summaryrefslogtreecommitdiffstats
path: root/crypto/openssh/auth.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/openssh/auth.c')
-rw-r--r--crypto/openssh/auth.c32
1 files changed, 19 insertions, 13 deletions
diff --git a/crypto/openssh/auth.c b/crypto/openssh/auth.c
index c50db1e..23c39e5 100644
--- a/crypto/openssh/auth.c
+++ b/crypto/openssh/auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.89 2010/08/04 05:42:47 djm Exp $ */
+/* $OpenBSD: auth.c,v 1.91 2010/11/29 23:45:51 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -380,16 +380,15 @@ HostStatus
check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,
const char *sysfile, const char *userfile)
{
- Key *found;
char *user_hostfile;
struct stat st;
HostStatus host_status;
+ struct hostkeys *hostkeys;
+ const struct hostkey_entry *found;
- /* Check if we know the host and its host key. */
- found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type);
- host_status = check_host_in_hostfile(sysfile, host, key, found, NULL);
-
- if (host_status != HOST_OK && userfile != NULL) {
+ hostkeys = init_hostkeys();
+ load_hostkeys(hostkeys, host, sysfile);
+ if (userfile != NULL) {
user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);
if (options.strict_modes &&
(stat(user_hostfile, &st) == 0) &&
@@ -402,16 +401,23 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,
user_hostfile);
} else {
temporarily_use_uid(pw);
- host_status = check_host_in_hostfile(user_hostfile,
- host, key, found, NULL);
+ load_hostkeys(hostkeys, host, user_hostfile);
restore_uid();
}
xfree(user_hostfile);
}
- key_free(found);
+ host_status = check_key_in_hostkeys(hostkeys, key, &found);
+ if (host_status == HOST_REVOKED)
+ error("WARNING: revoked key for %s attempted authentication",
+ found->host);
+ else if (host_status == HOST_OK)
+ debug("%s: key for %s found at %s:%ld", __func__,
+ found->host, found->file, found->line);
+ else
+ debug("%s: key for host %s not found", __func__, host);
+
+ free_hostkeys(hostkeys);
- debug2("check_key_in_hostfiles: key %s for %s", host_status == HOST_OK ?
- "ok" : "not found", host);
return host_status;
}
@@ -519,7 +525,7 @@ auth_openfile(const char *file, struct passwd *pw, int strict_modes,
close(fd);
return NULL;
}
- if (options.strict_modes &&
+ if (strict_modes &&
secure_filename(f, file, pw, line, sizeof(line)) != 0) {
fclose(f);
logit("Authentication refused: %s", line);
OpenPOWER on IntegriCloud