diff options
| author | Ben Lindstrom <mouring@eviladmin.org> | 2001-06-25 04:30:16 +0000 |
|---|---|---|
| committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-06-25 04:30:16 +0000 |
| commit | 83647ce474c37c8533e2aaf02f7366fbc0602ad9 (patch) | |
| tree | 940fb5b1b82e7714a67188b8758d05674f935697 | |
| parent | 7d5ed3a07b0f00e961d636514ac42d4f1bc57a3e (diff) | |
- markus@cvs.openbsd.org 2001/06/23 00:20:57
[auth2.c auth.c auth.h auth-rh-rsa.c]
*known_hosts2 is obsolete for hostbased authentication and
only used for backward compat. merge ssh1/2 hostkey check
and move it to auth.c
| -rw-r--r-- | ChangeLog | 7 | ||||
| -rw-r--r-- | auth-rh-rsa.c | 35 | ||||
| -rw-r--r-- | auth.c | 43 | ||||
| -rw-r--r-- | auth.h | 10 | ||||
| -rw-r--r-- | auth2.c | 42 |
5 files changed, 73 insertions, 64 deletions
| @@ -38,6 +38,11 @@ | |||
| 38 | - deraadt@cvs.openbsd.org 2001/06/23 00:16:16 | 38 | - deraadt@cvs.openbsd.org 2001/06/23 00:16:16 |
| 39 | [scp.c] | 39 | [scp.c] |
| 40 | slightly better care | 40 | slightly better care |
| 41 | - markus@cvs.openbsd.org 2001/06/23 00:20:57 | ||
| 42 | [auth2.c auth.c auth.h auth-rh-rsa.c] | ||
| 43 | *known_hosts2 is obsolete for hostbased authentication and | ||
| 44 | only used for backward compat. merge ssh1/2 hostkey check | ||
| 45 | and move it to auth.c | ||
| 41 | 46 | ||
| 42 | 20010622 | 47 | 20010622 |
| 43 | - (stevesk) handle systems without pw_expire and pw_change. | 48 | - (stevesk) handle systems without pw_expire and pw_change. |
| @@ -5722,4 +5727,4 @@ | |||
| 5722 | - Wrote replacements for strlcpy and mkdtemp | 5727 | - Wrote replacements for strlcpy and mkdtemp |
| 5723 | - Released 1.0pre1 | 5728 | - Released 1.0pre1 |
| 5724 | 5729 | ||
| 5725 | $Id: ChangeLog,v 1.1306 2001/06/25 04:28:30 mouring Exp $ | 5730 | $Id: ChangeLog,v 1.1307 2001/06/25 04:30:16 mouring Exp $ |
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c index 506a5a239..870436b55 100644 --- a/auth-rh-rsa.c +++ b/auth-rh-rsa.c | |||
| @@ -13,7 +13,7 @@ | |||
| 13 | */ | 13 | */ |
| 14 | 14 | ||
| 15 | #include "includes.h" | 15 | #include "includes.h" |
| 16 | RCSID("$OpenBSD: auth-rh-rsa.c,v 1.23 2001/04/06 21:00:04 markus Exp $"); | 16 | RCSID("$OpenBSD: auth-rh-rsa.c,v 1.24 2001/06/23 00:20:57 markus Exp $"); |
| 17 | 17 | ||
| 18 | #include "packet.h" | 18 | #include "packet.h" |
| 19 | #include "xmalloc.h" | 19 | #include "xmalloc.h" |
| @@ -38,7 +38,7 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key | |||
| 38 | extern ServerOptions options; | 38 | extern ServerOptions options; |
| 39 | const char *canonical_hostname; | 39 | const char *canonical_hostname; |
| 40 | HostStatus host_status; | 40 | HostStatus host_status; |
| 41 | Key *client_key, *found; | 41 | Key *client_key; |
| 42 | 42 | ||
| 43 | debug("Trying rhosts with RSA host authentication for client user %.100s", client_user); | 43 | debug("Trying rhosts with RSA host authentication for client user %.100s", client_user); |
| 44 | 44 | ||
| @@ -58,37 +58,12 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key | |||
| 58 | client_key = key_new(KEY_RSA1); | 58 | client_key = key_new(KEY_RSA1); |
| 59 | BN_copy(client_key->rsa->e, client_host_key->e); | 59 | BN_copy(client_key->rsa->e, client_host_key->e); |
| 60 | BN_copy(client_key->rsa->n, client_host_key->n); | 60 | BN_copy(client_key->rsa->n, client_host_key->n); |
