+/* $OpenBSD: auth2-pubkey.c,v 1.15 2006/08/03 03:34:41 deraadt Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
*/
#include "includes.h"
-RCSID("$OpenBSD: auth2-pubkey.c,v 1.2 2002/05/31 11:35:15 markus Exp $");
-#include "ssh2.h"
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#include <pwd.h>
+#include <stdio.h>
+#include <stdarg.h>
+
#include "xmalloc.h"
+#include "ssh.h"
+#include "ssh2.h"
#include "packet.h"
#include "buffer.h"
#include "log.h"
#include "servconf.h"
#include "compat.h"
-#include "bufaux.h"
-#include "auth.h"
#include "key.h"
+#include "hostfile.h"
+#include "auth.h"
#include "pathnames.h"
#include "uidswap.h"
#include "auth-options.h"
#include "canohost.h"
+#ifdef GSSAPI
+#include "ssh-gss.h"
+#endif
#include "monitor_wrap.h"
+#include "misc.h"
/* import */
extern ServerOptions options;
extern u_char *session_id2;
-extern int session_id2_len;
+extern u_int session_id2_len;
static int
userauth_pubkey(Authctxt *authctxt)
pktype = key_type_from_name(pkalg);
if (pktype == KEY_UNSPEC) {
/* this is perfectly legal */
- log("userauth_pubkey: unsupported public key algorithm: %s",
+ logit("userauth_pubkey: unsupported public key algorithm: %s",
pkalg);
goto done;
}
authenticated = 0;
if (PRIVSEP(user_key_allowed(authctxt->pw, key)) &&
PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b),
- buffer_len(&b))) == 1)
+ buffer_len(&b))) == 1)
authenticated = 1;
- buffer_clear(&b);
+ buffer_free(&b);
xfree(sig);
} else {
debug("test whether pkalg/pkblob are acceptable");
xfree(pkblob);
#ifdef HAVE_CYGWIN
if (check_nt_auth(0, authctxt->pw) == 0)
- return(0);
+ authenticated = 0;
#endif
return authenticated;
}
static int
user_key_allowed2(struct passwd *pw, Key *key, char *file)
{
- char line[8192];
+ char line[SSH_MAX_PUBKEY_BYTES];
int found_key = 0;
FILE *f;
u_long linenum = 0;
Key *found;
char *fp;
- if (pw == NULL)
- return 0;
-
/* Temporarily use the user's uid. */
temporarily_use_uid(pw);
if (options.strict_modes &&
secure_filename(f, file, pw, line, sizeof(line)) != 0) {
fclose(f);
- log("Authentication refused: %s", line);
+ logit("Authentication refused: %s", line);
restore_uid();
return 0;
}
found_key = 0;
found = key_new(key->type);
- while (fgets(line, sizeof(line), f)) {
- char *cp, *options = NULL;
- linenum++;
+ while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
+ char *cp, *key_options = NULL;
+
/* Skip leading whitespace, empty and comment lines. */
for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
;
/* no key? check if there are options for this key */
int quoted = 0;
debug2("user_key_allowed: check options: '%s'", cp);
- options = cp;
+ key_options = cp;
for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
if (*cp == '\\' && cp[1] == '"')
cp++; /* Skip both */
}
}
if (key_equal(found, key) &&
- auth_parse_options(pw, options, file, linenum) == 1) {
+ auth_parse_options(pw, key_options, file, linenum) == 1) {
found_key = 1;
debug("matching key found: file %s, line %lu",
file, linenum);