Exemplo n.º 1
0
/* check whether given key is in .ssh/authorized_keys* */
int
user_key_allowed(struct passwd *pw, Key *key)
{
	u_int success, i;
	char *file;

	if (auth_key_is_revoked(key))
		return 0;
	if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key))
		return 0;

	success = user_cert_trusted_ca(pw, key);
	if (success)
		return success;

	for (i = 0; !success && i < options.num_authkeys_files; i++) {
		file = expand_authorized_keys(
		    options.authorized_keys_files[i], pw);
		success = user_key_allowed2(pw, key, file);
		xfree(file);
	}

	if (success)
		return success;

	/* try the script to find the key */
	if ((file = authorized_keys_script(pw))) {
		success = user_key_found_by_script(pw, key, file);
		xfree(file);
	}

	return success;
}
Exemplo n.º 2
0
/*
 * Check whether key authenticates and authorises the user.
 */
int
user_key_allowed(struct passwd *pw, Key *key)
{
	u_int success, i;
	char *file;

	if (auth_key_is_revoked(key))
		return 0;
	if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key))
		return 0;

	success = user_cert_trusted_ca(pw, key);
	if (success)
		return success;

	success = user_key_command_allowed2(pw, key);
	if (success > 0)
		return success;

	for (i = 0; !success && i < options.num_authkeys_files; i++) {

		if (strcasecmp(options.authorized_keys_files[i], "none") == 0)
			continue;
		file = expand_authorized_keys(
		    options.authorized_keys_files[i], pw);

		success = user_key_allowed2(pw, key, file);
		free(file);
	}

	return success;
}
Exemplo n.º 3
0
/* check whether given key is in .ssh/authorized_keys* */
int
user_key_allowed(struct passwd *pw, Key *key)
{
	int success;
	char *file;

	if (auth_key_is_revoked(key))
		return 0;
	if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key))
		return 0;

	success = user_cert_trusted_ca(pw, key);
	if (success)
		return success;

	file = authorized_keys_file(pw);
	success = user_key_allowed2(pw, key, file);
	xfree(file);
	if (success)
		return success;

	/* try suffix "2" for backward compat, too */
	file = authorized_keys_file2(pw);
	success = user_key_allowed2(pw, key, file);
	xfree(file);
	return success;
}
Exemplo n.º 4
0
/* check whether given key is in .ssh/authorized_keys* */
int
user_key_allowed(struct passwd *pw, Key *key)
{
	char *fp;
	int success;
	char *file;

	if (blacklisted_key(key)) {
		fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
		if (options.permit_blacklisted_keys)
			logit("Public key %s blacklisted (see "
			    "ssh-vulnkey(1)); continuing anyway", fp);
		else
			logit("Public key %s blacklisted (see "
			    "ssh-vulnkey(1))", fp);
		xfree(fp);
		if (!options.permit_blacklisted_keys)
			return 0;
	}

	if (auth_key_is_revoked(key))
		return 0;
	if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key))
		return 0;

	success = user_cert_trusted_ca(pw, key);
	if (success)
		return success;

	file = authorized_keys_file(pw);
	success = user_key_allowed2(pw, key, file);
	xfree(file);
	if (success)
		return success;

	/* try suffix "2" for backward compat, too */
	file = authorized_keys_file2(pw);
	success = user_key_allowed2(pw, key, file);
	xfree(file);
	return success;
}
Exemplo n.º 5
0
/* check whether given key is in .ssh/authorized_keys* */
int
user_key_allowed(struct passwd *pw, Key *key)
{
	char *fp;
	u_int success, i;
	char *file;

	if (blacklisted_key(key)) {
		fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
		if (options.permit_blacklisted_keys)
			logit("Public key %s blacklisted (see "
			    "ssh-vulnkey(1)); continuing anyway", fp);
		else
			logit("Public key %s blacklisted (see "
			    "ssh-vulnkey(1))", fp);
		xfree(fp);
		if (!options.permit_blacklisted_keys)
			return 0;
	}

	if (auth_key_is_revoked(key))
		return 0;
	if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key))
		return 0;

	success = user_cert_trusted_ca(pw, key);
	if (success)
		return success;

	for (i = 0; !success && i < options.num_authkeys_files; i++) {
		file = expand_authorized_keys(
		    options.authorized_keys_files[i], pw);
		success = user_key_allowed2(pw, key, file);
		xfree(file);
	}

	return success;
}