X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/b184239338f791a39b3c4cbd4b224ae2a78d7348..51529944e9ab39541ed61a8267e7a4e003b1e271:/auth2-pubkey.c

diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index 7962dcef..2886f127 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.13 2006/07/06 16:03:53 stevesk Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.19 2008/07/03 21:46:58 otto Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -28,23 +28,30 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 
+#include <fcntl.h>
 #include <pwd.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include <unistd.h>
 
+#include "xmalloc.h"
 #include "ssh.h"
 #include "ssh2.h"
-#include "xmalloc.h"
 #include "packet.h"
 #include "buffer.h"
 #include "log.h"
 #include "servconf.h"
 #include "compat.h"
-#include "bufaux.h"
-#include "auth.h"
 #include "key.h"
+#include "hostfile.h"
+#include "auth.h"
 #include "pathnames.h"
 #include "uidswap.h"
 #include "auth-options.h"
 #include "canohost.h"
+#ifdef GSSAPI
+#include "ssh-gss.h"
+#endif
 #include "monitor_wrap.h"
 #include "misc.h"
 
@@ -163,10 +170,6 @@ done:
 		key_free(key);
 	xfree(pkalg);
 	xfree(pkblob);
-#ifdef HAVE_CYGWIN
-	if (check_nt_auth(0, authctxt->pw) == 0)
-		authenticated = 0;
-#endif
 	return authenticated;
 }
 
@@ -178,7 +181,6 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file)
 	int found_key = 0;
 	FILE *f;
 	u_long linenum = 0;
-	struct stat st;
 	Key *found;
 	char *fp;
 
@@ -186,24 +188,9 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file)
 	temporarily_use_uid(pw);
 
 	debug("trying public key file %s", file);
+	f = auth_openkeyfile(file, pw, options.strict_modes);
 
-	/* Fail quietly if file does not exist */
-	if (stat(file, &st) < 0) {
-		/* Restore the privileged uid. */
-		restore_uid();
-		return 0;
-	}
-	/* Open the file containing the authorized keys. */
-	f = fopen(file, "r");
 	if (!f) {
-		/* Restore the privileged uid. */
-		restore_uid();
-		return 0;
-	}
-	if (options.strict_modes &&
-	    secure_filename(f, file, pw, line, sizeof(line)) != 0) {
-		fclose(f);
-		logit("Authentication refused: %s", line);
 		restore_uid();
 		return 0;
 	}