| 61 | found = key_new(KEY_RSA1); | ||
| 62 | 61 | ||
| 63 | /* Check if we know the host and its host key. */ | 62 | host_status = check_key_in_hostfiles(pw, client_key, canonical_hostname, |
| 64 | host_status = check_host_in_hostfile(_PATH_SSH_SYSTEM_HOSTFILE, canonical_hostname, | 63 | _PATH_SSH_SYSTEM_HOSTFILE, |
| 65 | client_key, found, NULL); | 64 | options.ignore_user_known_hosts ? _PATH_SSH_USER_HOSTFILE : NULL); |
| 66 | 65 | ||
| 67 | /* Check user host file unless ignored. */ | ||
| 68 | if (host_status != HOST_OK && !options.ignore_user_known_hosts) { | ||
| 69 | struct stat st; | ||
| 70 | char *user_hostfile = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid); | ||
| 71 | /* | ||
| 72 | * Check file permissions of _PATH_SSH_USER_HOSTFILE, auth_rsa() | ||
| 73 | * did already check pw->pw_dir, but there is a race XXX | ||
| 74 | */ | ||
| 75 | if (options.strict_modes && | ||
| 76 | (stat(user_hostfile, &st) == 0) && | ||
| 77 | ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || | ||
| 78 | (st.st_mode & 022) != 0)) { | ||
| 79 | log("Rhosts RSA authentication refused for %.100s: bad owner or modes for %.200s", | ||
| 80 | pw->pw_name, user_hostfile); | ||
| 81 | } else { | ||
| 82 | /* XXX race between stat and the following open() */ | ||
| 83 | temporarily_use_uid(pw); | ||
| 84 | host_status = check_host_in_hostfile(user_hostfile, canonical_hostname, | ||
| 85 | client_key, found, NULL); | ||
| 86 | restore_uid(); | ||
| 87 | } | ||
| 88 | xfree(user_hostfile); | ||
| 89 | } | ||
| 90 | key_free(client_key); | 66 | key_free(client_key); |
| 91 | key_free(found); | ||
| 92 | 67 | ||
| 93 | if (host_status != HOST_OK) { | 68 | if (host_status != HOST_OK) { |
| 94 | debug("Rhosts with RSA host authentication denied: unknown or invalid host key"); | 69 | debug("Rhosts with RSA host authentication denied: unknown or invalid host key"); |
| @@ -23,7 +23,7 @@ | |||
| 23 | */ | 23 | */ |
| 24 | 24 | ||
| 25 | #include "includes.h" | 25 | #include "includes.h" |
| 26 | RCSID("$OpenBSD: auth.c,v 1.23 2001/05/24 11:12:42 markus Exp $"); | 26 | RCSID("$OpenBSD: auth.c,v 1.24 2001/06/23 00:20:57 markus Exp $"); |
| 27 | 27 | ||
| 28 | #ifdef HAVE_LOGIN_H | 28 | #ifdef HAVE_LOGIN_H |
| 29 | #include <login.h> | 29 | #include <login.h> |
| @@ -46,6 +46,8 @@ RCSID("$OpenBSD: auth.c,v 1.23 2001/05/24 11:12:42 markus Exp $"); | |||
| 46 | #include "canohost.h" | 46 | #include "canohost.h" |
| 47 | #include "buffer.h" | 47 | #include "buffer.h" |
| 48 | #include "bufaux.h" | 48 | #include "bufaux.h" |
| 49 | #include "uidswap.h" | ||
| 50 | #include "tildexpand.h" | ||
| 49 | 51 | ||
| 50 | /* import */ | 52 | /* import */ |
| 51 | extern ServerOptions options; | 53 | extern ServerOptions options; |
| @@ -297,6 +299,45 @@ authorized_keys_file2(struct passwd *pw) | |||
| 297 | return expand_filename(options.authorized_keys_file2, pw); | 299 | return expand_filename(options.authorized_keys_file2, pw); |
| 298 | } | 300 | } |
| 299 | 301 | ||
| 302 | /* return ok if key exists in sysfile or userfile */ | ||
| 303 | HostStatus | ||
| 304 | check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, | ||
| 305 | const char *sysfile, const char *userfile) | ||
| 306 | { | ||
| 307 | Key *found; | ||
| 308 | char *user_hostfile; | ||
