diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2001-09-23 13:53:22 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-09-23 13:53:22 +0000 |
commit | 7aff2613d95d0d4c272f5d22f6c22d08542d72b1 (patch) | |
tree | c60a86d4581304b023ff174ddc97c1ed3a098278 | |
parent | 15da033b34c007c22d37dca64a407049f9520aff (diff) |
- markus@cvs.openbsd.org 2001/09/23 11:09:13
[authfile.c]
relax permission check for private key files.
-rw-r--r-- | authfile.c | 17 |
1 files changed, 10 insertions, 7 deletions
@@ -36,7 +36,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfile.c,v 1.37 2001/06/23 15:12:17 itojun Exp $"); +RCSID("$OpenBSD: authfile.c,v 1.38 2001/09/23 11:09:13 markus Exp $"); #include <openssl/err.h> #include <openssl/evp.h> @@ -486,18 +486,21 @@ key_perm_ok(int fd, const char *filename) { struct stat st; - /* check owner and modes */ + if (fstat(fd, &st) < 0) + return 0; + /* + * if a key owned by the user is accessed, then we check the + * permissions of the file. if the key owned by a different user, + * then we don't care. + */ #ifdef HAVE_CYGWIN if (check_ntsec(filename)) #endif - if (fstat(fd, &st) < 0 || - (st.st_uid != 0 && getuid() != 0 && st.st_uid != getuid()) || - (st.st_mode & 077) != 0) { - close(fd); + if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) { error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @"); error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); - error("Bad ownership or mode(0%3.3o) for '%s'.", + error("Permissions 0%3.3o for '%s' are too open.", st.st_mode & 0777, filename); error("It is recommended that your private key files are NOT accessible by others."); error("This private key will be ignored."); |