Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Go back to rev-1.5. This is better than what was there before, but I am

Browse Source 
still uncertain about the proper way to dealing what keys to accept.
This commit is contained in:
christos 2005-03-14 05:45:48 +00:00
parent 56cc440468
commit 041bcdce98
1 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
lib/libpam/modules/pam_ssh/pam_ssh.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: pam_ssh.c,v 1.6 2005/03/14 05:40:35 christos Exp $ */
/* $NetBSD: pam_ssh.c,v 1.7 2005/03/14 05:45:48 christos Exp $ */
/*-
* Copyright (c) 2003 Networks Associates Technology, Inc.
@ -38,7 +38,7 @@
#ifdef __FreeBSD__
__FBSDID("$FreeBSD: src/lib/libpam/modules/pam_ssh/pam_ssh.c,v 1.40 2004/02/10 10:13:21 des Exp $");
#else
__RCSID("$NetBSD: pam_ssh.c,v 1.6 2005/03/14 05:40:35 christos Exp $");
__RCSID("$NetBSD: pam_ssh.c,v 1.7 2005/03/14 05:45:48 christos Exp $");
#endif
#include <sys/param.h>
@ -63,6 +63,7 @@ __RCSID("$NetBSD: pam_ssh.c,v 1.6 2005/03/14 05:40:35 christos Exp $");
#include <openssl/evp.h>
#include "key.h"
#include "auth.h"
#include "authfd.h"
#include "authfile.h"
@ -93,14 +94,15 @@ static const char *pam_ssh_agent_envp[] = { NULL };
* struct pam_ssh_key containing the key and its comment.
*/
static struct pam_ssh_key *
pam_ssh_load_key(const char *dir, const char *kfn, const char *passphrase)
pam_ssh_load_key(struct passwd *pwd, const char *kfn, const char *passphrase)
{
struct pam_ssh_key *psk;
char fn[PATH_MAX];
char *comment;
Key *key;
if (snprintf(fn, sizeof(fn), "%s/%s", dir, kfn) > (int)sizeof(fn))
if (snprintf(fn, sizeof(fn), "%s/%s", pwd->pw_dir, kfn) >
(int)sizeof(fn))
return (NULL);
comment = NULL;
key = key_load_private(fn, passphrase, &comment);
@ -108,9 +110,14 @@ pam_ssh_load_key(const char *dir, const char *kfn, const char *passphrase)
openpam_log(PAM_LOG_DEBUG, "failed to load key from %s\n", fn);
return (NULL);
}
if (!user_key_allowed(pwd, key)) {
openpam_log(PAM_LOG_DEBUG, "key from %s not authorized\n", fn);
goto out;
}
openpam_log(PAM_LOG_DEBUG, "loaded '%s' from %s\n", comment, fn);
if ((psk = malloc(sizeof(*psk))) == NULL) {
out:
key_free(key);
free(comment);
return (NULL);
@ -190,7 +197,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
/* try to load keys from all keyfiles we know of */
nkeys = 0;
for (kfn = pam_ssh_keyfiles; *kfn != NULL; ++kfn) {
psk = pam_ssh_load_key(pwd->pw_dir, *kfn, passphrase);
psk = pam_ssh_load_key(pwd, *kfn, passphrase);
if (psk != NULL) {
pam_set_data(pamh, *kfn, psk, pam_ssh_free_key);
++nkeys;