Mercurial > dropbear

comparison svr-authpubkey.c @ 33:f789045062e6

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Progressing client support
author Matt Johnston <matt@ucc.asn.au>
date Tue, 27 Jul 2004 16:30:46 +0000
parents fe6bca95afa7
children 45edf30ea0a6
comparison
equal deleted inserted replaced
32:8fd0cdbb5b1b 33:f789045062e6
48 static int checkfileperm(char * filename); 48 static int checkfileperm(char * filename);
49 static int getauthline(buffer * line, FILE * authfile); 49 static int getauthline(buffer * line, FILE * authfile);
50 50
51 /* process a pubkey auth request, sending success or failure message as 51 /* process a pubkey auth request, sending success or failure message as
52 * appropriate */ 52 * appropriate */
53 void pubkeyauth() { 53 void svr_auth_pubkey() {
54 54
55 unsigned char testkey; /* whether we're just checking if a key is usable */ 55 unsigned char testkey; /* whether we're just checking if a key is usable */
56 unsigned char* algo = NULL; /* pubkey algo */ 56 unsigned char* algo = NULL; /* pubkey algo */
57 unsigned int algolen; 57 unsigned int algolen;
58 unsigned char* keyblob; 58 unsigned char* keyblob;
111 fp = sign_key_fingerprint(key, type); 111 fp = sign_key_fingerprint(key, type);
112 if (buf_verify(ses.payload, key, buf_getptr(signbuf, signbuf->len), 112 if (buf_verify(ses.payload, key, buf_getptr(signbuf, signbuf->len),
113 signbuf->len) == DROPBEAR_SUCCESS) { 113 signbuf->len) == DROPBEAR_SUCCESS) {
114 dropbear_log(LOG_NOTICE, 114 dropbear_log(LOG_NOTICE,
115 "pubkey auth succeeded for '%s' with key %s", 115 "pubkey auth succeeded for '%s' with key %s",
116 svr_ses.authstate.printableuser, fp); 116 ses.authstate.printableuser, fp);
117 send_msg_userauth_success(); 117 send_msg_userauth_success();
118 } else { 118 } else {
119 dropbear_log(LOG_WARNING, 119 dropbear_log(LOG_WARNING,
120 "pubkey auth bad signature for '%s' with key %s", 120 "pubkey auth bad signature for '%s' with key %s",
121 svr_ses.authstate.printableuser, fp); 121 ses.authstate.printableuser, fp);
122 send_msg_userauth_failure(0, 1); 122 send_msg_userauth_failure(0, 1);
123 } 123 }
124 m_free(fp); 124 m_free(fp);
125 125
126 out: 126 out:
176 176
177 /* check that we can use the algo */ 177 /* check that we can use the algo */
178 if (have_algo(algo, algolen, sshhostkey) == DROPBEAR_FAILURE) { 178 if (have_algo(algo, algolen, sshhostkey) == DROPBEAR_FAILURE) {
179 dropbear_log(LOG_WARNING, 179 dropbear_log(LOG_WARNING,
180 "pubkey auth attempt with unknown algo for '%s'", 180 "pubkey auth attempt with unknown algo for '%s'",
181 svr_ses.authstate.printableuser); 181 ses.authstate.printableuser);
182 goto out; 182 goto out;
183 } 183 }
184 184
185 /* check file permissions, also whether file exists */ 185 /* check file permissions, also whether file exists */
186 if (checkpubkeyperms() == DROPBEAR_FAILURE) { 186 if (checkpubkeyperms() == DROPBEAR_FAILURE) {
188 goto out; 188 goto out;
189 } 189 }
190 190
191 /* we don't need to check pw and pw_dir for validity, since 191 /* we don't need to check pw and pw_dir for validity, since
192 * its been done in checkpubkeyperms. */ 192 * its been done in checkpubkeyperms. */
193 len = strlen(svr_ses.authstate.pw->pw_dir); 193 len = strlen(ses.authstate.pw->pw_dir);
194 /* allocate max required pathname storage, 194 /* allocate max required pathname storage,
195 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ 195 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
196 filename = m_malloc(len + 22); 196 filename = m_malloc(len + 22);
197 snprintf(filename, len + 22, "%s/.ssh/authorized_keys", 197 snprintf(filename, len + 22, "%s/.ssh/authorized_keys",
198 svr_ses.authstate.pw->pw_dir); 198 ses.authstate.pw->pw_dir);
199 199
200 /* open the file */ 200 /* open the file */
201 authfile = fopen(filename, "r"); 201 authfile = fopen(filename, "r");
202 if (authfile == NULL) { 202 if (authfile == NULL) {
203 goto out; 203 goto out;
350 int ret = DROPBEAR_FAILURE; 350 int ret = DROPBEAR_FAILURE;
351 unsigned int len; 351 unsigned int len;
352 352
353 TRACE(("enter checkpubkeyperms")); 353 TRACE(("enter checkpubkeyperms"));
354 354
355 assert(svr_ses.authstate.pw); 355 assert(ses.authstate.pw);
356 if (svr_ses.authstate.pw->pw_dir == NULL) { 356 if (ses.authstate.pw->pw_dir == NULL) {
357 goto out; 357 goto out;
358 } 358 }
359 359
360 if ((len = strlen(svr_ses.authstate.pw->pw_dir)) == 0) { 360 if ((len = strlen(ses.authstate.pw->pw_dir)) == 0) {
361 goto out; 361 goto out;
362 } 362 }
363 363
364 /* allocate max required pathname storage, 364 /* allocate max required pathname storage,
365 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ 365 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
366 filename = m_malloc(len + 22); 366 filename = m_malloc(len + 22);
367 strncpy(filename, svr_ses.authstate.pw->pw_dir, len+1); 367 strncpy(filename, ses.authstate.pw->pw_dir, len+1);
368 368
369 /* check ~ */ 369 /* check ~ */
370 if (checkfileperm(filename) != DROPBEAR_SUCCESS) { 370 if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
371 goto out; 371 goto out;
372 } 372 }
404 if (stat(filename, &filestat) != 0) { 404 if (stat(filename, &filestat) != 0) {
405 TRACE(("leave checkfileperm: stat() != 0")); 405 TRACE(("leave checkfileperm: stat() != 0"));
406 return DROPBEAR_FAILURE; 406 return DROPBEAR_FAILURE;
407 } 407 }
408 /* check ownership - user or root only*/ 408 /* check ownership - user or root only*/
409 if (filestat.st_uid != svr_ses.authstate.pw->pw_uid 409 if (filestat.st_uid != ses.authstate.pw->pw_uid
410 && filestat.st_uid != 0) { 410 && filestat.st_uid != 0) {
411 TRACE(("leave checkfileperm: wrong ownership")); 411 TRACE(("leave checkfileperm: wrong ownership"));
412 return DROPBEAR_FAILURE; 412 return DROPBEAR_FAILURE;
413 } 413 }
414 /* check permissions - don't want group or others +w */ 414 /* check permissions - don't want group or others +w */