src/usr.bin/ssh/auth-rsa.c - diff

Return to auth-rsa.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/Attic/auth-rsa.c between version 1.40 and 1.40.2.1

version 1.40, 2001/04/06 21:00:07

version 1.40.2.1, 2001/09/27 19:03:54

Line 122

int

auth_rsa(struct passwd *pw, BIGNUM *client_n)

{

char line[8192], file[MAXPATHLEN];

char line[8192], *file;

int authenticated;

u_int bits;

FILE *f;

Line 138

temporarily_use_uid(pw);

/* The authorized keys. */

snprintf(file, sizeof file, "%.500s/%.100s", pw->pw_dir,

file = authorized_keys_file(pw);

_PATH_SSH_USER_PERMITTED_KEYS);

debug("trying public RSA key file %s", file);

/* Fail quietly if file does not exist */

if (stat(file, &st) < 0) {

/* Restore the privileged uid. */

restore_uid();

xfree(file);

return 0;

}

/* Open the file containing the authorized keys. */

Line 154

Line 155

restore_uid();

packet_send_debug("Could not open %.900s for reading.", file);

packet_send_debug("If your home is on an NFS volume, it may need to be world-readable.");

xfree(file);

return 0;

}

if (options.strict_modes) {

if (options.strict_modes &&

int fail = 0;

secure_filename(f, file, pw, line, sizeof(line)) != 0) {

char buf[1024];

xfree(file);

/* Check open file in order to avoid open/stat races */

fclose(f);

if (fstat(fileno(f), &st) < 0 ||

log("Authentication refused: %s", line);

(st.st_uid != 0 && st.st_uid != pw->pw_uid) ||

packet_send_debug("Authentication refused: %s", line);

(st.st_mode & 022) != 0) {

restore_uid();

snprintf(buf, sizeof buf, "RSA authentication refused for %.100s: "

return 0;

"bad ownership or modes for '%s'.", pw->pw_name, file);

fail = 1;

} else {

/* Check path to _PATH_SSH_USER_PERMITTED_KEYS */

int i;

static const char *check[] = {

"", _PATH_SSH_USER_DIR, NULL

};

for (i = 0; check[i]; i++) {

snprintf(line, sizeof line, "%.500s/%.100s", pw->pw_dir, check[i]);

if (stat(line, &st) < 0 ||

(st.st_uid != 0 && st.st_uid != pw->pw_uid) ||

(st.st_mode & 022) != 0) {

snprintf(buf, sizeof buf, "RSA authentication refused for %.100s: "

"bad ownership or modes for '%s'.", pw->pw_name, line);

fail = 1;

break;

}

if (fail) {

fclose(f);

log("%s", buf);

packet_send_debug("%s", buf);

restore_uid();

return 0;

}

/* Flag indicating whether authentication has succeeded. */

authenticated = 0;

Line 236

Line 211

/* Parse the key from the line. */

if (!auth_rsa_read_key(&cp, &bits, pk->e, pk->n)) {

debug("%.100s, line %lu: bad key syntax",

debug("%.100s, line %lu: non ssh1 key syntax",

file, linenum);

packet_send_debug("%.100s, line %lu: bad key syntax",

file, linenum);

continue;

}

/* cp now points to the comment part. */

Line 250

Line 223

/* check the real bits */

if (bits != BN_num_bits(pk->n))

log("Warning: %s, line %ld: keysize mismatch: "

log("Warning: %s, line %lu: keysize mismatch: "

"actual %d vs. announced %d.",

file, linenum, BN_num_bits(pk->n), bits);

Line 285

Line 258

restore_uid();

/* Close the file. */

xfree(file);

fclose(f);

RSA_free(pk);