Mercurial > dropbear
comparison svr-authpubkey.c @ 248:bf64e666f99b
Log when pubkey auth fails because of bad pubkey perms/ownership
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Tue, 20 Sep 2005 08:59:46 +0000 |
| parents | c5d3ef11155f |
| children | 7282370416a0 |
comparison
equal
deleted
inserted
replaced
| 245:b24730e11c83 | 248:bf64e666f99b |
|---|---|
| 309 /* Checks that a file is owned by the user or root, and isn't writable by | 309 /* Checks that a file is owned by the user or root, and isn't writable by |
| 310 * group or other */ | 310 * group or other */ |
| 311 /* returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ | 311 /* returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ |
| 312 static int checkfileperm(char * filename) { | 312 static int checkfileperm(char * filename) { |
| 313 struct stat filestat; | 313 struct stat filestat; |
| 314 int badperm = 0; | |
| 314 | 315 |
| 315 TRACE(("enter checkfileperm(%s)", filename)) | 316 TRACE(("enter checkfileperm(%s)", filename)) |
| 316 | 317 |
| 317 if (stat(filename, &filestat) != 0) { | 318 if (stat(filename, &filestat) != 0) { |
| 318 TRACE(("leave checkfileperm: stat() != 0")) | 319 TRACE(("leave checkfileperm: stat() != 0")) |
| 319 return DROPBEAR_FAILURE; | 320 return DROPBEAR_FAILURE; |
| 320 } | 321 } |
| 321 /* check ownership - user or root only*/ | 322 /* check ownership - user or root only*/ |
| 322 if (filestat.st_uid != ses.authstate.pw->pw_uid | 323 if (filestat.st_uid != ses.authstate.pw->pw_uid |
| 323 && filestat.st_uid != 0) { | 324 && filestat.st_uid != 0) { |
| 324 TRACE(("leave checkfileperm: wrong ownership")) | 325 badperm = 1; |
| 325 return DROPBEAR_FAILURE; | 326 TRACE(("wrong ownership")) |
| 326 } | 327 } |
| 327 /* check permissions - don't want group or others +w */ | 328 /* check permissions - don't want group or others +w */ |
| 328 if (filestat.st_mode & (S_IWGRP | S_IWOTH)) { | 329 if (filestat.st_mode & (S_IWGRP | S_IWOTH)) { |
| 329 TRACE(("leave checkfileperm: wrong perms")) | 330 badperm = 1; |
| 331 TRACE(("wrong perms")) | |
| 332 } | |
| 333 if (badperm) { | |
| 334 if (!ses.authstate.perm_warn) { | |
| 335 ses.authstate.perm_warn = 1; | |
| 336 dropbear_log(LOG_INFO, "%s must be owned by user or root, and not writable by others", filename); | |
| 337 } | |
| 338 TRACE(("leave checkfileperm: failure perms/owner")) | |
| 330 return DROPBEAR_FAILURE; | 339 return DROPBEAR_FAILURE; |
| 331 } | 340 } |
| 341 | |
| 332 TRACE(("leave checkfileperm: success")) | 342 TRACE(("leave checkfileperm: success")) |
| 333 return DROPBEAR_SUCCESS; | 343 return DROPBEAR_SUCCESS; |
| 334 } | 344 } |
| 335 | 345 |
| 336 | 346 |