version 1.78, 2007/09/21 08:15:29 |
version 1.79, 2008/07/02 12:03:51 |
|
|
#include <sys/param.h> |
#include <sys/param.h> |
|
|
#include <errno.h> |
#include <errno.h> |
|
#include <fcntl.h> |
#include <libgen.h> |
#include <libgen.h> |
#include <login_cap.h> |
#include <login_cap.h> |
#include <paths.h> |
#include <paths.h> |
|
|
* |
* |
* Returns 0 on success and -1 on failure |
* Returns 0 on success and -1 on failure |
*/ |
*/ |
int |
static int |
secure_filename(FILE *f, const char *file, struct passwd *pw, |
secure_filename(FILE *f, const char *file, struct passwd *pw, |
char *err, size_t errlen) |
char *err, size_t errlen) |
{ |
{ |
|
|
break; |
break; |
} |
} |
return 0; |
return 0; |
|
} |
|
|
|
FILE * |
|
auth_openkeyfile(const char *file, struct passwd *pw, int strict_modes) |
|
{ |
|
char line[1024]; |
|
struct stat st; |
|
int fd; |
|
FILE *f; |
|
|
|
/* |
|
* Open the file containing the authorized keys |
|
* Fail quietly if file does not exist |
|
*/ |
|
if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1) |
|
return NULL; |
|
|
|
if (fstat(fd, &st) < 0) { |
|
close(fd); |
|
return NULL; |
|
} |
|
if (!S_ISREG(st.st_mode)) { |
|
logit("User %s authorized keys %s is not a regular file", |
|
pw->pw_name, file); |
|
close(fd); |
|
return NULL; |
|
} |
|
unset_nonblock(fd); |
|
if ((f = fdopen(fd, "r")) == NULL) { |
|
close(fd); |
|
return NULL; |
|
} |
|
if (options.strict_modes && |
|
secure_filename(f, file, pw, line, sizeof(line)) != 0) { |
|
fclose(f); |
|
logit("Authentication refused: %s", line); |
|
return NULL; |
|
} |
|
|
|
return f; |
} |
} |
|
|
struct passwd * |
struct passwd * |