diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2001-06-25 04:17:12 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-06-25 04:17:12 +0000 |
commit | f96704d4ef4c55599d9999292abc1457e8153674 (patch) | |
tree | 3e3e8a85ae03df6a26b425b607496bac0949e8c0 /auth2.c | |
parent | ae1c51c208917198fd96f0aca209459f37001ea4 (diff) |
- markus@cvs.openbsd.org 2001/06/22 21:55:49
[auth2.c auth-rsa.c pathnames.h ssh.1 sshd.8 sshd_config
ssh-keygen.1]
merge authorized_keys2 into authorized_keys.
authorized_keys2 is used for backward compat.
(just append authorized_keys2 to authorized_keys).
Diffstat (limited to 'auth2.c')
-rw-r--r-- | auth2.c | 32 |
1 files changed, 23 insertions, 9 deletions
@@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2.c,v 1.62 2001/06/07 19:57:53 markus Exp $"); +RCSID("$OpenBSD: auth2.c,v 1.63 2001/06/22 21:55:49 markus Exp $"); #include <openssl/evp.h> @@ -650,9 +650,9 @@ authmethod_lookup(const char *name) /* return 1 if user allows given key */ int -user_key_allowed(struct passwd *pw, Key *key) +user_key_allowed2(struct passwd *pw, Key *key, char *file) { - char line[8192], *file; + char line[8192]; int found_key = 0; FILE *f; u_long linenum = 0; @@ -665,15 +665,12 @@ user_key_allowed(struct passwd *pw, Key *key) /* Temporarily use the user's uid. */ temporarily_use_uid(pw); - /* The authorized keys. */ - file = authorized_keys_file2(pw); debug("trying public key file %s", file); /* Fail quietly if file does not exist */ if (stat(file, &st) < 0) { /* Restore the privileged uid. */ restore_uid(); - xfree(file); return 0; } /* Open the file containing the authorized keys. */ @@ -681,12 +678,10 @@ user_key_allowed(struct passwd *pw, Key *key) if (!f) { /* Restore the privileged uid. */ restore_uid(); - xfree(file); return 0; } if (options.strict_modes && secure_filename(f, file, pw->pw_uid, line, sizeof(line)) != 0) { - xfree(file); fclose(f); log("Authentication refused: %s", line); restore_uid(); @@ -735,13 +730,32 @@ user_key_allowed(struct passwd *pw, Key *key) } restore_uid(); fclose(f); - xfree(file); key_free(found); if (!found_key) debug2("key not found"); return found_key; } +/* check whether given key is in .ssh/authorized_keys* */ +int +user_key_allowed(struct passwd *pw, Key *key) +{ + int success; + char *file; + + file = authorized_keys_file(pw); + success = user_key_allowed2(pw, key, file); + xfree(file); + if (success) + return success; + + /* try suffix "2" for backward compat, too */ + file = authorized_keys_file2(pw); + success = user_key_allowed2(pw, key, file); + xfree(file); + return success; +} + /* return 1 if given hostkey is allowed */ int hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, |