Bugzilla – Attachment 1526 Details for
Bug 1348
Small code refinement to remove some duplication.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Update patch, without secure_filename relocation, update to -current.
openbsd-sshd-authorized_keys_dedupe.patch (text/plain), 4.80 KB, created by
Darren Tucker
on 2008-06-15 05:02:15 AEST
(
hide
)
Description:
Update patch, without secure_filename relocation, update to -current.
Filename:
MIME Type:
Creator:
Darren Tucker
Created:
2008-06-15 05:02:15 AEST
Size:
4.80 KB
patch
obsolete
>Index: auth-rsa.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/auth-rsa.c,v >retrieving revision 1.72 >diff -u -p -r1.72 auth-rsa.c >--- auth-rsa.c 6 Nov 2006 21:25:27 -0000 1.72 >+++ auth-rsa.c 14 Jun 2008 05:54:30 -0000 >@@ -170,7 +170,6 @@ auth_rsa_key_allowed(struct passwd *pw, > u_int bits; > FILE *f; > u_long linenum = 0; >- struct stat st; > Key *key; > > /* Temporarily use the user's uid. */ >@@ -179,27 +178,9 @@ auth_rsa_key_allowed(struct passwd *pw, > /* The authorized keys. */ > file = authorized_keys_file(pw); > debug("trying public RSA key file %s", file); >- >- /* Fail quietly if file does not exist */ >- if (stat(file, &st) < 0) { >- /* Restore the privileged uid. */ >- restore_uid(); >- xfree(file); >- return (0); >- } >- /* Open the file containing the authorized keys. */ >- f = fopen(file, "r"); >+ f = auth_openkeyfile(file, pw, options.strict_modes); > if (!f) { >- /* Restore the privileged uid. */ >- restore_uid(); >- xfree(file); >- return (0); >- } >- if (options.strict_modes && >- secure_filename(f, file, pw, line, sizeof(line)) != 0) { > xfree(file); >- fclose(f); >- logit("Authentication refused: %s", line); > restore_uid(); > return (0); > } >Index: auth.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/auth.c,v >retrieving revision 1.78 >diff -u -p -r1.78 auth.c >--- auth.c 21 Sep 2007 08:15:29 -0000 1.78 >+++ auth.c 14 Jun 2008 05:53:27 -0000 >@@ -28,6 +28,7 @@ > #include <sys/param.h> > > #include <errno.h> >+#include <fcntl.h> > #include <libgen.h> > #include <login_cap.h> > #include <paths.h> >@@ -319,7 +320,7 @@ check_key_in_hostfiles(struct passwd *pw > * > * Returns 0 on success and -1 on failure > */ >-int >+static int > secure_filename(FILE *f, const char *file, struct passwd *pw, > char *err, size_t errlen) > { >@@ -377,6 +378,46 @@ secure_filename(FILE *f, const char *fil > break; > } > return 0; >+} >+ >+FILE * >+auth_openkeyfile(const char *file, struct passwd *pw, int strict_modes) >+{ >+ char line[1024]; >+ struct stat st; >+ int fd; >+ FILE *f; >+ >+ /* >+ * Open the file containing the authorized keys >+ * Fail quietly if file does not exist >+ */ >+ if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1) >+ return NULL; >+ >+ if (fstat(fd, &st) < 0) { >+ close(fd); >+ return NULL; >+ } >+ if (!S_ISREG(st.st_mode)) { >+ logit("User %s authorized keys %s is not a regular file", >+ pw->pw_name, file); >+ close(fd); >+ return NULL; >+ } >+ unset_nonblock(fd); >+ if ((f = fdopen(fd, "r")) == NULL) { >+ close(fd); >+ return NULL; >+ } >+ if (options.strict_modes && >+ secure_filename(f, file, pw, line, sizeof(line)) != 0) { >+ fclose(f); >+ logit("Authentication refused: %s", line); >+ return NULL; >+ } >+ >+ return f; > } > > struct passwd * >Index: auth.h >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/auth.h,v >retrieving revision 1.60 >diff -u -p -r1.60 auth.h >--- auth.h 21 Sep 2007 08:15:29 -0000 1.60 >+++ auth.h 14 Jun 2008 05:53:43 -0000 >@@ -143,8 +143,7 @@ int verify_response(Authctxt *, const ch > char *authorized_keys_file(struct passwd *); > char *authorized_keys_file2(struct passwd *); > >-int >-secure_filename(FILE *, const char *, struct passwd *, char *, size_t); >+FILE *auth_openkeyfile(const char *, struct passwd *, int); > > HostStatus > check_key_in_hostfiles(struct passwd *, Key *, const char *, >Index: auth2-pubkey.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/auth2-pubkey.c,v >retrieving revision 1.17 >diff -u -p -r1.17 auth2-pubkey.c >--- auth2-pubkey.c 13 Jun 2008 14:18:51 -0000 1.17 >+++ auth2-pubkey.c 14 Jun 2008 05:53:59 -0000 >@@ -177,10 +177,9 @@ static int > user_key_allowed2(struct passwd *pw, Key *key, char *file) > { > char line[SSH_MAX_PUBKEY_BYTES]; >- int found_key = 0, fd; >+ int found_key = 0; > FILE *f; > u_long linenum = 0; >- struct stat st; > Key *found; > char *fp; > >@@ -188,37 +187,10 @@ user_key_allowed2(struct passwd *pw, Key > temporarily_use_uid(pw); > > debug("trying public key file %s", file); >+ f = auth_openkeyfile(file, pw, options.strict_modes); > >- /* >- * Open the file containing the authorized keys >- * Fail quietly if file does not exist >- */ >- if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1) { >- restore_uid(); >- return 0; >- } >- if (fstat(fd, &st) < 0) { >- close(fd); >- restore_uid(); >- return 0; >- } >- if (!S_ISREG(st.st_mode)) { >- logit("User %s authorized keys %s is not a regular file", >- pw->pw_name, file); >- close(fd); >- restore_uid(); >- return 0; >- } >- unset_nonblock(fd); >- if ((f = fdopen(fd, "r")) == NULL) { >- close(fd); >- restore_uid(); >- return 0; >- } >- if (options.strict_modes && >- secure_filename(f, file, pw, line, sizeof(line)) != 0) { >- fclose(f); >- logit("Authentication refused: %s", line); >+ if (!f) { >+ xfree(file); > restore_uid(); > return 0; > }
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1348
:
1334
| 1526