw->pw_name, user_hostfile);
@@ -485,8 +484,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir,
485 snprintf(err, errlen, "%s is not a regular file", buf); 484 snprintf(err, errlen, "%s is not a regular file", buf);
486 return -1; 485 return -1;
487 } 486 }
488 if ((!platform_sys_dir_uid(stp->st_uid) && stp->st_uid != uid) || 487 if (!secure_permissions(stp, uid)) {
489 (stp->st_mode & 022) != 0) {
490 snprintf(err, errlen, "bad ownership or modes for file %s", 488 snprintf(err, errlen, "bad ownership or modes for file %s",
491 buf); 489 buf);
492 return -1; 490 return -1;
@@ -501,8 +499,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir,
501 strlcpy(buf, cp, sizeof(buf)); 499 strlcpy(buf, cp, sizeof(buf));
502 500
503 if (stat(buf, &st) < 0 || 501 if (stat(buf, &st) < 0 ||
504 (!platform_sys_dir_uid(st.st_uid) && st.st_uid != uid) || 502 !secure_permissions(&st, uid)) {
505 (st.st_mode & 022) != 0) {
506 snprintf(err, errlen, 503 snprintf(err, errlen,
507 "bad ownership or modes for directory %s", buf); 504 "bad ownership or modes for directory %s", buf);
508 return -1; 505 return -1;