Mercurial > dropbear
comparison svr-authpubkey.c @ 297:79bf1023cf11 agent-client
propagate from branch 'au.asn.ucc.matt.dropbear' (head 0501e6f661b5415eb76f3b312d183c3adfbfb712)
to branch 'au.asn.ucc.matt.dropbear.cli-agent' (head 01038174ec27245b51bd43a66c01ad930880f67b)
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Tue, 21 Mar 2006 16:20:59 +0000 |
| parents | bf64e666f99b |
| children | 7282370416a0 |
comparison
equal
deleted
inserted
replaced
| 225:ca7e76d981d9 | 297:79bf1023cf11 |
|---|---|
| 264 int ret = DROPBEAR_FAILURE; | 264 int ret = DROPBEAR_FAILURE; |
| 265 unsigned int len; | 265 unsigned int len; |
| 266 | 266 |
| 267 TRACE(("enter checkpubkeyperms")) | 267 TRACE(("enter checkpubkeyperms")) |
| 268 | 268 |
| 269 assert(ses.authstate.pw); | |
| 270 if (ses.authstate.pw->pw_dir == NULL) { | 269 if (ses.authstate.pw->pw_dir == NULL) { |
| 271 goto out; | 270 goto out; |
| 272 } | 271 } |
| 273 | 272 |
| 274 if ((len = strlen(ses.authstate.pw->pw_dir)) == 0) { | 273 if ((len = strlen(ses.authstate.pw->pw_dir)) == 0) { |
| 310 /* Checks that a file is owned by the user or root, and isn't writable by | 309 /* Checks that a file is owned by the user or root, and isn't writable by |
| 311 * group or other */ | 310 * group or other */ |
| 312 /* returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ | 311 /* returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ |
| 313 static int checkfileperm(char * filename) { | 312 static int checkfileperm(char * filename) { |
| 314 struct stat filestat; | 313 struct stat filestat; |
| 314 int badperm = 0; | |
| 315 | 315 |
| 316 TRACE(("enter checkfileperm(%s)", filename)) | 316 TRACE(("enter checkfileperm(%s)", filename)) |
| 317 | 317 |
| 318 if (stat(filename, &filestat) != 0) { | 318 if (stat(filename, &filestat) != 0) { |
| 319 TRACE(("leave checkfileperm: stat() != 0")) | 319 TRACE(("leave checkfileperm: stat() != 0")) |
| 320 return DROPBEAR_FAILURE; | 320 return DROPBEAR_FAILURE; |
| 321 } | 321 } |
| 322 /* check ownership - user or root only*/ | 322 /* check ownership - user or root only*/ |
| 323 if (filestat.st_uid != ses.authstate.pw->pw_uid | 323 if (filestat.st_uid != ses.authstate.pw->pw_uid |
| 324 && filestat.st_uid != 0) { | 324 && filestat.st_uid != 0) { |
| 325 TRACE(("leave checkfileperm: wrong ownership")) | 325 badperm = 1; |
| 326 return DROPBEAR_FAILURE; | 326 TRACE(("wrong ownership")) |
| 327 } | 327 } |
| 328 /* check permissions - don't want group or others +w */ | 328 /* check permissions - don't want group or others +w */ |
| 329 if (filestat.st_mode & (S_IWGRP | S_IWOTH)) { | 329 if (filestat.st_mode & (S_IWGRP | S_IWOTH)) { |
| 330 TRACE(("leave checkfileperm: wrong perms")) | 330 badperm = 1; |
| 331 TRACE(("wrong perms")) | |
| 332 } | |
| 333 if (badperm) { | |
| 334 if (!ses.authstate.perm_warn) { | |
| 335 ses.authstate.perm_warn = 1; | |
| 336 dropbear_log(LOG_INFO, "%s must be owned by user or root, and not writable by others", filename); | |
| 337 } | |
| 338 TRACE(("leave checkfileperm: failure perms/owner")) | |
| 331 return DROPBEAR_FAILURE; | 339 return DROPBEAR_FAILURE; |
| 332 } | 340 } |
| 341 | |
| 333 TRACE(("leave checkfileperm: success")) | 342 TRACE(("leave checkfileperm: success")) |
| 334 return DROPBEAR_SUCCESS; | 343 return DROPBEAR_SUCCESS; |
| 335 } | 344 } |
| 336 | 345 |
| 337 | 346 |