| 309 | struct stat st; | ||
| 310 | int host_status; | ||
| 311 | |||
| 312 | /* Check if we know the host and its host key. */ | ||
| 313 | found = key_new(key->type); | ||
| 314 | host_status = check_host_in_hostfile(sysfile, host, key, found, NULL); | ||
| 315 | |||
| 316 | if (host_status != HOST_OK && userfile != NULL) { | ||
| 317 | user_hostfile = tilde_expand_filename(userfile, pw->pw_uid); | ||
| 318 | if (options.strict_modes && | ||
| 319 | (stat(user_hostfile, &st) == 0) && | ||
| 320 | ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || | ||
| 321 | (st.st_mode & 022) != 0)) { | ||
| 322 | log("Authentication refused for %.100s: " | ||
| 323 | "bad owner or modes for %.200s", | ||
| 324 | pw->pw_name, user_hostfile); | ||
| 325 | } else { | ||
| 326 | temporarily_use_uid(pw); | ||
| 327 | host_status = check_host_in_hostfile(user_hostfile, | ||
| 328 | host, key, found, NULL); | ||
| 329 | restore_uid(); | ||
| 330 | } | ||
| 331 | xfree(user_hostfile); | ||
| 332 | } | ||
| 333 | key_free(found); | ||
| 334 | |||
| 335 | debug2("check_key_in_hostfiles: key %s for %s", host_status == HOST_OK ? | ||
| 336 | "ok" : "not found", host); | ||
| 337 | return host_status; | ||
| 338 | } | ||
| 339 | |||
| 340 | |||
| 300 | /* | 341 | /* |
| 301 | * Check a given file for security. This is defined as all components | 342 | * Check a given file for security. This is defined as all components |
| 302 | * of the path to the file must either be owned by either the owner of | 343 | * of the path to the file must either be owned by either the owner of |
| @@ -21,11 +21,13 @@ | |||
| 21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 23 | * | 23 | * |
| 24 | * $OpenBSD: auth.h,v 1.17 2001/05/20 17:20:35 markus Exp $ | 24 | * $OpenBSD: auth.h,v 1.18 2001/06/23 00:20:58 markus Exp $ |
| 25 | */ | 25 | */ |
| 26 | #ifndef AUTH_H | 26 | #ifndef AUTH_H |
| 27 | #define AUTH_H | 27 | #define AUTH_H |
| 28 | 28 | ||
| 29 | #include "key.h" | ||
| 30 | #include "hostfile.h" | ||
| 29 | #include <openssl/rsa.h> | 31 | #include <openssl/rsa.h> |
| 30 | 32 | ||
| 31 | #ifdef HAVE_LOGIN_CAP | 33 | #ifdef HAVE_LOGIN_CAP |
| @@ -159,7 +161,6 @@ int verify_response(Authctxt *authctxt, const char *response); | |||
| 159 | 161 | ||
| 160 | struct passwd * auth_get_user(void); | 162 | struct passwd * auth_get_user(void); |
| 161 | 163 | ||
| 162 | |||
| 163 | /* expand a filename - return buffer is allocated by xmalloc */ | 164 | /* expand a filename - return buffer is allocated by xmalloc */ |
| 164 | char *expand_filename(const char *template, struct passwd *pw); | 165 | char *expand_filename(const char *template, struct passwd *pw); |
| 165 | char *authorized_keys_file(struct passwd *pw); | 166 | char *authorized_keys_file(struct passwd *pw); |
| @@ -169,6 +170,11 @@ char *authorized_keys_file2(struct passwd *pw); | |||
| 169 | int | 170 | int |
| 170 | secure_filename(FILE *f, const char *file, uid_t u, char *err, size_t errlen); | 171 | secure_filename(FILE *f, const char *file, uid_t u, char *err, size_t errlen); |
| 171 | 172 | ||
| 173 | /* helper for hostbased auth */ | ||
| 174 | HostStatus | ||
| 175 | check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, | ||
| 176 | const char *sysfile, const char *userfile); | ||
| 177 | |||
