version 1.88, 2019/05/20 00:25:55 |
version 1.89, 2019/06/14 03:39:59 |
|
|
user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key, |
user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key, |
int auth_attempt, struct sshauthopt **authoptsp) |
int auth_attempt, struct sshauthopt **authoptsp) |
{ |
{ |
u_int success, i; |
u_int success = 0, i; |
char *file; |
char *file; |
struct sshauthopt *opts = NULL; |
struct sshauthopt *opts = NULL; |
|
|
if (authoptsp != NULL) |
if (authoptsp != NULL) |
*authoptsp = NULL; |
*authoptsp = NULL; |
|
|
|
|
auth_key_is_revoked(key->cert->signature_key)) |
auth_key_is_revoked(key->cert->signature_key)) |
return 0; |
return 0; |
|
|
|
for (i = 0; !success && i < options.num_authkeys_files; i++) { |
|
if (strcasecmp(options.authorized_keys_files[i], "none") == 0) |
|
continue; |
|
file = expand_authorized_keys( |
|
options.authorized_keys_files[i], pw); |
|
success = user_key_allowed2(ssh, pw, key, file, &opts); |
|
free(file); |
|
if (!success) { |
|
sshauthopt_free(opts); |
|
opts = NULL; |
|
} |
|
} |
|
if (success) |
|
goto out; |
|
|
if ((success = user_cert_trusted_ca(ssh, pw, key, &opts)) != 0) |
if ((success = user_cert_trusted_ca(ssh, pw, key, &opts)) != 0) |
goto out; |
goto out; |
sshauthopt_free(opts); |
sshauthopt_free(opts); |
|
|
goto out; |
goto out; |
sshauthopt_free(opts); |
sshauthopt_free(opts); |
opts = NULL; |
opts = NULL; |
|
|
for (i = 0; !success && i < options.num_authkeys_files; i++) { |
|
if (strcasecmp(options.authorized_keys_files[i], "none") == 0) |
|
continue; |
|
file = expand_authorized_keys( |
|
options.authorized_keys_files[i], pw); |
|
success = user_key_allowed2(ssh, pw, key, file, &opts); |
|
free(file); |
|
} |
|
|
|
out: |
out: |
if (success && authoptsp != NULL) { |
if (success && authoptsp != NULL) { |