[src/trunk]: src/lib/libpam/modules/pam_ssh Revert previous. This is not the ...

[christos <christos%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/a1bf1ffb7237
branches:  trunk
changeset: 574818:a1bf1ffb7237
user:      christos <christos%NetBSD.org@localhost>
date:      Mon Mar 14 05:40:35 2005 +0000

description:
Revert previous. This is not the right fix.

diffstat:

 lib/libpam/modules/pam_ssh/pam_ssh.c |  17 +++++------------
 1 files changed, 5 insertions(+), 12 deletions(-)

diffs (68 lines):

diff -r 3cbe541673e7 -r a1bf1ffb7237 lib/libpam/modules/pam_ssh/pam_ssh.c
--- a/lib/libpam/modules/pam_ssh/pam_ssh.c      Mon Mar 14 05:35:23 2005 +0000
+++ b/lib/libpam/modules/pam_ssh/pam_ssh.c      Mon Mar 14 05:40:35 2005 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: pam_ssh.c,v 1.5 2005/03/14 05:35:23 christos Exp $     */
+/*     $NetBSD: pam_ssh.c,v 1.6 2005/03/14 05:40:35 christos Exp $     */
 
 /*-
  * Copyright (c) 2003 Networks Associates Technology, Inc.
@@ -38,7 +38,7 @@
 #ifdef __FreeBSD__
 __FBSDID("$FreeBSD: src/lib/libpam/modules/pam_ssh/pam_ssh.c,v 1.40 2004/02/10 10:13:21 des Exp $");
 #else
-__RCSID("$NetBSD: pam_ssh.c,v 1.5 2005/03/14 05:35:23 christos Exp $");
+__RCSID("$NetBSD: pam_ssh.c,v 1.6 2005/03/14 05:40:35 christos Exp $");
 #endif
 
 #include <sys/param.h>
@@ -63,7 +63,6 @@
 #include <openssl/evp.h>
 
 #include "key.h"
-#include "auth.h"
 #include "authfd.h"
 #include "authfile.h"
 
@@ -94,15 +93,14 @@
  * struct pam_ssh_key containing the key and its comment.
  */
 static struct pam_ssh_key *
-pam_ssh_load_key(struct passwd *pwd, const char *kfn, const char *passphrase)
+pam_ssh_load_key(const char *dir, const char *kfn, const char *passphrase)
 {
        struct pam_ssh_key *psk;
        char fn[PATH_MAX];
        char *comment;
        Key *key;
 
-       if (snprintf(fn, sizeof(fn), "%s/%s", pwd->pw_dir, kfn) >
-           (int)sizeof(fn))
+       if (snprintf(fn, sizeof(fn), "%s/%s", dir, kfn) > (int)sizeof(fn))
                return (NULL);
        comment = NULL;
        key = key_load_private(fn, passphrase, &comment);
@@ -110,14 +108,9 @@
                openpam_log(PAM_LOG_DEBUG, "failed to load key from %s\n", fn);
                return (NULL);
        }
-       if (!user_key_allowed(pwd, key)) {
-               openpam_log(PAM_LOG_DEBUG, "key from %s not authorized\n", fn);
-               goto out;
-       }
 
        openpam_log(PAM_LOG_DEBUG, "loaded '%s' from %s\n", comment, fn);
        if ((psk = malloc(sizeof(*psk))) == NULL) {
-out:
                key_free(key);
                free(comment);
                return (NULL);
@@ -197,7 +190,7 @@
        /* try to load keys from all keyfiles we know of */
        nkeys = 0;
        for (kfn = pam_ssh_keyfiles; *kfn != NULL; ++kfn) {
-               psk = pam_ssh_load_key(pwd, *kfn, passphrase);
+               psk = pam_ssh_load_key(pwd->pw_dir, *kfn, passphrase);
                if (psk != NULL) {
                        pam_set_data(pamh, *kfn, psk, pam_ssh_free_key);
                        ++nkeys;