diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2001-02-15 03:08:27 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-02-15 03:08:27 +0000 |
commit | d8a9021f3652d8ab99d0fed2460420c3eb4e10a2 (patch) | |
tree | a736e9a286d99325d80815c85f3353c1fa347d82 | |
parent | 06b33aa0e83163f3dcd679317afec1ee95910512 (diff) |
- markus@cvs.openbsd.org 2001/02/12 16:16:23
[auth-passwd.c auth.c auth.h auth1.c auth2.c servconf.c servconf.h
ssh-keygen.c sshd.8]
PermitRootLogin={yes,without-password,forced-commands-only,no}
(before this change, root could login even if PermitRootLogin==no)
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | auth-passwd.c | 4 | ||||
-rw-r--r-- | auth.c | 29 | ||||
-rw-r--r-- | auth.h | 4 | ||||
-rw-r--r-- | auth1.c | 5 | ||||
-rw-r--r-- | auth2.c | 5 | ||||
-rw-r--r-- | servconf.c | 21 | ||||
-rw-r--r-- | servconf.h | 12 | ||||
-rw-r--r-- | ssh-keygen.c | 3 | ||||
-rw-r--r-- | sshd.8 | 21 |
10 files changed, 71 insertions, 40 deletions
@@ -15,6 +15,11 @@ | |||
15 | 3) or the 'MACs' keyword in ssh(d)_config | 15 | 3) or the 'MACs' keyword in ssh(d)_config |
16 | 4) add hmac-{md5,sha1}-96 | 16 | 4) add hmac-{md5,sha1}-96 |
17 | ok stevesk@, provos@ | 17 | ok stevesk@, provos@ |
18 | - markus@cvs.openbsd.org 2001/02/12 16:16:23 | ||
19 | [auth-passwd.c auth.c auth.h auth1.c auth2.c servconf.c servconf.h | ||
20 | ssh-keygen.c sshd.8] | ||
21 | PermitRootLogin={yes,without-password,forced-commands-only,no} | ||
22 | (before this change, root could login even if PermitRootLogin==no) | ||
18 | 23 | ||
19 | 20010214 | 24 | 20010214 |
20 | - (djm) Don't try to close PAM session or delete credentials if the | 25 | - (djm) Don't try to close PAM session or delete credentials if the |
@@ -3943,4 +3948,4 @@ | |||
3943 | - Wrote replacements for strlcpy and mkdtemp | 3948 | - Wrote replacements for strlcpy and mkdtemp |
3944 | - Released 1.0pre1 | 3949 | - Released 1.0pre1 |
3945 | 3950 | ||
3946 | $Id: ChangeLog,v 1.763 2001/02/15 03:01:59 mouring Exp $ | 3951 | $Id: ChangeLog,v 1.764 2001/02/15 03:08:27 mouring Exp $ |
diff --git a/auth-passwd.c b/auth-passwd.c index 9f763267f..c849abdcc 100644 --- a/auth-passwd.c +++ b/auth-passwd.c | |||
@@ -36,7 +36,7 @@ | |||
36 | */ | 36 | */ |
37 | 37 | ||
38 | #include "includes.h" | 38 | #include "includes.h" |
39 | RCSID("$OpenBSD: auth-passwd.c,v 1.20 2001/01/21 19:05:42 markus Exp $"); | 39 | RCSID("$OpenBSD: auth-passwd.c,v 1.21 2001/02/12 16:16:23 markus Exp $"); |
40 | 40 | ||
41 | #if !defined(USE_PAM) && !defined(HAVE_OSF_SIA) | 41 | #if !defined(USE_PAM) && !defined(HAVE_OSF_SIA) |
42 | 42 | ||
@@ -110,7 +110,7 @@ auth_password(struct passwd * pw, const char *password) | |||
110 | if (pw == NULL) | 110 | if (pw == NULL) |
111 | return 0; | 111 | return 0; |
112 | #ifndef HAVE_CYGWIN | 112 | #ifndef HAVE_CYGWIN |
113 | if (pw->pw_uid == 0 && options.permit_root_login == 2) | 113 | if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) |
114 | return 0; | 114 | return 0; |
115 | #endif | 115 | #endif |
116 | #ifdef HAVE_CYGWIN | 116 | #ifdef HAVE_CYGWIN |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: auth.c,v 1.16 2001/02/04 15:32:22 stevesk Exp $"); | 26 | RCSID("$OpenBSD: auth.c,v 1.17 2001/02/12 16:16:23 markus Exp $"); |
27 | 27 | ||
28 | #ifdef HAVE_LOGIN_H | 28 | #ifdef HAVE_LOGIN_H |
29 | #include <login.h> | 29 | #include <login.h> |
@@ -216,19 +216,26 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) | |||
216 | } | 216 | } |
217 | 217 | ||
218 | /* | 218 | /* |
219 | * Check if the user is logging in as root and root logins are disallowed. | 219 | * Check whether root logins are disallowed. |
220 | * Note that root login is _allways_ allowed for forced commands. | ||
221 | */ | 220 | */ |
222 | int | 221 | int |
