Mercurial > illumos > illumos-gate
changeset 3984:10d407109a7a
6506671 sshd should not fail on permissions check with pubkey auth if homedir is not available
6541995 honour Host directives when processing ConnectTimeout option
author | jp161948 |
---|---|
date | Fri, 06 Apr 2007 11:58:25 -0700 |
parents | 5179f49636a5 |
children | b4f7d0163d40 |
files | usr/src/cmd/ssh/libssh/common/readconf.c usr/src/cmd/ssh/sshd/auth.c |
diffstat | 2 files changed, 15 insertions(+), 9 deletions(-) [+] |
line wrap: on
line diff
--- a/usr/src/cmd/ssh/libssh/common/readconf.c Fri Apr 06 11:23:51 2007 -0700 +++ b/usr/src/cmd/ssh/libssh/common/readconf.c Fri Apr 06 11:58:25 2007 -0700 @@ -330,7 +330,7 @@ if ((value = convtime(arg)) == -1) fatal("%s line %d: invalid time value.", filename, linenum); - if (*intptr == -1) + if (*activep && *intptr == -1) *intptr = value; break;
--- a/usr/src/cmd/ssh/sshd/auth.c Fri Apr 06 11:23:51 2007 -0700 +++ b/usr/src/cmd/ssh/sshd/auth.c Fri Apr 06 11:58:25 2007 -0700 @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -477,6 +477,7 @@ uid_t uid; char buf[MAXPATHLEN], homedir[MAXPATHLEN]; char *cp; + int comparehome = 0; struct stat st; if (pw == NULL) @@ -489,11 +490,16 @@ strerror(errno)); return -1; } - if (realpath(pw->pw_dir, homedir) == NULL) { - snprintf(err, errlen, "realpath %s failed: %s", pw->pw_dir, - strerror(errno)); - return -1; - } + + /* + * A user is not required to have all the files that are subject to + * the strict mode checking in his/her home directory. If the + * directory is not present at the moment, which might be the case if + * the directory is not mounted until the user is authenticated, do + * not perform the home directory check below. + */ + if (realpath(pw->pw_dir, homedir) != NULL) + comparehome = 1; /* check the open file to avoid races */ if (fstat(fileno(f), &st) < 0 || @@ -521,8 +527,8 @@ return -1; } - /* If are passed the homedir then we can stop */ - if (strcmp(homedir, buf) == 0) { + /* If we passed the homedir then we can stop. */ + if (comparehome && strcmp(homedir, buf) == 0) { debug3("secure_filename: terminating check at '%s'", buf); break;