| version 1.62, 2006/02/20 17:19:53 |
version 1.62.2.1, 2006/09/30 04:06:50 |
|
|
| |
/* $OpenBSD$ */ |
| /* |
/* |
| * Copyright (c) 2000 Markus Friedl. All rights reserved. |
* Copyright (c) 2000 Markus Friedl. All rights reserved. |
| * |
* |
|
|
| * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| */ |
*/ |
| |
|
| #include "includes.h" |
|
| RCSID("$OpenBSD$"); |
|
| |
|
| #include <sys/types.h> |
#include <sys/types.h> |
| #include <sys/stat.h> |
#include <sys/stat.h> |
| |
#include <sys/param.h> |
| |
|
| |
#include <errno.h> |
| #include <libgen.h> |
#include <libgen.h> |
| #include <paths.h> |
#include <paths.h> |
| |
#include <pwd.h> |
| |
#include <stdarg.h> |
| |
#include <stdio.h> |
| |
#include <string.h> |
| |
|
| #include "xmalloc.h" |
#include "xmalloc.h" |
| #include "match.h" |
#include "match.h" |
| #include "groupaccess.h" |
#include "groupaccess.h" |
| #include "log.h" |
#include "log.h" |
| |
#include "buffer.h" |
| #include "servconf.h" |
#include "servconf.h" |
| |
#include "key.h" |
| |
#include "hostfile.h" |
| #include "auth.h" |
#include "auth.h" |
| #include "auth-options.h" |
#include "auth-options.h" |
| #include "canohost.h" |
#include "canohost.h" |
| #include "buffer.h" |
|
| #include "bufaux.h" |
|
| #include "uidswap.h" |
#include "uidswap.h" |
| #include "misc.h" |
#include "misc.h" |
| #include "bufaux.h" |
|
| #include "packet.h" |
#include "packet.h" |
| |
#ifdef GSSAPI |
| |
#include "ssh-gss.h" |
| |
#endif |
| |
#include "monitor_wrap.h" |
| |
|
| /* import */ |
/* import */ |
| extern ServerOptions options; |
extern ServerOptions options; |
| |
extern int use_privsep; |
| |
|
| /* Debugging messages */ |
/* Debugging messages */ |
| Buffer auth_debug; |
Buffer auth_debug; |
|
|
| void (*authlog) (const char *fmt,...) = verbose; |
void (*authlog) (const char *fmt,...) = verbose; |
| char *authmsg; |
char *authmsg; |
| |
|
| |
if (use_privsep && !mm_is_monitor() && !authctxt->postponed) |
| |
return; |
| |
|
| /* Raise logging level */ |
/* Raise logging level */ |
| if (authenticated == 1 || |
if (authenticated == 1 || |
| !authctxt->valid || |
!authctxt->valid || |
|
|
| switch (options.permit_root_login) { |
switch (options.permit_root_login) { |
| case PERMIT_YES: |
case PERMIT_YES: |
| return 1; |
return 1; |
| break; |
|
| case PERMIT_NO_PASSWD: |
case PERMIT_NO_PASSWD: |
| if (strcmp(method, "password") != 0) |
if (strcmp(method, "password") != 0) |
| return 1; |
return 1; |
|
|
| static char * |
static char * |
| expand_authorized_keys(const char *filename, struct passwd *pw) |
expand_authorized_keys(const char *filename, struct passwd *pw) |
| { |
{ |
| char *file, *ret; |
char *file, ret[MAXPATHLEN]; |
| |
int i; |
| |
|
| file = percent_expand(filename, "h", pw->pw_dir, |
file = percent_expand(filename, "h", pw->pw_dir, |
| "u", pw->pw_name, (char *)NULL); |
"u", pw->pw_name, (char *)NULL); |
|
|
| if (*file == '/') |
if (*file == '/') |
| return (file); |
return (file); |
| |
|
| ret = xmalloc(MAXPATHLEN); |
i = snprintf(ret, sizeof(ret), "%s/%s", pw->pw_dir, file); |
| if (strlcpy(ret, pw->pw_dir, MAXPATHLEN) >= MAXPATHLEN || |
if (i < 0 || (size_t)i >= sizeof(ret)) |
| strlcat(ret, "/", MAXPATHLEN) >= MAXPATHLEN || |
|
| strlcat(ret, file, MAXPATHLEN) >= MAXPATHLEN) |
|
| fatal("expand_authorized_keys: path too long"); |
fatal("expand_authorized_keys: path too long"); |
| |
|
| xfree(file); |
xfree(file); |
| return (ret); |
return (xstrdup(ret)); |
| } |
} |
| |
|
| char * |
char * |
|
|
| #endif |
#endif |
| #endif |
#endif |
| struct passwd *pw; |
struct passwd *pw; |
| |
|
| |
parse_server_match_config(&options, user, |
| |
get_canonical_hostname(options.use_dns), get_remote_ipaddr()); |
| |
|
| pw = getpwnam(user); |
pw = getpwnam(user); |
| if (pw == NULL) { |
if (pw == NULL) { |
![[BACK]](/icons/back.gif){kind=icon}
Return to auth.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh