summaryrefslogtreecommitdiff
path: root/auth2-pubkey.c
diff options
context:
space:
mode:
Diffstat (limited to 'auth2-pubkey.c')
-rw-r--r--auth2-pubkey.c38
1 files changed, 5 insertions, 33 deletions
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index 306515000..daa751ca0 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-pubkey.c,v 1.17 2008/06/13 14:18:51 dtucker Exp $ */ 1/* $OpenBSD: auth2-pubkey.c,v 1.18 2008/07/02 12:03:51 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -182,10 +182,9 @@ static int
182user_key_allowed2(struct passwd *pw, Key *key, char *file) 182user_key_allowed2(struct passwd *pw, Key *key, char *file)
183{ 183{
184 char line[SSH_MAX_PUBKEY_BYTES]; 184 char line[SSH_MAX_PUBKEY_BYTES];
185 int found_key = 0, fd; 185 int found_key = 0;
186 FILE *f; 186 FILE *f;
187 u_long linenum = 0; 187 u_long linenum = 0;
188 struct stat st;
189 Key *found; 188 Key *found;
190 char *fp; 189 char *fp;
191 190
@@ -193,37 +192,10 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file)
193 temporarily_use_uid(pw); 192 temporarily_use_uid(pw);
194 193
195 debug("trying public key file %s", file); 194 debug("trying public key file %s", file);
195 f = auth_openkeyfile(file, pw, options.strict_modes);
196 196
197 /* 197 if (!f) {
198 * Open the file containing the authorized keys 198 xfree(file);
199 * Fail quietly if file does not exist
200 */
201 if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1) {
202 restore_uid();
203 return 0;
204 }
205 if (fstat(fd, &st) < 0) {
206 close(fd);
207 restore_uid();
208 return 0;
209 }
210 if (!S_ISREG(st.st_mode)) {
211 logit("User %s authorized keys %s is not a regular file",
212 pw->pw_name, file);
213 close(fd);
214 restore_uid();
215 return 0;
216 }
217 unset_nonblock(fd);
218 if ((f = fdopen(fd, "r")) == NULL) {
219 close(fd);
220 restore_uid();
221 return 0;
222 }
223 if (options.strict_modes &&
224 secure_filename(f, file, pw, line, sizeof(line)) != 0) {
225 fclose(f);
226 logit("Authentication refused: %s", line);
227 restore_uid(); 199 restore_uid();
228 return 0; 200 return 0;
229 } 201 }