diff options
author | Damien Miller <djm@mindrot.org> | 2012-11-04 22:23:14 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2012-11-04 22:23:14 +1100 |
commit | d0d1099b3b8a766480ce6df215631bf0af6e6bcd (patch) | |
tree | e29b37b3e3a9e8e14e78ddc5eb15005fe201717f | |
parent | f33580eed055472b9e5ca05f4826b05e9eacc651 (diff) |
- djm@cvs.openbsd.org 2012/11/04 10:38:43
[auth2-pubkey.c sshd.c sshd_config.5]
Remove default of AuthorizedCommandUser. Administrators are now expected
to explicitly specify a user. feedback and ok markus@
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | auth2-pubkey.c | 30 | ||||
-rw-r--r-- | sshd.c | 9 | ||||
-rw-r--r-- | sshd_config.5 | 5 |
4 files changed, 31 insertions, 17 deletions
@@ -3,6 +3,10 @@ | |||
3 | - jmc@cvs.openbsd.org 2012/10/31 08:04:50 | 3 | - jmc@cvs.openbsd.org 2012/10/31 08:04:50 |
4 | [sshd_config.5] | 4 | [sshd_config.5] |
5 | tweak previous; | 5 | tweak previous; |
6 | - djm@cvs.openbsd.org 2012/11/04 10:38:43 | ||
7 | [auth2-pubkey.c sshd.c sshd_config.5] | ||
8 | Remove default of AuthorizedCommandUser. Administrators are now expected | ||
9 | to explicitly specify a user. feedback and ok markus@ | ||
6 | 10 | ||
7 | 20121030 | 11 | 20121030 |
8 | - (djm) OpenBSD CVS Sync | 12 | - (djm) OpenBSD CVS Sync |
diff --git a/auth2-pubkey.c b/auth2-pubkey.c index ec8f75d57..6a6217017 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2-pubkey.c,v 1.31 2012/10/30 21:29:54 djm Exp $ */ | 1 | /* $OpenBSD: auth2-pubkey.c,v 1.32 2012/11/04 10:38:43 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -462,23 +462,27 @@ user_key_command_allowed2(struct passwd *user_pw, Key *key) | |||
462 | struct stat st; | 462 | struct stat st; |
463 | int status, devnull, p[2], i; | 463 | int status, devnull, p[2], i; |
464 | pid_t pid; | 464 | pid_t pid; |
465 | char errmsg[512]; | 465 | char *username, errmsg[512]; |
466 | 466 | ||
467 | if (options.authorized_keys_command == NULL || | 467 | if (options.authorized_keys_command == NULL || |
468 | options.authorized_keys_command[0] != '/') | 468 | options.authorized_keys_command[0] != '/') |
469 | return 0; | 469 | return 0; |
470 | 470 | ||
471 | /* If no user specified to run commands the default to target user */ | 471 | if (options.authorized_keys_command_user == NULL) { |
472 | if (options.authorized_keys_command_user == NULL) | 472 | error("No user for AuthorizedKeysCommand specified, skipping"); |
473 | pw = user_pw; | 473 | return 0; |
474 | else { | 474 | } |
475 | pw = getpwnam(options.authorized_keys_command_user); | 475 | |
476 | if (pw == NULL) { | 476 | username = percent_expand(options.authorized_keys_command_user, |
477 | error("AuthorizedKeyCommandUser \"%s\" not found: %s", | 477 | "u", user_pw->pw_name, (char *)NULL); |
478 | options.authorized_keys_command, strerror(errno)); | 478 | pw = getpwnam(username); |
479 | return 0; | 479 | if (pw == NULL) { |
480 | } | 480 | error("AuthorizedKeyCommandUser \"%s\" not found: %s", |
481 | options.authorized_keys_command, strerror(errno)); | ||
482 | free(username); | ||
483 | return 0; | ||
481 | } | 484 | } |
485 | free(username); | ||
482 | 486 | ||
483 | temporarily_use_uid(pw); | 487 | temporarily_use_uid(pw); |
484 | 488 | ||
@@ -517,6 +521,7 @@ user_key_command_allowed2(struct passwd *user_pw, Key *key) | |||
