version 1.62, 2001/06/07 19:57:53 |
version 1.63, 2001/06/22 21:55:49 |
|
|
|
|
/* return 1 if user allows given key */ |
/* return 1 if user allows given key */ |
int |
int |
user_key_allowed(struct passwd *pw, Key *key) |
user_key_allowed2(struct passwd *pw, Key *key, char *file) |
{ |
{ |
char line[8192], *file; |
char line[8192]; |
int found_key = 0; |
int found_key = 0; |
FILE *f; |
FILE *f; |
u_long linenum = 0; |
u_long linenum = 0; |
|
|
/* Temporarily use the user's uid. */ |
/* Temporarily use the user's uid. */ |
temporarily_use_uid(pw); |
temporarily_use_uid(pw); |
|
|
/* The authorized keys. */ |
|
file = authorized_keys_file2(pw); |
|
debug("trying public key file %s", file); |
debug("trying public key file %s", file); |
|
|
/* Fail quietly if file does not exist */ |
/* Fail quietly if file does not exist */ |
if (stat(file, &st) < 0) { |
if (stat(file, &st) < 0) { |
/* Restore the privileged uid. */ |
/* Restore the privileged uid. */ |
restore_uid(); |
restore_uid(); |
xfree(file); |
|
return 0; |
return 0; |
} |
} |
/* Open the file containing the authorized keys. */ |
/* Open the file containing the authorized keys. */ |
|
|
if (!f) { |
if (!f) { |
/* Restore the privileged uid. */ |
/* Restore the privileged uid. */ |
restore_uid(); |
restore_uid(); |
xfree(file); |
|
return 0; |
return 0; |
} |
} |
if (options.strict_modes && |
if (options.strict_modes && |
secure_filename(f, file, pw->pw_uid, line, sizeof(line)) != 0) { |
secure_filename(f, file, pw->pw_uid, line, sizeof(line)) != 0) { |
xfree(file); |
|
fclose(f); |
fclose(f); |
log("Authentication refused: %s", line); |
log("Authentication refused: %s", line); |
restore_uid(); |
restore_uid(); |
|
|
} |
} |
restore_uid(); |
restore_uid(); |
fclose(f); |
fclose(f); |
xfree(file); |
|
key_free(found); |
key_free(found); |
if (!found_key) |
if (!found_key) |
debug2("key not found"); |
debug2("key not found"); |
return found_key; |
return found_key; |
|
} |
|
|
|
/* check whether given key is in .ssh/authorized_keys* */ |
|
int |
|
user_key_allowed(struct passwd *pw, Key *key) |
|
{ |
|
int success; |
|
char *file; |
|
|
|
file = authorized_keys_file(pw); |
|
success = user_key_allowed2(pw, key, file); |
|
xfree(file); |
|
if (success) |
|
return success; |
|
|
|
/* try suffix "2" for backward compat, too */ |
|
file = authorized_keys_file2(pw); |
|
success = user_key_allowed2(pw, key, file); |
|
xfree(file); |
|
return success; |
} |
} |
|
|
/* return 1 if given hostkey is allowed */ |
/* return 1 if given hostkey is allowed */ |