Skip to content

Commit 9b344f4

Browse files
committed
add windows specific code back into method moved from auth.c to auth2-pubkeyfile.c
1 parent 5e2b081 commit 9b344f4

File tree

1 file changed

+18
-0
lines changed

1 file changed

+18
-0
lines changed

auth2-pubkeyfile.c

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -448,6 +448,23 @@ auth_openfile(const char *file, struct passwd *pw, int strict_modes,
448448
int fd;
449449
FILE *f;
450450

451+
#ifdef WINDOWS
452+
/* Windows POSIX adapter does not support fdopen() on open(file)*/
453+
if ((f = fopen(file, "r")) == NULL) {
454+
debug("Could not open %s '%s': %s", file_type, file,
455+
strerror(errno));
456+
return NULL;
457+
}
458+
459+
// read permissions for non-admin/non-system accounts are allowed.
460+
// Unix does safe_path_fd() which allows 022 file permissions i.e., allowing read for other users.
461+
if (strict_modes && check_secure_file_permission(file, pw, 1) != 0) {
462+
fclose(f);
463+
logit("Authentication refused.");
464+
auth_debug_add("Ignored %s", file_type);
465+
return NULL;
466+
}
467+
#else /* !WINDOWS */
451468
if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1) {
452469
if (errno != ENOENT) {
453470
logit("Could not open user '%s' %s '%s': %s",
@@ -481,6 +498,7 @@ auth_openfile(const char *file, struct passwd *pw, int strict_modes,
481498
auth_debug_add("Ignored %s: %s", file_type, line);
482499
return NULL;
483500
}
501+
#endif /* !WINDOWS */
484502

485503
return f;
486504
}

0 commit comments

Comments
 (0)