[BACK]Return to auth.c CVS log [TXT][DIR] Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/auth.c between version 1.41 and 1.41.2.5

version 1.41, 2002/03/19 15:31:47 version 1.41.2.5, 2003/04/03 22:35:16
Line 40 
Line 40 
 #include "uidswap.h"  #include "uidswap.h"
 #include "tildexpand.h"  #include "tildexpand.h"
 #include "misc.h"  #include "misc.h"
   #include "bufaux.h"
   #include "packet.h"
   
 /* import */  /* import */
 extern ServerOptions options;  extern ServerOptions options;
   
   /* Debugging messages */
   Buffer auth_debug;
   int auth_debug_init;
   
 /*  /*
  * Check if the user is allowed to log in via ssh. If user is listed   * Check if the user is allowed to log in via ssh. If user is listed
  * in DenyUsers or one of user's groups is listed in DenyGroups, false   * in DenyUsers or one of user's groups is listed in DenyGroups, false
Line 317 
Line 323 
   
 /*  /*
  * Check a given file for security. This is defined as all components   * Check a given file for security. This is defined as all components
  * of the path to the file must either be owned by either the owner of   * of the path to the file must be owned by either the owner of
  * of the file or root and no directories must be group or world writable.   * of the file or root and no directories must be group or world writable.
  *   *
  * XXX Should any specific check be done for sym links ?   * XXX Should any specific check be done for sym links ?
Line 334 
Line 340 
         uid_t uid = pw->pw_uid;          uid_t uid = pw->pw_uid;
         char buf[MAXPATHLEN], homedir[MAXPATHLEN];          char buf[MAXPATHLEN], homedir[MAXPATHLEN];
         char *cp;          char *cp;
           int comparehome = 0;
         struct stat st;          struct stat st;
   
         if (realpath(file, buf) == NULL) {          if (realpath(file, buf) == NULL) {
Line 341 
Line 348 
                     strerror(errno));                      strerror(errno));
                 return -1;                  return -1;
         }          }
         if (realpath(pw->pw_dir, homedir) == NULL) {          if (realpath(pw->pw_dir, homedir) != NULL)
                 snprintf(err, errlen, "realpath %s failed: %s", pw->pw_dir,                  comparehome = 1;
                     strerror(errno));  
                 return -1;  
         }  
   
         /* check the open file to avoid races */          /* check the open file to avoid races */
         if (fstat(fileno(f), &st) < 0 ||          if (fstat(fileno(f), &st) < 0 ||
Line 374 
Line 378 
                 }                  }
   
                 /* If are passed the homedir then we can stop */                  /* If are passed the homedir then we can stop */
                 if (strcmp(homedir, buf) == 0) {                  if (comparehome && strcmp(homedir, buf) == 0) {
                         debug3("secure_filename: terminating check at '%s'",                          debug3("secure_filename: terminating check at '%s'",
                             buf);                              buf);
                         break;                          break;
Line 401 
Line 405 
         struct passwd *pw;          struct passwd *pw;
   
         pw = getpwnam(user);          pw = getpwnam(user);
         if (pw == NULL || !allowed_user(pw))          if (pw == NULL) {
                   log("Illegal user %.100s from %.100s",
                       user, get_remote_ipaddr());
                 return (NULL);                  return (NULL);
           }
           if (!allowed_user(pw))
                   return (NULL);
 #ifdef HAVE_LOGIN_CAP  #ifdef HAVE_LOGIN_CAP
         if ((lc = login_getclass(pw->pw_class)) == NULL) {          if ((lc = login_getclass(pw->pw_class)) == NULL) {
                 debug("unable to get login class: %s", user);                  debug("unable to get login class: %s", user);
Line 410 
Line 419 
         }          }
 #ifdef BSD_AUTH  #ifdef BSD_AUTH
         if ((as = auth_open()) == NULL || auth_setpwd(as, pw) != 0 ||          if ((as = auth_open()) == NULL || auth_setpwd(as, pw) != 0 ||
             auth_approval(NULL, lc, pw->pw_name, "ssh") <= 0) {              auth_approval(as, lc, pw->pw_name, "ssh") <= 0) {
                 debug("Approval failure for %s", user);                  debug("Approval failure for %s", user);
                 pw = NULL;                  pw = NULL;
         }          }
Line 421 
Line 430 
         if (pw != NULL)          if (pw != NULL)
                 return (pwcopy(pw));                  return (pwcopy(pw));
         return (NULL);          return (NULL);
   }
   
   void
   auth_debug_add(const char *fmt,...)
   {
           char buf[1024];
           va_list args;
   
           if (!auth_debug_init)
                   return;
   
           va_start(args, fmt);
           vsnprintf(buf, sizeof(buf), fmt, args);
           va_end(args);
           buffer_put_cstring(&auth_debug, buf);
   }
   
   void
   auth_debug_send(void)
   {
           char *msg;
   
           if (!auth_debug_init)
                   return;
           while (buffer_len(&auth_debug)) {
                   msg = buffer_get_string(&auth_debug, NULL);
                   packet_send_debug("%s", msg);
                   xfree(msg);
           }
   }
   
   void
   auth_debug_reset(void)
   {
           if (auth_debug_init)
                   buffer_clear(&auth_debug);
           else {
                   buffer_init(&auth_debug);
                   auth_debug_init = 1;
           }
 }  }
Legend:
Removed from v.1.41  
changed lines
  Added in v.1.41.2.5