version 1.6, 2004/01/19 21:25:15 |
version 1.6.2.2, 2005/03/10 17:15:04 |
|
|
#include "includes.h" |
#include "includes.h" |
RCSID("$OpenBSD$"); |
RCSID("$OpenBSD$"); |
|
|
|
#include "ssh.h" |
#include "ssh2.h" |
#include "ssh2.h" |
#include "xmalloc.h" |
#include "xmalloc.h" |
#include "packet.h" |
#include "packet.h" |
|
|
#include "auth-options.h" |
#include "auth-options.h" |
#include "canohost.h" |
#include "canohost.h" |
#include "monitor_wrap.h" |
#include "monitor_wrap.h" |
|
#include "misc.h" |
|
|
/* import */ |
/* import */ |
extern ServerOptions options; |
extern ServerOptions options; |
|
|
static int |
static int |
user_key_allowed2(struct passwd *pw, Key *key, char *file) |
user_key_allowed2(struct passwd *pw, Key *key, char *file) |
{ |
{ |
char line[8192]; |
char line[SSH_MAX_PUBKEY_BYTES]; |
int found_key = 0; |
int found_key = 0; |
FILE *f; |
FILE *f; |
u_long linenum = 0; |
u_long linenum = 0; |
|
|
found_key = 0; |
found_key = 0; |
found = key_new(key->type); |
found = key_new(key->type); |
|
|
while (fgets(line, sizeof(line), f)) { |
while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { |
char *cp, *options = NULL; |
char *cp, *key_options = NULL; |
linenum++; |
|
/* Skip leading whitespace, empty and comment lines. */ |
/* Skip leading whitespace, empty and comment lines. */ |
for (cp = line; *cp == ' ' || *cp == '\t'; cp++) |
for (cp = line; *cp == ' ' || *cp == '\t'; cp++) |
; |
; |
|
|
/* no key? check if there are options for this key */ |
/* no key? check if there are options for this key */ |
int quoted = 0; |
int quoted = 0; |
debug2("user_key_allowed: check options: '%s'", cp); |
debug2("user_key_allowed: check options: '%s'", cp); |
options = cp; |
key_options = cp; |
for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) { |
for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) { |
if (*cp == '\\' && cp[1] == '"') |
if (*cp == '\\' && cp[1] == '"') |
cp++; /* Skip both */ |
cp++; /* Skip both */ |
|
|
} |
} |
} |
} |
if (key_equal(found, key) && |
if (key_equal(found, key) && |
auth_parse_options(pw, options, file, linenum) == 1) { |
auth_parse_options(pw, key_options, file, linenum) == 1) { |
found_key = 1; |
found_key = 1; |
debug("matching key found: file %s, line %lu", |
debug("matching key found: file %s, line %lu", |
file, linenum); |
file, linenum); |