Attachment #1526 for bug #1348




	u_int bits;
	FILE *f;
	u_long linenum = 0;
	struct stat st;
	Key *key;

	/* Temporarily use the user's uid. */

	/* The authorized keys. */
	file = authorized_keys_file(pw);
	debug("trying public RSA key file %s", file);
	f = auth_openkeyfile(file, pw, options.strict_modes);
	/* Fail quietly if file does not exist */
	if (stat(file, &st) < 0) {
		/* Restore the privileged uid. */
		restore_uid();
		xfree(file);
		return (0);
	}
	/* Open the file containing the authorized keys. */
	f = fopen(file, "r");
	if (!f) {
		/* Restore the privileged uid. */
		restore_uid();
		xfree(file);
		return (0);
	}
	if (options.strict_modes &&
	    secure_filename(f, file, pw, line, sizeof(line)) != 0) {
		xfree(file);
		fclose(f);
		logit("Authentication refused: %s", line);
		restore_uid();
		return (0);
	}




#include <sys/param.h>

#include <errno.h>
#include <fcntl.h>
#include <libgen.h>
#include <login_cap.h>
#include <paths.h>

 *
 * Returns 0 on success and -1 on failure
 */
static int
secure_filename(FILE *f, const char *file, struct passwd *pw,
    char *err, size_t errlen)
{

			break;
	}
	return 0;
}

FILE *
auth_openkeyfile(const char *file, struct passwd *pw, int strict_modes)
{
	char line[1024];
	struct stat st;
	int fd;
	FILE *f;

	/*
	 * Open the file containing the authorized keys
	 * Fail quietly if file does not exist
	 */
	if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1)
		return NULL;

	if (fstat(fd, &st) < 0) {
		close(fd);
		return NULL;
	}
	if (!S_ISREG(st.st_mode)) {
		logit("User %s authorized keys %s is not a regular file",
		    pw->pw_name, file);
		close(fd);
		return NULL;
	}
	unset_nonblock(fd);
	if ((f = fdopen(fd, "r")) == NULL) {
		close(fd);
		return NULL;
	}
	if (options.strict_modes &&
	    secure_filename(f, file, pw, line, sizeof(line)) != 0) {
		fclose(f);
		logit("Authentication refused: %s", line);
		return NULL;
	}

	return f;
}

struct passwd *

Lines 143-150 int verify_response(Authctxt *, const ch Link Here

(-)auth.h (-2 / +1 lines)
143	char authorized_keys_file(struct passwd );	143	char authorized_keys_file(struct passwd );
144	char authorized_keys_file2(struct passwd );	144	char authorized_keys_file2(struct passwd );
145		145
146	int	146	FILE auth_openkeyfile(const char , struct passwd *, int);
147	secure_filename(FILE , const char , struct passwd , char , size_t);
148		147
149	HostStatus	148	HostStatus
150	check_key_in_hostfiles(struct passwd , Key , const char *,	149	check_key_in_hostfiles(struct passwd , Key , const char *,




user_key_allowed2(struct passwd *pw, Key *key, char *file)
{
	char line[SSH_MAX_PUBKEY_BYTES];
	int found_key = 0;
	FILE *f;
	u_long linenum = 0;
	struct stat st;
	Key *found;
	char *fp;


	temporarily_use_uid(pw);

	debug("trying public key file %s", file);
	f = auth_openkeyfile(file, pw, options.strict_modes);

	if (!f) {
		xfree(file);
	 * Fail quietly if file does not exist
	 */
	if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1) {
		restore_uid();
		return 0;
	}
	if (fstat(fd, &st) < 0) {
		close(fd);
		restore_uid();
		return 0;
	}
	if (!S_ISREG(st.st_mode)) {
		logit("User %s authorized keys %s is not a regular file",
		    pw->pw_name, file);
		close(fd);
		restore_uid();
		return 0;
	}
	unset_nonblock(fd);
	if ((f = fdopen(fd, "r")) == NULL) {
		close(fd);
		restore_uid();
		return 0;
	}
	if (options.strict_modes &&
	    secure_filename(f, file, pw, line, sizeof(line)) != 0) {
		fclose(f);
		logit("Authentication refused: %s", line);
		restore_uid();
		return 0;
	}

Return to bug 1348

Lines 170-176 auth_rsa_key_allowed(struct passwd *pw, Link Here

(-)auth-rsa.c (-20 / +1 lines)
170	u_int bits;	170	u_int bits;
171	FILE *f;	171	FILE *f;
172	u_long linenum = 0;	172	u_long linenum = 0;
173	struct stat st;
174	Key *key;	173	Key *key;
175		174
176	/* Temporarily use the user's uid. */	175	/* Temporarily use the user's uid. */
Lines 179-205 auth_rsa_key_allowed(struct passwd *pw, Link Here
179	/* The authorized keys. */	178	/* The authorized keys. */
180	file = authorized_keys_file(pw);	179	file = authorized_keys_file(pw);
181	debug("trying public RSA key file %s", file);	180	debug("trying public RSA key file %s", file);
182		181	f = auth_openkeyfile(file, pw, options.strict_modes);
183	/* Fail quietly if file does not exist */
184	if (stat(file, &st) < 0) {
185	/* Restore the privileged uid. */
186	restore_uid();
187	xfree(file);
188	return (0);
189	}
190	/* Open the file containing the authorized keys. */
191	f = fopen(file, "r");
192	if (!f) {	182	if (!f) {
193	/* Restore the privileged uid. */
194	restore_uid();
195	xfree(file);
196	return (0);
197	}
198	if (options.strict_modes &&
199	secure_filename(f, file, pw, line, sizeof(line)) != 0) {
200	xfree(file);	183	xfree(file);
201	fclose(f);
202	logit("Authentication refused: %s", line);
203	restore_uid();	184	restore_uid();
204	return (0);	185	return (0);
205	}	186	}

