[BACK]Return to auth.c CVS log [TXT][DIR] Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/auth.c between version 1.41.2.5 and 1.42

version 1.41.2.5, 2003/04/03 22:35:16 version 1.42, 2002/05/13 20:44:58
Line 323 
Line 323 
   
 /*  /*
  * Check a given file for security. This is defined as all components   * Check a given file for security. This is defined as all components
  * of the path to the file must be owned by either the owner of   * of the path to the file must either be owned by either the owner of
  * of the file or root and no directories must be group or world writable.   * of the file or root and no directories must be group or world writable.
  *   *
  * XXX Should any specific check be done for sym links ?   * XXX Should any specific check be done for sym links ?
Line 340 
Line 340 
         uid_t uid = pw->pw_uid;          uid_t uid = pw->pw_uid;
         char buf[MAXPATHLEN], homedir[MAXPATHLEN];          char buf[MAXPATHLEN], homedir[MAXPATHLEN];
         char *cp;          char *cp;
         int comparehome = 0;  
         struct stat st;          struct stat st;
   
         if (realpath(file, buf) == NULL) {          if (realpath(file, buf) == NULL) {
Line 348 
Line 347 
                     strerror(errno));                      strerror(errno));
                 return -1;                  return -1;
         }          }
         if (realpath(pw->pw_dir, homedir) != NULL)          if (realpath(pw->pw_dir, homedir) == NULL) {
                 comparehome = 1;                  snprintf(err, errlen, "realpath %s failed: %s", pw->pw_dir,
                       strerror(errno));
                   return -1;
           }
   
         /* check the open file to avoid races */          /* check the open file to avoid races */
         if (fstat(fileno(f), &st) < 0 ||          if (fstat(fileno(f), &st) < 0 ||
Line 378 
Line 380 
                 }                  }
   
                 /* If are passed the homedir then we can stop */                  /* If are passed the homedir then we can stop */
                 if (comparehome && strcmp(homedir, buf) == 0) {                  if (strcmp(homedir, buf) == 0) {
                         debug3("secure_filename: terminating check at '%s'",                          debug3("secure_filename: terminating check at '%s'",
                             buf);                              buf);
                         break;                          break;
Line 405 
Line 407 
         struct passwd *pw;          struct passwd *pw;
   
         pw = getpwnam(user);          pw = getpwnam(user);
         if (pw == NULL) {          if (pw == NULL || !allowed_user(pw))
                 log("Illegal user %.100s from %.100s",  
                     user, get_remote_ipaddr());  
                 return (NULL);                  return (NULL);
         }  
         if (!allowed_user(pw))  
                 return (NULL);  
 #ifdef HAVE_LOGIN_CAP  #ifdef HAVE_LOGIN_CAP
         if ((lc = login_getclass(pw->pw_class)) == NULL) {          if ((lc = login_getclass(pw->pw_class)) == NULL) {
                 debug("unable to get login class: %s", user);                  debug("unable to get login class: %s", user);
Line 419 
Line 416 
         }          }
 #ifdef BSD_AUTH  #ifdef BSD_AUTH
         if ((as = auth_open()) == NULL || auth_setpwd(as, pw) != 0 ||          if ((as = auth_open()) == NULL || auth_setpwd(as, pw) != 0 ||
             auth_approval(as, lc, pw->pw_name, "ssh") <= 0) {              auth_approval(NULL, lc, pw->pw_name, "ssh") <= 0) {
                 debug("Approval failure for %s", user);                  debug("Approval failure for %s", user);
                 pw = NULL;                  pw = NULL;
         }          }
Legend:
Removed from v.1.41.2.5  
changed lines
  Added in v.1.42