X-Git-Url: http://andersk.mit.edu/gitweb/gssapi-openssh.git/blobdiff_plain/7cac2b656d969b64094f20b40ddcaca5ac1ca924..86a22a0a7eda4bbef1e9d7157145cf6b7f42f1a1:/openssh/auth2-pubkey.c

diff --git a/openssh/auth2-pubkey.c b/openssh/auth2-pubkey.c
index d51e939..9863cd9 100644
--- a/openssh/auth2-pubkey.c
+++ b/openssh/auth2-pubkey.c
@@ -1,3 +1,4 @@
+/* $OpenBSD: auth2-pubkey.c,v 1.15 2006/08/03 03:34:41 deraadt Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -23,23 +24,34 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth2-pubkey.c,v 1.4 2003/06/24 08:23:46 markus Exp $");
 
-#include "ssh2.h"
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#include <pwd.h>
+#include <stdio.h>
+#include <stdarg.h>
+
 #include "xmalloc.h"
+#include "ssh.h"
+#include "ssh2.h"
 #include "packet.h"
 #include "buffer.h"
 #include "log.h"
 #include "servconf.h"
 #include "compat.h"
-#include "bufaux.h"
-#include "auth.h"
 #include "key.h"
+#include "hostfile.h"
+#include "auth.h"
 #include "pathnames.h"
 #include "uidswap.h"
 #include "auth-options.h"
 #include "canohost.h"
+#ifdef GSSAPI
+#include "ssh-gss.h"
+#endif
 #include "monitor_wrap.h"
+#include "misc.h"
 
 /* import */
 extern ServerOptions options;
@@ -123,9 +135,9 @@ userauth_pubkey(Authctxt *authctxt)
 		authenticated = 0;
 		if (PRIVSEP(user_key_allowed(authctxt->pw, key)) &&
 		    PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b),
-				buffer_len(&b))) == 1)
+		    buffer_len(&b))) == 1)
 			authenticated = 1;
-		buffer_clear(&b);
+		buffer_free(&b);
 		xfree(sig);
 	} else {
 		debug("test whether pkalg/pkblob are acceptable");
@@ -158,7 +170,7 @@ done:
 	xfree(pkblob);
 #ifdef HAVE_CYGWIN
 	if (check_nt_auth(0, authctxt->pw) == 0)
-		return(0);
+		authenticated = 0;
 #endif
 	return authenticated;
 }
@@ -167,7 +179,7 @@ done:
 static int
 user_key_allowed2(struct passwd *pw, Key *key, char *file)
 {
-	char line[8192];
+	char line[SSH_MAX_PUBKEY_BYTES];
 	int found_key = 0;
 	FILE *f;
 	u_long linenum = 0;
@@ -175,9 +187,6 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file)
 	Key *found;
 	char *fp;
 
-	if (pw == NULL)
-		return 0;
-
 	/* Temporarily use the user's uid. */
 	temporarily_use_uid(pw);
 
@@ -207,9 +216,9 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file)
 	found_key = 0;
 	found = key_new(key->type);
 
-	while (fgets(line, sizeof(line), f)) {
-		char *cp, *options = NULL;
-		linenum++;
+	while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
+		char *cp, *key_options = NULL;
+
 		/* Skip leading whitespace, empty and comment lines. */
 		for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
 			;
@@ -220,7 +229,7 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file)
 			/* no key?  check if there are options for this key */
 			int quoted = 0;
 			debug2("user_key_allowed: check options: '%s'", cp);
-			options = cp;
+			key_options = cp;
 			for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
 				if (*cp == '\\' && cp[1] == '"')
 					cp++;	/* Skip both */
@@ -237,7 +246,7 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file)
 			}
 		}
 		if (key_equal(found, key) &&
-		    auth_parse_options(pw, options, file, linenum) == 1) {
+		    auth_parse_options(pw, key_options, file, linenum) == 1) {
 			found_key = 1;
 			debug("matching key found: file %s, line %lu",
 			    file, linenum);