[openssh-commits] [openssh] 01/01: upstream: move auth_openprincipals() and auth_openkeyfile() over to

git+noreply at mindrot.org git+noreply at mindrot.org
Fri Jun 3 14:50:09 AEST 2022


This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit acb2059febaddd71ee06c2ebf63dcf211d9ab9f2
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Fri Jun 3 04:47:21 2022 +0000

    upstream: move auth_openprincipals() and auth_openkeyfile() over to
    
    auth2-pubkeyfile.c too; they make more sense there.
    
    OpenBSD-Commit-ID: 9970d99f900e1117fdaab13e9e910a621b7c60ee
---
 auth.c             | 58 +-----------------------------------------------------
 auth.h             |  6 +++---
 auth2-pubkeyfile.c | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++-
 3 files changed, 60 insertions(+), 61 deletions(-)

diff --git a/auth.c b/auth.c
index 9ad9034a..13e8d799 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.157 2022/05/27 05:02:46 djm Exp $ */
+/* $OpenBSD: auth.c,v 1.158 2022/06/03 04:47:21 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -460,62 +460,6 @@ check_key_in_hostfiles(struct passwd *pw, struct sshkey *key, const char *host,
 	return host_status;
 }
 
-static FILE *
-auth_openfile(const char *file, struct passwd *pw, int strict_modes,
-    int log_missing, char *file_type)
-{
-	char line[1024];
-	struct stat st;
-	int fd;
-	FILE *f;
-
-	if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1) {
-		if (log_missing || errno != ENOENT)
-			debug("Could not open %s '%s': %s", file_type, file,
-			    strerror(errno));
-		return NULL;
-	}
-
-	if (fstat(fd, &st) == -1) {
-		close(fd);
-		return NULL;
-	}
-	if (!S_ISREG(st.st_mode)) {
-		logit("User %s %s %s is not a regular file",
-		    pw->pw_name, file_type, file);
-		close(fd);
-		return NULL;
-	}
-	unset_nonblock(fd);
-	if ((f = fdopen(fd, "r")) == NULL) {
-		close(fd);
-		return NULL;
-	}
-	if (strict_modes &&
-	    safe_path_fd(fileno(f), file, pw, line, sizeof(line)) != 0) {
-		fclose(f);
-		logit("Authentication refused: %s", line);
-		auth_debug_add("Ignored %s: %s", file_type, line);
-		return NULL;
-	}
-
-	return f;
-}
-
-
-FILE *
-auth_openkeyfile(const char *file, struct passwd *pw, int strict_modes)
-{
-	return auth_openfile(file, pw, strict_modes, 1, "authorized keys");
-}
-
-FILE *
-auth_openprincipals(const char *file, struct passwd *pw, int strict_modes)
-{
-	return auth_openfile(file, pw, strict_modes, 0,
-	    "authorized principals");
-}
-
 struct passwd *
 getpwnamallow(struct ssh *ssh, const char *user)
 {
diff --git a/auth.h b/auth.h
index b8eec4a6..b743406e 100644
--- a/auth.h
+++ b/auth.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.h,v 1.104 2022/05/27 05:02:46 djm Exp $ */
+/* $OpenBSD: auth.h,v 1.105 2022/06/03 04:47:21 djm Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -193,8 +193,6 @@ struct passwd * getpwnamallow(struct ssh *, const char *user);
 char	*expand_authorized_keys(const char *, struct passwd *pw);
 char	*authorized_principals_file(struct passwd *);
 
-FILE	*auth_openkeyfile(const char *, struct passwd *, int);
-FILE	*auth_openprincipals(const char *, struct passwd *, int);
 int	 auth_key_is_revoked(struct sshkey *);
 
 const char	*auth_get_canonical_hostname(struct ssh *, int);
@@ -237,6 +235,8 @@ int	 auth_check_authkey_line(struct passwd *, struct sshkey *,
     char *, const char *, const char *, const char *, struct sshauthopt **);
 int	 auth_check_authkeys_file(struct passwd *, FILE *, char *,
     struct sshkey *, const char *, const char *, struct sshauthopt **);
+FILE	*auth_openkeyfile(const char *, struct passwd *, int);
+FILE	*auth_openprincipals(const char *, struct passwd *, int);
 
 int	 sys_auth_passwd(struct ssh *, const char *);
 
diff --git a/auth2-pubkeyfile.c b/auth2-pubkeyfile.c
index a304d095..911f01ba 100644
--- a/auth2-pubkeyfile.c
+++ b/auth2-pubkeyfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkeyfile.c,v 1.1 2022/05/27 05:02:46 djm Exp $ */
+/* $OpenBSD: auth2-pubkeyfile.c,v 1.2 2022/06/03 04:47:21 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2010 Damien Miller.  All rights reserved.
@@ -439,4 +439,59 @@ auth_check_authkeys_file(struct passwd *pw, FILE *f, char *file,
 	return found_key;
 }
 
+static FILE *
+auth_openfile(const char *file, struct passwd *pw, int strict_modes,
+    int log_missing, char *file_type)
+{
+	char line[1024];
+	struct stat st;
+	int fd;
+	FILE *f;
+
+	if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1) {
+		if (log_missing || errno != ENOENT)
+			debug("Could not open %s '%s': %s", file_type, file,
+			    strerror(errno));
+		return NULL;
+	}
+
+	if (fstat(fd, &st) == -1) {
+		close(fd);
+		return NULL;
+	}
+	if (!S_ISREG(st.st_mode)) {
+		logit("User %s %s %s is not a regular file",
+		    pw->pw_name, file_type, file);
+		close(fd);
+		return NULL;
+	}
+	unset_nonblock(fd);
+	if ((f = fdopen(fd, "r")) == NULL) {
+		close(fd);
+		return NULL;
+	}
+	if (strict_modes &&
+	    safe_path_fd(fileno(f), file, pw, line, sizeof(line)) != 0) {
+		fclose(f);
+		logit("Authentication refused: %s", line);
+		auth_debug_add("Ignored %s: %s", file_type, line);
+		return NULL;
+	}
+
+	return f;
+}
+
+
+FILE *
+auth_openkeyfile(const char *file, struct passwd *pw, int strict_modes)
+{
+	return auth_openfile(file, pw, strict_modes, 1, "authorized keys");
+}
+
+FILE *
+auth_openprincipals(const char *file, struct passwd *pw, int strict_modes)
+{
+	return auth_openfile(file, pw, strict_modes, 0,
+	    "authorized principals");
+}
 

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list