517 | for (i = 0; i < NSIG; i++) | 521 | for (i = 0; i < NSIG; i++) |
518 | signal(i, SIG_DFL); | 522 | signal(i, SIG_DFL); |
519 | 523 | ||
524 | closefrom(STDERR_FILENO + 1); | ||
520 | /* Don't use permanently_set_uid() here to avoid fatal() */ | 525 | /* Don't use permanently_set_uid() here to avoid fatal() */ |
521 | if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) { | 526 | if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) { |
522 | error("setresgid %u: %s", (u_int)pw->pw_gid, | 527 | error("setresgid %u: %s", (u_int)pw->pw_gid, |
@@ -541,7 +546,6 @@ user_key_command_allowed2(struct passwd *user_pw, Key *key) | |||
541 | error("%s: dup2: %s", __func__, strerror(errno)); | 546 | error("%s: dup2: %s", __func__, strerror(errno)); |
542 | _exit(1); | 547 | _exit(1); |
543 | } | 548 | } |
544 | closefrom(STDERR_FILENO + 1); | ||
545 | 549 | ||
546 | execl(options.authorized_keys_command, | 550 | execl(options.authorized_keys_command, |
547 | options.authorized_keys_command, pw->pw_name, NULL); | 551 | options.authorized_keys_command, pw->pw_name, NULL); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshd.c,v 1.394 2012/10/30 21:29:55 djm Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.395 2012/11/04 10:38:43 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -1559,6 +1559,13 @@ main(int ac, char **av) | |||
1559 | if (options.challenge_response_authentication) | 1559 | if (options.challenge_response_authentication) |
1560 | options.kbd_interactive_authentication = 1; | 1560 | options.kbd_interactive_authentication = 1; |
1561 | 1561 | ||
1562 | /* Check that options are sensible */ | ||
1563 | if (options.authorized_keys_command_user == NULL && | ||
1564 | (options.authorized_keys_command != NULL && | ||
1565 | strcasecmp(options.authorized_keys_command, "none") != 0)) | ||
1566 | fatal("AuthorizedKeysCommand set without " | ||
1567 | "AuthorizedKeysCommandUser"); | ||
1568 | |||
1562 | /* set default channel AF */ | 1569 | /* set default channel AF */ |
1563 | channel_set_af(options.address_family); | 1570 | channel_set_af(options.address_family); |
1564 | 1571 | ||
diff --git a/sshd_config.5 b/sshd_config.5 index 3cc901a82..0fb0b837d 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd_config.5,v 1.147 2012/10/31 08:04:50 jmc Exp $ | 36 | .\" $OpenBSD: sshd_config.5,v 1.148 2012/11/04 10:38:43 djm Exp $ |
37 | .Dd $Mdocdate: October 31 2012 $ | 37 | .Dd $Mdocdate: November 4 2012 $ |
38 | .Dt SSHD_CONFIG 5 | 38 | .Dt SSHD_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -166,7 +166,6 @@ files. | |||
166 | By default, no AuthorizedKeysCommand is run. | 166 | By default, no AuthorizedKeysCommand is run. |
167 | .It Cm AuthorizedKeysCommandUser | 167 | .It Cm AuthorizedKeysCommandUser |
168 | Specifies the user under whose account the AuthorizedKeysCommand is run. | 168 | Specifies the user under whose account the AuthorizedKeysCommand is run. |
169 | The default is the user being authenticated. | ||
170 | It is recommended to use a dedicated user that has no other role on the host | 169 | It is recommended to use a dedicated user that has no other role on the host |
171 | than running authorized keys commands. | 170 | than running authorized keys commands. |
172 | .It Cm AuthorizedKeysFile | 171 | .It Cm AuthorizedKeysFile |