Attachment #3028 for bug #2755

Lines 34-39 Link Here

(-)a/auth2-pubkey.c (-2 / +24 lines)
34	#ifdef HAVE_PATHS_H	34	#ifdef HAVE_PATHS_H
35	# include <paths.h>	35	# include <paths.h>
36	#endif	36	#endif
		37	#include <dirent.h>
37	#include <pwd.h>	38	#include <pwd.h>
38	#include <signal.h>	39	#include <signal.h>
39	#include <stdio.h>	40	#include <stdio.h>
Lines 1075-1082 user_key_command_allowed2(struct passwd user_pw, struct sshkey key) Link Here
1075	int	1076	int
1076	user_key_allowed(struct passwd pw, struct sshkey key, int auth_attempt)	1077	user_key_allowed(struct passwd pw, struct sshkey key, int auth_attempt)
1077	{	1078	{
		1079	struct stat st;
1078	u_int success, i;	1080	u_int success, i;
1079	char *file;	1081	int r;
		1082	char dfile[PATH_MAX], *file;
		1083	DIR *dirp;
		1084	struct dirent *dp;
1080		1085
1081	if (auth_key_is_revoked(key))	1086	if (auth_key_is_revoked(key))
1082	return 0;	1087	return 0;
Lines 1099-1105 user_key_allowed(struct passwd pw, struct sshkey key, int auth_attempt) Link Here
1099	file = expand_authorized_keys(	1104	file = expand_authorized_keys(
1100	options.authorized_keys_files[i], pw);	1105	options.authorized_keys_files[i], pw);
1101		1106
1102	success = user_key_allowed2(pw, key, file);	1107	if (stat(file, &st) == 0 && S_ISDIR(st.st_mode) &&
		1108	(dirp = opendir(file)) != NULL) {
		1109	while ((dp = readdir(dirp)) != NULL) {
		1110	if (dp->d_ino == 0)
		1111	continue;
		1112	if (!strcmp(dp->d_name, ".") \|\| !strcmp(dp->d_name, ".."))
		1113	continue;
		1114	r = snprintf(dfile, sizeof(dfile), "%s/%s", file, dp->d_name);
		1115	if (r <= 0 \|\| (size_t)r >= sizeof(dfile))
		1116	continue;
		1117	if ((success = user_key_allowed2(pw, key, dfile)))
		1118	break;
		1119	}
		1120	closedir(dirp);
		1121	} else {
		1122	success = user_key_allowed2(pw, key, file);
		1123	}
		1124
1103	free(file);	1125	free(file);
1104	}	1126	}
1105		1127

Lines 277-282 After expansion, Link Here

(-)a/sshd_config.5 (+1 lines)
277	is taken to be an absolute path or one relative to the user's home	277	is taken to be an absolute path or one relative to the user's home
278	directory.	278	directory.
279	Multiple files may be listed, separated by whitespace.	279	Multiple files may be listed, separated by whitespace.
		280	If a directory is specified, all files beneath it are included (non-recursively).
280	Alternately this option may be set to	281	Alternately this option may be set to
281	.Cm none	282	.Cm none
282	to skip checking for user keys in files.	283	to skip checking for user keys in files.

Return to bug 2755