[BACK]Return to auth-rsa.c CVS log [TXT][DIR] Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/Attic/auth-rsa.c between version 1.3 and 1.4

version 1.3, 1999/09/30 17:08:51 version 1.4, 1999/10/11 20:00:35
Line 127 
Line 127 
    successful.  This may exit if there is a serious protocol violation. */     successful.  This may exit if there is a serious protocol violation. */
   
 int  int
 auth_rsa(struct passwd *pw, BIGNUM *client_n)  auth_rsa(struct passwd *pw, BIGNUM *client_n, int strict_modes)
 {  {
   char line[8192];    char line[8192];
   int authenticated;    int authenticated;
Line 137 
Line 137 
   struct stat st;    struct stat st;
   BIGNUM *e, *n;    BIGNUM *e, *n;
   
   /* Open the file containing the authorized keys. */    /* Temporarily use the user's uid. */
     temporarily_use_uid(pw->pw_uid);
   
     /* The authorized keys. */
   snprintf(line, sizeof line, "%.500s/%.100s", pw->pw_dir,    snprintf(line, sizeof line, "%.500s/%.100s", pw->pw_dir,
     SSH_USER_PERMITTED_KEYS);      SSH_USER_PERMITTED_KEYS);
   
   /* Temporarily use the user's uid. */    /* Fail quietly if file does not exist */
   temporarily_use_uid(pw->pw_uid);  
   if (stat(line, &st) < 0)    if (stat(line, &st) < 0)
     {      {
       /* Restore the privileged uid. */        /* Restore the privileged uid. */
       restore_uid();        restore_uid();
       return 0;        return 0;
     }      }
   
     /* Open the file containing the authorized keys. */
   f = fopen(line, "r");    f = fopen(line, "r");
   if (!f)    if (!f)
     {      {
Line 158 
Line 162 
       packet_send_debug("If your home is on an NFS volume, it may need to be world-readable.");        packet_send_debug("If your home is on an NFS volume, it may need to be world-readable.");
       return 0;        return 0;
     }      }
   
     if (strict_modes) {
       int fail=0;
       char buf[1024];
       /* Check open file in order to avoid open/stat races */
       if (fstat(fileno(f), &st) < 0 ||
           (st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
           (st.st_mode & 022) != 0) {
         snprintf(buf, sizeof buf, "RSA authentication refused for %.100s: "
                  "bad ownership or modes for '%s'.", pw->pw_name, line);
         fail=1;
       }else{
         /* Check path to SSH_USER_PERMITTED_KEYS */
         int i;
         static const char *check[] = {
               "", SSH_USER_DIR, NULL
         };
         for (i=0; check[i]; i++) {
           snprintf(line, sizeof line, "%.500s/%.100s", pw->pw_dir, check[i]);
           if (stat(line, &st) < 0 ||
               (st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
               (st.st_mode & 022) != 0) {
             snprintf(buf, sizeof buf, "RSA authentication refused for %.100s: "
                      "bad ownership or modes for '%s'.", pw->pw_name, line);
             fail=1;
             break;
           }
         }
       }
       if (fail) {
         log(buf);
         packet_send_debug(buf);
         restore_uid();
         return 0;
       }
     }
   
   /* Flag indicating whether authentication has succeeded. */    /* Flag indicating whether authentication has succeeded. */
   authenticated = 0;    authenticated = 0;
Legend:
Removed from v.1.3  
changed lines
  Added in v.1.4