| 172 | #define AUTH_FAIL_MAX 6 | 178 | #define AUTH_FAIL_MAX 6 |
| 173 | #define AUTH_FAIL_LOG (AUTH_FAIL_MAX/2) | 179 | #define AUTH_FAIL_LOG (AUTH_FAIL_MAX/2) |
| 174 | #define AUTH_FAIL_MSG "Too many authentication failures for %.100s" | 180 | #define AUTH_FAIL_MSG "Too many authentication failures for %.100s" |
| @@ -23,7 +23,7 @@ | |||
| 23 | */ | 23 | */ |
| 24 | 24 | ||
| 25 | #include "includes.h" | 25 | #include "includes.h" |
| 26 | RCSID("$OpenBSD: auth2.c,v 1.63 2001/06/22 21:55:49 markus Exp $"); | 26 | RCSID("$OpenBSD: auth2.c,v 1.64 2001/06/23 00:20:58 markus Exp $"); |
| 27 | 27 | ||
| 28 | #include <openssl/evp.h> | 28 | #include <openssl/evp.h> |
| 29 | 29 | ||
| @@ -761,10 +761,7 @@ int | |||
| 761 | hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, | 761 | hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, |
| 762 | Key *key) | 762 | Key *key) |
| 763 | { | 763 | { |
| 764 | Key *found; | ||
| 765 | const char *resolvedname, *ipaddr, *lookup; | 764 | const char *resolvedname, *ipaddr, *lookup; |
| 766 | struct stat st; | ||
| 767 | char *user_hostfile; | ||
| 768 | int host_status, len; | 765 | int host_status, len; |
| 769 | 766 | ||
| 770 | resolvedname = get_canonical_hostname(options.reverse_mapping_check); | 767 | resolvedname = get_canonical_hostname(options.reverse_mapping_check); |
| @@ -792,32 +789,17 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, | |||
| 792 | } | 789 | } |
| 793 | debug2("userauth_hostbased: access allowed by auth_rhosts2"); | 790 | debug2("userauth_hostbased: access allowed by auth_rhosts2"); |
| 794 | 791 | ||
| 795 | /* XXX this is copied from auth-rh-rsa.c and should be shared */ | 792 | host_status = check_key_in_hostfiles(pw, key, lookup, |
| 796 | found = key_new(key->type); | 793 | _PATH_SSH_SYSTEM_HOSTFILE, |
| 797 | host_status = check_host_in_hostfile(_PATH_SSH_SYSTEM_HOSTFILE2, lookup, | 794 | options.ignore_user_known_hosts ? _PATH_SSH_USER_HOSTFILE : NULL); |
| 798 | key, found, NULL); | 795 | |
| 799 | 796 | /* backward compat if no key has been found. */ | |
| 800 | if (host_status != HOST_OK && !options.ignore_user_known_hosts) { | 797 | if (host_status == HOST_NEW) |
| 801 | user_hostfile = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE2, | 798 | host_status = check_key_in_hostfiles(pw, key, lookup, |
| 802 | pw->pw_uid); | 799 | _PATH_SSH_SYSTEM_HOSTFILE2, |
| 803 | if (options.strict_modes && | 800 | options.ignore_user_known_hosts ? _PATH_SSH_USER_HOSTFILE2 : |
| 804 | (stat(user_hostfile, &st) == 0) && | 801 | NULL); |
| 805 | ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || | ||
| 806 | (st.st_mode & 022) != 0)) { | ||
| 807 | log("Hostbased authentication refused for %.100s: " | ||
| 808 | "bad owner or modes for %.200s", | ||
| 809 | pw->pw_name, user_hostfile); | ||
| 810 | } else { | ||
| 811 | temporarily_use_uid(pw); | ||
| 812 | host_status = check_host_in_hostfile(user_hostfile, | ||
| 813 | lookup, key, found, NULL); | ||
| 814 | restore_uid(); | ||
| 815 | } | ||
| 816 | xfree(user_hostfile); | ||
| 817 | } | ||
| 818 | key_free(found); | ||
| 819 | 802 | ||
| 820 | debug2("userauth_hostbased: key %s for %s", host_status == HOST_OK ? | ||
| 821 | "ok" : "not found", lookup); | ||
| 822 | return (host_status == HOST_OK); | 803 | return (host_status == HOST_OK); |
| 823 | } | 804 | } |
| 805 | |||