diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2022-06-03 06:47:21 +0200 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2022-06-03 06:49:18 +0200 |
| commit | acb2059febaddd71ee06c2ebf63dcf211d9ab9f2 (patch) | |
| tree | 91cce7cbed62b4f0ddc3abfc48864d6b0b0b10df | |
| parent | upstream: test setenv in both client and server, test first-match-wins (diff) | |
| download | openssh-acb2059febaddd71ee06c2ebf63dcf211d9ab9f2.tar.xz openssh-acb2059febaddd71ee06c2ebf63dcf211d9ab9f2.zip | |
upstream: move auth_openprincipals() and auth_openkeyfile() over to
auth2-pubkeyfile.c too; they make more sense there.
OpenBSD-Commit-ID: 9970d99f900e1117fdaab13e9e910a621b7c60ee
| -rw-r--r-- | auth.c | 58 | ||||
| -rw-r--r-- | auth.h | 6 | ||||
| -rw-r--r-- | auth2-pubkeyfile.c | 57 |
3 files changed, 60 insertions, 61 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.157 2022/05/27 05:02:46 djm Exp $ */ +/* $OpenBSD: auth.c,v 1.158 2022/06/03 04:47:21 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -460,62 +460,6 @@ check_key_in_hostfiles(struct passwd *pw, struct sshkey *key, const char *host, return host_status; } -static FILE * -auth_openfile(const char *file, struct passwd *pw, int strict_modes, - int log_missing, char *file_type) -{ - char line[1024]; - struct stat st; - int fd; - FILE *f; - - if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1) { - if (log_missing || errno != ENOENT) - debug("Could not open %s '%s': %s", file_type, file, - strerror(errno)); - return NULL; - } - - if (fstat(fd, &st) == -1) { - close(fd); - return NULL; - } - if (!S_ISREG(st.st_mode)) { - logit("User %s %s %s is not a regular file", - pw->pw_name, file_type, file); - close(fd); - return NULL; - } - unset_nonblock(fd); - if ((f = fdopen(fd, "r")) == NULL) { - close(fd); - return NULL; - } - if (strict_modes && - safe_path_fd(fileno(f), file, pw, line, sizeof(line)) != 0) { - fclose(f); - logit("Authentication refused: %s", line); - auth_debug_add("Ignored %s: %s", file_type, line); - return NULL; - } - - return f; -} - - -FILE * -auth_openkeyfile(const char *file, struct passwd *pw, int strict_modes) -{ - return auth_openfile(file, pw, strict_modes, 1, "authorized keys"); -} - -FILE * -auth_openprincipals(const char *file, struct passwd *pw, int strict_modes) -{ - return auth_openfile(file, pw, strict_modes, 0, - "authorized principals"); -} - struct passwd * getpwnamallow(struct ssh *ssh, const char *user) { @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.h,v 1.104 2022/05/27 05:02:46 djm Exp $ */ +/* $OpenBSD: auth.h,v 1.105 2022/06/03 04:47:21 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -193,8 +193,6 @@ struct passwd * getpwnamallow(struct ssh *, const char *user); char *expand_authorized_keys(const char *, struct passwd *pw); char *authorized_principals_file(struct passwd *); -FILE *auth_openkeyfile(const char *, struct passwd *, int); -FILE *auth_openprincipals(const char *, struct passwd *, int); int auth_key_is_revoked(struct sshkey *); const char *auth_get_canonical_hostname(struct ssh *, int); @@ -237,6 +235,8 @@ int auth_check_authkey_line(struct passwd *, struct sshkey *, char *, const char *, const char *, const char *, struct sshauthopt **); int auth_check_authkeys_file(struct passwd *, FILE *, char *, struct sshkey *, const char *, const char *, struct sshauthopt **); +FILE *auth_openkeyfile(const char *, struct passwd *, int); +FILE *auth_openprincipals(const char *, struct passwd *, int); int sys_auth_passwd(struct ssh *, const char *); diff --git a/auth2-pubkeyfile.c b/auth2-pubkeyfile.c index a304d0953..911f01baf 100644 --- a/auth2-pubkeyfile.c +++ b/auth2-pubkeyfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkeyfile.c,v 1.1 2022/05/27 05:02:46 djm Exp $ */ +/* $OpenBSD: auth2-pubkeyfile.c,v 1.2 2022/06/03 04:47:21 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -439,4 +439,59 @@ auth_check_authkeys_file(struct passwd *pw, FILE *f, char *file, return found_key; } +static FILE * +auth_openfile(const char *file, struct passwd *pw, int strict_modes, + int log_missing, char *file_type) +{ + char line[1024]; + struct stat st; + int fd; + FILE *f; + + if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1) { + if (log_missing || errno != ENOENT) + debug("Could not open %s '%s': %s", file_type, file, + strerror(errno)); + return NULL; + } + + if (fstat(fd, &st) == -1) { + close(fd); + return NULL; + } + if (!S_ISREG(st.st_mode)) { + logit("User %s %s %s is not a regular file", + pw->pw_name, file_type, file); + close(fd); + return NULL; + } + unset_nonblock(fd); + if ((f = fdopen(fd, "r")) == NULL) { + close(fd); + return NULL; + } + if (strict_modes && + safe_path_fd(fileno(f), file, pw, line, sizeof(line)) != 0) { + fclose(f); + logit("Authentication refused: %s", line); + auth_debug_add("Ignored %s: %s", file_type, line); + return NULL; + } + + return f; +} + + +FILE * +auth_openkeyfile(const char *file, struct passwd *pw, int strict_modes) +{ + return auth_openfile(file, pw, strict_modes, 1, "authorized keys"); +} + +FILE * +auth_openprincipals(const char *file, struct passwd *pw, int strict_modes) +{ + return auth_openfile(file, pw, strict_modes, 0, + "authorized principals"); +} |