Lines 28-33 Link Here

(-)auth.c (-1 / +42 lines)
28	#include <sys/param.h>	28	#include <sys/param.h>
29		29
30	#include <errno.h>	30	#include <errno.h>
		31	#include <fcntl.h>
31	#include <libgen.h>	32	#include <libgen.h>
32	#include <login_cap.h>	33	#include <login_cap.h>
33	#include <paths.h>	34	#include <paths.h>
Lines 319-325 check_key_in_hostfiles(struct passwd *pw Link Here
319	*	320	*
320	* Returns 0 on success and -1 on failure	321	* Returns 0 on success and -1 on failure
321	*/	322	*/
322	int	323	static int
323	secure_filename(FILE f, const char file, struct passwd *pw,	324	secure_filename(FILE f, const char file, struct passwd *pw,
324	char *err, size_t errlen)	325	char *err, size_t errlen)
325	{	326	{
Lines 377-382 secure_filename(FILE f, const char fil Link Here
377	break;	378	break;
378	}	379	}
379	return 0;	380	return 0;
		381	}
		382
		383	FILE *
		384	auth_openkeyfile(const char file, struct passwd pw, int strict_modes)
		385	{
		386	char line[1024];
		387	struct stat st;
		388	int fd;
		389	FILE *f;
		390
		391	/*
		392	* Open the file containing the authorized keys
		393	* Fail quietly if file does not exist
		394	*/
		395	if ((fd = open(file, O_RDONLY\|O_NONBLOCK)) == -1)
		396	return NULL;
		397
		398	if (fstat(fd, &st) < 0) {
		399	close(fd);
		400	return NULL;
		401	}
		402	if (!S_ISREG(st.st_mode)) {
		403	logit("User %s authorized keys %s is not a regular file",
		404	pw->pw_name, file);
		405	close(fd);
		406	return NULL;
		407	}
		408	unset_nonblock(fd);
		409	if ((f = fdopen(fd, "r")) == NULL) {
		410	close(fd);
		411	return NULL;
		412	}
		413	if (options.strict_modes &&
		414	secure_filename(f, file, pw, line, sizeof(line)) != 0) {
		415	fclose(f);
		416	logit("Authentication refused: %s", line);
		417	return NULL;
		418	}
		419
		420	return f;
380	}	421	}
381		422
382	struct passwd *	423	struct passwd *

Lines 177-186 static int Link Here

(-)auth2-pubkey.c (-32 / +4 lines)
177	user_key_allowed2(struct passwd pw, Key key, char *file)	177	user_key_allowed2(struct passwd pw, Key key, char *file)
178	{	178	{
179	char line[SSH_MAX_PUBKEY_BYTES];	179	char line[SSH_MAX_PUBKEY_BYTES];
180	int found_key = 0, fd;	180	int found_key = 0;
181	FILE *f;	181	FILE *f;
182	u_long linenum = 0;	182	u_long linenum = 0;
183	struct stat st;
184	Key *found;	183	Key *found;
185	char *fp;	184	char *fp;
186		185
Lines 188-224 user_key_allowed2(struct passwd *pw, Key Link Here
188	temporarily_use_uid(pw);	187	temporarily_use_uid(pw);
189		188
190	debug("trying public key file %s", file);	189	debug("trying public key file %s", file);
		190	f = auth_openkeyfile(file, pw, options.strict_modes);
191		191
192	/*	192	if (!f) {
193	* Open the file containing the authorized keys	193	xfree(file);
194	* Fail quietly if file does not exist
195	*/
196	if ((fd = open(file, O_RDONLY\|O_NONBLOCK)) == -1) {
197	restore_uid();
198	return 0;
199	}
200	if (fstat(fd, &st) < 0) {
201	close(fd);
202	restore_uid();
203	return 0;
204	}
205	if (!S_ISREG(st.st_mode)) {
206	logit("User %s authorized keys %s is not a regular file",
207	pw->pw_name, file);
208	close(fd);
209	restore_uid();
210	return 0;
211	}
212	unset_nonblock(fd);
213	if ((f = fdopen(fd, "r")) == NULL) {
214	close(fd);
215	restore_uid();
216	return 0;
217	}
218	if (options.strict_modes &&
219	secure_filename(f, file, pw, line, sizeof(line)) != 0) {
220	fclose(f);
221	logit("Authentication refused: %s", line);
222	restore_uid();	194	restore_uid();
223	return 0;	195	return 0;
224	}	196	}