| version 1.57, 2001/05/18 14:13:28 |
version 1.58, 2001/05/20 17:20:35 |
|
|
| int |
int |
| user_key_allowed(struct passwd *pw, Key *key) |
user_key_allowed(struct passwd *pw, Key *key) |
| { |
{ |
| char line[8192], file[MAXPATHLEN]; |
char line[8192], *file; |
| int found_key = 0; |
int found_key = 0; |
| FILE *f; |
FILE *f; |
| u_long linenum = 0; |
u_long linenum = 0; |
|
|
| temporarily_use_uid(pw); |
temporarily_use_uid(pw); |
| |
|
| /* The authorized keys. */ |
/* The authorized keys. */ |
| snprintf(file, sizeof file, "%.500s/%.100s", pw->pw_dir, |
file = authorized_keys_file2(pw); |
| _PATH_SSH_USER_PERMITTED_KEYS2); |
debug("trying public key file %s", file); |
| |
|
| /* Fail quietly if file does not exist */ |
/* Fail quietly if file does not exist */ |
| if (stat(file, &st) < 0) { |
if (stat(file, &st) < 0) { |
| /* Restore the privileged uid. */ |
/* Restore the privileged uid. */ |
| restore_uid(); |
restore_uid(); |
| |
xfree(file); |
| return 0; |
return 0; |
| } |
} |
| /* Open the file containing the authorized keys. */ |
/* Open the file containing the authorized keys. */ |
|
|
| if (!f) { |
if (!f) { |
| /* Restore the privileged uid. */ |
/* Restore the privileged uid. */ |
| restore_uid(); |
restore_uid(); |
| |
xfree(file); |
| return 0; |
return 0; |
| } |
} |
| if (options.strict_modes) { |
if (options.strict_modes && |
| int fail = 0; |
secure_filename(f, file, pw->pw_uid, line, sizeof(line)) != 0) { |
| char buf[1024]; |
xfree(file); |
| /* Check open file in order to avoid open/stat races */ |
fclose(f); |
| if (fstat(fileno(f), &st) < 0 || |
log("Authentication refused: %s", line); |
| (st.st_uid != 0 && st.st_uid != pw->pw_uid) || |
restore_uid(); |
| (st.st_mode & 022) != 0) { |
return 0; |
| snprintf(buf, sizeof buf, |
|
| "%s authentication refused for %.100s: " |
|
| "bad ownership or modes for '%s'.", |
|
| key_type(key), pw->pw_name, file); |
|
| fail = 1; |
|
| } else { |
|
| /* Check path to _PATH_SSH_USER_PERMITTED_KEYS */ |
|
| int i; |
|
| static const char *check[] = { |
|
| "", _PATH_SSH_USER_DIR, NULL |
|
| }; |
|
| for (i = 0; check[i]; i++) { |
|
| snprintf(line, sizeof line, "%.500s/%.100s", |
|
| pw->pw_dir, check[i]); |
|
| if (stat(line, &st) < 0 || |
|
| (st.st_uid != 0 && st.st_uid != pw->pw_uid) || |
|
| (st.st_mode & 022) != 0) { |
|
| snprintf(buf, sizeof buf, |
|
| "%s authentication refused for %.100s: " |
|
| "bad ownership or modes for '%s'.", |
|
| key_type(key), pw->pw_name, line); |
|
| fail = 1; |
|
| break; |
|
| } |
|
| } |
|
| } |
|
| if (fail) { |
|
| fclose(f); |
|
| log("%s", buf); |
|
| restore_uid(); |
|
| return 0; |
|
| } |
|
| } |
} |
| |
|
| found_key = 0; |
found_key = 0; |
| found = key_new(key->type); |
found = key_new(key->type); |
| |
|
|
|
| } |
} |
| restore_uid(); |
restore_uid(); |
| fclose(f); |
fclose(f); |
| |
xfree(file); |
| key_free(found); |
key_free(found); |
| if (!found_key) |
if (!found_key) |
| debug2("key not found"); |
debug2("key not found"); |
![[BACK]](/icons/back.gif){kind=icon}
Return to auth2.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh