upstream: use asprintf to construct .rhosts paths
OpenBSD-Commit-ID: 8286e8d3d2c6ff916ff13d041d1713073f738a8b
This commit is contained in:
parent
c07e154fbd
commit
bf114d6f0a
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth-rhosts.c,v 1.54 2022/02/01 23:32:51 djm Exp $ */
|
||||
/* $OpenBSD: auth-rhosts.c,v 1.55 2022/02/23 11:15:57 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -34,6 +34,7 @@
|
|||
#include "pathnames.h"
|
||||
#include "log.h"
|
||||
#include "misc.h"
|
||||
#include "xmalloc.h"
|
||||
#include "sshbuf.h"
|
||||
#include "sshkey.h"
|
||||
#include "servconf.h"
|
||||
|
@ -189,12 +190,13 @@ int
|
|||
auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
|
||||
const char *ipaddr)
|
||||
{
|
||||
char buf[1024];
|
||||
char *path = NULL;
|
||||
struct stat st;
|
||||
static const char * const rhosts_files[] = {".shosts", ".rhosts", NULL};
|
||||
u_int rhosts_file_index;
|
||||
int r;
|
||||
|
||||
debug2("auth_rhosts2: clientuser %s hostname %s ipaddr %s",
|
||||
debug2_f("clientuser %s hostname %s ipaddr %s",
|
||||
client_user, hostname, ipaddr);
|
||||
|
||||
/* Switch to the user's uid. */
|
||||
|
@ -208,9 +210,11 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
|
|||
for (rhosts_file_index = 0; rhosts_files[rhosts_file_index];
|
||||
rhosts_file_index++) {
|
||||
/* Check users .rhosts or .shosts. */
|
||||
snprintf(buf, sizeof buf, "%.500s/%.100s",
|
||||
pw->pw_dir, rhosts_files[rhosts_file_index]);
|
||||
if (stat(buf, &st) >= 0)
|
||||
xasprintf(&path, "%s/%s",
|
||||
pw->pw_dir, rhosts_files[rhosts_file_index]);
|
||||
r = stat(path, &st);
|
||||
free(path);
|
||||
if (r >= 0)
|
||||
break;
|
||||
}
|
||||
/* Switch back to privileged uid. */
|
||||
|
@ -275,10 +279,12 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
|
|||
for (rhosts_file_index = 0; rhosts_files[rhosts_file_index];
|
||||
rhosts_file_index++) {
|
||||
/* Check users .rhosts or .shosts. */
|
||||
snprintf(buf, sizeof buf, "%.500s/%.100s",
|
||||
pw->pw_dir, rhosts_files[rhosts_file_index]);
|
||||
if (stat(buf, &st) == -1)
|
||||
xasprintf(&path, "%s/%s",
|
||||
pw->pw_dir, rhosts_files[rhosts_file_index]);
|
||||
if (stat(path, &st) == -1) {
|
||||
free(path);
|
||||
continue;
|
||||
}
|
||||
|
||||
/*
|
||||
* Make sure that the file is either owned by the user or by
|
||||
|
@ -289,9 +295,10 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
|
|||
if (options.strict_modes &&
|
||||
((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
|
||||
(st.st_mode & 022) != 0)) {
|
||||
logit("Rhosts authentication refused for %.100s: bad modes for %.200s",
|
||||
pw->pw_name, buf);
|
||||
auth_debug_add("Bad file modes for %.200s", buf);
|
||||
logit("Rhosts authentication refused for %.100s: "
|
||||
"bad modes for %.200s", pw->pw_name, path);
|
||||
auth_debug_add("Bad file modes for %.200s", path);
|
||||
free(path);
|
||||
continue;
|
||||
}
|
||||
/*
|
||||
|
@ -303,10 +310,11 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
|
|||
strcmp(rhosts_files[rhosts_file_index], ".shosts") != 0)) {
|
||||
auth_debug_add("Server has been configured to "
|
||||
"ignore %.100s.", rhosts_files[rhosts_file_index]);
|
||||
free(path);
|
||||
continue;
|
||||
}
|
||||
/* Check if authentication is permitted by the file. */
|
||||
if (check_rhosts_file(buf, hostname, ipaddr,
|
||||
if (check_rhosts_file(path, hostname, ipaddr,
|
||||
client_user, pw->pw_name)) {
|
||||
auth_debug_add("Accepted by %.100s.",
|
||||
rhosts_files[rhosts_file_index]);
|
||||
|
@ -315,8 +323,10 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
|
|||
auth_debug_add("Accepted host %s ip %s client_user "
|
||||
"%s server_user %s", hostname, ipaddr,
|
||||
client_user, pw->pw_name);
|
||||
free(path);
|
||||
return 1;
|
||||
}
|
||||
free(path);
|
||||
}
|
||||
|
||||
/* Restore the privileged uid. */
|
||||
|
|
Loading…
Reference in New Issue