diff options
| author | des <des@FreeBSD.org> | 2011-05-04 07:34:44 +0000 |
|---|---|---|
| committer | des <des@FreeBSD.org> | 2011-05-04 07:34:44 +0000 |
| commit | ee2afa8165baec284a83500803978f8a0e645ccd (patch) | |
| tree | a745d3c673d44775cc175961e80d2246eb00e0df /crypto/openssh/auth.c | |
| parent | d035dd6f462a261f9b99bfa8545a924b314e1bb5 (diff) | |
| parent | 1824cfda46b3f11c1c3c4071e80b73ca91553149 (diff) | |
| download | FreeBSD-src-ee2afa8165baec284a83500803978f8a0e645ccd.zip FreeBSD-src-ee2afa8165baec284a83500803978f8a0e645ccd.tar.gz | |
Upgrade to OpenSSH 5.8p2.
Diffstat (limited to 'crypto/openssh/auth.c')
| -rw-r--r-- | crypto/openssh/auth.c | 32 |
1 files changed, 19 insertions, 13 deletions
diff --git a/crypto/openssh/auth.c b/crypto/openssh/auth.c index c50db1e..23c39e5 100644 --- a/crypto/openssh/auth.c +++ b/crypto/openssh/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.89 2010/08/04 05:42:47 djm Exp $ */ +/* $OpenBSD: auth.c,v 1.91 2010/11/29 23:45:51 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -380,16 +380,15 @@ HostStatus check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, const char *sysfile, const char *userfile) { - Key *found; char *user_hostfile; struct stat st; HostStatus host_status; + struct hostkeys *hostkeys; + const struct hostkey_entry *found; - /* Check if we know the host and its host key. */ - found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); - host_status = check_host_in_hostfile(sysfile, host, key, found, NULL); - - if (host_status != HOST_OK && userfile != NULL) { + hostkeys = init_hostkeys(); + load_hostkeys(hostkeys, host, sysfile); + if (userfile != NULL) { user_hostfile = tilde_expand_filename(userfile, pw->pw_uid); if (options.strict_modes && (stat(user_hostfile, &st) == 0) && @@ -402,16 +401,23 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, user_hostfile); } else { temporarily_use_uid(pw); - host_status = check_host_in_hostfile(user_hostfile, - host, key, found, NULL); + load_hostkeys(hostkeys, host, user_hostfile); restore_uid(); } xfree(user_hostfile); } - key_free(found); + host_status = check_key_in_hostkeys(hostkeys, key, &found); + if (host_status == HOST_REVOKED) + error("WARNING: revoked key for %s attempted authentication", + found->host); + else if (host_status == HOST_OK) + debug("%s: key for %s found at %s:%ld", __func__, + found->host, found->file, found->line); + else + debug("%s: key for host %s not found", __func__, host); + + free_hostkeys(hostkeys); - debug2("check_key_in_hostfiles: key %s for %s", host_status == HOST_OK ? - "ok" : "not found", host); return host_status; } @@ -519,7 +525,7 @@ auth_openfile(const char *file, struct passwd *pw, int strict_modes, close(fd); return NULL; } - if (options.strict_modes && + if (strict_modes && secure_filename(f, file, pw, line, sizeof(line)) != 0) { fclose(f); logit("Authentication refused: %s", line); |
