Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / f96704d4ef4c55599d9999292abc1457e8153674^! / . / auth2.c
commitf96704d4ef4c55599d9999292abc1457e8153674[log] [tgz]
authorBen Lindstrom <mouring@eviladmin.org>Mon Jun 25 04:17:12 2001 +0000
committerBen Lindstrom <mouring@eviladmin.org>Mon Jun 25 04:17:12 2001 +0000
tree3e3e8a85ae03df6a26b425b607496bac0949e8c0
parentae1c51c208917198fd96f0aca209459f37001ea4 [diff] [blame]
   - markus@cvs.openbsd.org 2001/06/22 21:55:49
     [auth2.c auth-rsa.c pathnames.h ssh.1 sshd.8 sshd_config
      ssh-keygen.1]
     merge authorized_keys2 into authorized_keys.
     authorized_keys2 is used for backward compat.
     (just append authorized_keys2 to authorized_keys).

diff --git a/auth2.c b/auth2.c
index 554ca4c..1d635d6 100644
--- a/auth2.c
+++ b/auth2.c

@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.62 2001/06/07 19:57:53 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.63 2001/06/22 21:55:49 markus Exp $");
 
 #include <openssl/evp.h>
 
@@ -650,9 +650,9 @@
 
 /* return 1 if user allows given key */
 int
-user_key_allowed(struct passwd *pw, Key *key)
+user_key_allowed2(struct passwd *pw, Key *key, char *file)
 {
-	char line[8192], *file;
+	char line[8192];
 	int found_key = 0;
 	FILE *f;
 	u_long linenum = 0;
@@ -665,15 +665,12 @@
 	/* Temporarily use the user's uid. */
 	temporarily_use_uid(pw);
 
-	/* The authorized keys. */
-	file = authorized_keys_file2(pw);
 	debug("trying public key file %s", file);
 
 	/* Fail quietly if file does not exist */
 	if (stat(file, &st) < 0) {
 		/* Restore the privileged uid. */
 		restore_uid();
-		xfree(file);
 		return 0;
 	}
 	/* Open the file containing the authorized keys. */
@@ -681,12 +678,10 @@
 	if (!f) {
 		/* Restore the privileged uid. */
 		restore_uid();
-		xfree(file);
 		return 0;
 	}
 	if (options.strict_modes &&
 	    secure_filename(f, file, pw->pw_uid, line, sizeof(line)) != 0) {
-		xfree(file);
 		fclose(f);
 		log("Authentication refused: %s", line);
 		restore_uid();
@@ -735,13 +730,32 @@
 	}
 	restore_uid();
 	fclose(f);
-	xfree(file);
 	key_free(found);
 	if (!found_key)
 		debug2("key not found");
 	return found_key;
 }
 
+/* check whether given key is in .ssh/authorized_keys* */
+int
+user_key_allowed(struct passwd *pw, Key *key)
+{
+	int success;
+	char *file;
+
+	file = authorized_keys_file(pw);
+	success = user_key_allowed2(pw, key, file);
+	xfree(file);
+	if (success)
+		return success;
+
+	/* try suffix "2" for backward compat, too */
+	file = authorized_keys_file2(pw);
+	success = user_key_allowed2(pw, key, file);
+	xfree(file);
+	return success;
+}
+
 /* return 1 if given hostkey is allowed */
 int
 hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,