Mercurial > dropbear
comparison svr-authpubkey.c @ 297:79bf1023cf11 agent-client
propagate from branch 'au.asn.ucc.matt.dropbear' (head 0501e6f661b5415eb76f3b312d183c3adfbfb712)
to branch 'au.asn.ucc.matt.dropbear.cli-agent' (head 01038174ec27245b51bd43a66c01ad930880f67b)
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Tue, 21 Mar 2006 16:20:59 +0000 |
parents | bf64e666f99b |
children | 7282370416a0 |
comparison
equal
deleted
inserted
replaced
225:ca7e76d981d9 | 297:79bf1023cf11 |
---|---|
264 int ret = DROPBEAR_FAILURE; | 264 int ret = DROPBEAR_FAILURE; |
265 unsigned int len; | 265 unsigned int len; |
266 | 266 |
267 TRACE(("enter checkpubkeyperms")) | 267 TRACE(("enter checkpubkeyperms")) |
268 | 268 |
269 assert(ses.authstate.pw); | |
270 if (ses.authstate.pw->pw_dir == NULL) { | 269 if (ses.authstate.pw->pw_dir == NULL) { |
271 goto out; | 270 goto out; |
272 } | 271 } |
273 | 272 |
274 if ((len = strlen(ses.authstate.pw->pw_dir)) == 0) { | 273 if ((len = strlen(ses.authstate.pw->pw_dir)) == 0) { |
310 /* Checks that a file is owned by the user or root, and isn't writable by | 309 /* Checks that a file is owned by the user or root, and isn't writable by |
311 * group or other */ | 310 * group or other */ |
312 /* returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ | 311 /* returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ |
313 static int checkfileperm(char * filename) { | 312 static int checkfileperm(char * filename) { |
314 struct stat filestat; | 313 struct stat filestat; |
314 int badperm = 0; | |
315 | 315 |
316 TRACE(("enter checkfileperm(%s)", filename)) | 316 TRACE(("enter checkfileperm(%s)", filename)) |
317 | 317 |
318 if (stat(filename, &filestat) != 0) { | 318 if (stat(filename, &filestat) != 0) { |
319 TRACE(("leave checkfileperm: stat() != 0")) | 319 TRACE(("leave checkfileperm: stat() != 0")) |
320 return DROPBEAR_FAILURE; | 320 return DROPBEAR_FAILURE; |
321 } | 321 } |
322 /* check ownership - user or root only*/ | 322 /* check ownership - user or root only*/ |
323 if (filestat.st_uid != ses.authstate.pw->pw_uid | 323 if (filestat.st_uid != ses.authstate.pw->pw_uid |
324 && filestat.st_uid != 0) { | 324 && filestat.st_uid != 0) { |
325 TRACE(("leave checkfileperm: wrong ownership")) | 325 badperm = 1; |
326 return DROPBEAR_FAILURE; | 326 TRACE(("wrong ownership")) |
327 } | 327 } |
328 /* check permissions - don't want group or others +w */ | 328 /* check permissions - don't want group or others +w */ |
329 if (filestat.st_mode & (S_IWGRP | S_IWOTH)) { | 329 if (filestat.st_mode & (S_IWGRP | S_IWOTH)) { |
330 TRACE(("leave checkfileperm: wrong perms")) | 330 badperm = 1; |
331 TRACE(("wrong perms")) | |
332 } | |
333 if (badperm) { | |
334 if (!ses.authstate.perm_warn) { | |
335 ses.authstate.perm_warn = 1; | |
336 dropbear_log(LOG_INFO, "%s must be owned by user or root, and not writable by others", filename); | |
337 } | |
338 TRACE(("leave checkfileperm: failure perms/owner")) | |
331 return DROPBEAR_FAILURE; | 339 return DROPBEAR_FAILURE; |
332 } | 340 } |
341 | |
333 TRACE(("leave checkfileperm: success")) | 342 TRACE(("leave checkfileperm: success")) |
334 return DROPBEAR_SUCCESS; | 343 return DROPBEAR_SUCCESS; |
335 } | 344 } |
336 | 345 |
337 | 346 |