summaryrefslogtreecommitdiff
path: root/authfile.c
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2001-09-23 13:53:22 +0000
committerBen Lindstrom <mouring@eviladmin.org>2001-09-23 13:53:22 +0000
commit7aff2613d95d0d4c272f5d22f6c22d08542d72b1 (patch)
treec60a86d4581304b023ff174ddc97c1ed3a098278 /authfile.c
parent15da033b34c007c22d37dca64a407049f9520aff (diff)
- markus@cvs.openbsd.org 2001/09/23 11:09:13
[authfile.c] relax permission check for private key files.
Diffstat (limited to 'authfile.c')
-rw-r--r--authfile.c17
1 files changed, 10 insertions, 7 deletions
diff --git a/authfile.c b/authfile.c
index b4b985c9..cf2957dd 100644
--- a/authfile.c
+++ b/authfile.c
@@ -36,7 +36,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: authfile.c,v 1.37 2001/06/23 15:12:17 itojun Exp $");
+RCSID("$OpenBSD: authfile.c,v 1.38 2001/09/23 11:09:13 markus Exp $");
#include <openssl/err.h>
#include <openssl/evp.h>
@@ -486,18 +486,21 @@ key_perm_ok(int fd, const char *filename)
{
struct stat st;
- /* check owner and modes */
+ if (fstat(fd, &st) < 0)
+ return 0;
+ /*
+ * if a key owned by the user is accessed, then we check the
+ * permissions of the file. if the key owned by a different user,
+ * then we don't care.
+ */
#ifdef HAVE_CYGWIN
if (check_ntsec(filename))
#endif
- if (fstat(fd, &st) < 0 ||
- (st.st_uid != 0 && getuid() != 0 && st.st_uid != getuid()) ||
- (st.st_mode & 077) != 0) {
- close(fd);
+ if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) {
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @");
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
- error("Bad ownership or mode(0%3.3o) for '%s'.",
+ error("Permissions 0%3.3o for '%s' are too open.",
st.st_mode & 0777, filename);
error("It is recommended that your private key files are NOT accessible by others.");
error("This private key will be ignored.");