223 | auth_root_allowed(void) | 222 | auth_root_allowed(char *method) |
224 | { | 223 | { |
225 | if (options.permit_root_login) | 224 | switch (options.permit_root_login) { |
225 | case PERMIT_YES: | ||
226 | return 1; | 226 | return 1; |
227 | if (forced_command) { | 227 | break; |
228 | log("Root login accepted for forced command."); | 228 | case PERMIT_NO_PASSWD: |
229 | return 1; | 229 | if (strcmp(method, "password") != 0) |
230 | } else { | 230 | return 1; |
231 | log("ROOT LOGIN REFUSED FROM %.200s", get_remote_ipaddr()); | 231 | break; |
232 | return 0; | 232 | case PERMIT_FORCED_ONLY: |
233 | if (forced_command) { | ||
234 | log("Root login accepted for forced command."); | ||
235 | return 1; | ||
236 | } | ||
237 | break; | ||
233 | } | 238 | } |
239 | log("ROOT LOGIN REFUSED FROM %.200s", get_remote_ipaddr()); | ||
240 | return 0; | ||
234 | } | 241 | } |
@@ -21,7 +21,7 @@ | |||
21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
23 | * | 23 | * |
24 | * $OpenBSD: auth.h,v 1.10 2001/01/21 19:05:43 markus Exp $ | 24 | * $OpenBSD: auth.h,v 1.11 2001/02/12 16:16:23 markus Exp $ |
25 | */ | 25 | */ |
26 | #ifndef AUTH_H | 26 | #ifndef AUTH_H |
27 | #define AUTH_H | 27 | #define AUTH_H |
@@ -112,7 +112,7 @@ void do_authentication2(void); | |||
112 | Authctxt *authctxt_new(void); | 112 | Authctxt *authctxt_new(void); |
113 | void auth_log(Authctxt *authctxt, int authenticated, char *method, char *info); | 113 | void auth_log(Authctxt *authctxt, int authenticated, char *method, char *info); |
114 | void userauth_reply(Authctxt *authctxt, int authenticated); | 114 | void userauth_reply(Authctxt *authctxt, int authenticated); |
115 | int auth_root_allowed(void); | 115 | int auth_root_allowed(char *method); |
116 | 116 | ||
117 | int auth2_challenge(Authctxt *authctxt, char *devs); | 117 | int auth2_challenge(Authctxt *authctxt, char *devs); |
118 | 118 | ||
@@ -10,7 +10,7 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include "includes.h" | 12 | #include "includes.h" |
13 | RCSID("$OpenBSD: auth1.c,v 1.15 2001/02/07 22:35:45 markus Exp $"); | 13 | RCSID("$OpenBSD: auth1.c,v 1.16 2001/02/12 16:16:23 markus Exp $"); |
14 | 14 | ||
15 | #include "xmalloc.h" | 15 | #include "xmalloc.h" |
16 | #include "rsa.h" | 16 | #include "rsa.h" |
@@ -316,7 +316,8 @@ do_authloop(Authctxt *authctxt) | |||
316 | } | 316 | } |
317 | #else | 317 | #else |
318 | /* Special handling for root */ | 318 | /* Special handling for root */ |
319 | if (authenticated && authctxt->pw->pw_uid == 0 && !auth_root_allowed()) | 319 | if (authenticated && authctxt->pw->pw_uid == 0 && |
320 | !auth_root_allowed(get_authname(type))) | ||
320 | authenticated = 0; | 321 | authenticated = 0; |
321 | #endif | 322 | #endif |
322 | #ifdef USE_PAM | 323 | #ifdef USE_PAM |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: auth2.c,v 1.40 2001/02/10 12:52:02 markus Exp $"); | 26 | RCSID("$OpenBSD: auth2.c,v 1.41 2001/02/12 16:16:23 markus Exp $"); |
27 | 27 | ||
28 | #include <openssl/evp.h> | 28 | #include <openssl/evp.h> |
29 | 29 | ||
@@ -230,7 +230,8 @@ input_userauth_request(int type, int plen, void *ctxt) | |||
230 | authctxt->user); | 230 | authctxt->user); |
231 | 231 | ||
232 | /* Special handling for root */ | 232 | /* Special handling for root */ |
233 | if (authenticated && authctxt->pw->pw_uid == 0 && !auth_root_allowed()) | 233 | if (authenticated && authctxt->pw->pw_uid == 0 && |
234 | !auth_root_allowed(method)) | ||
234 | authenticated = 0; | 235 | authenticated = 0; |
235 | 236 | ||
236 | #ifdef USE_PAM | 237 | #ifdef USE_PAM |
diff --git a/servconf.c b/servconf.c index 43a2c111e..27c8671cf 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -10,7 +10,7 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include "includes.h" | 12 | #include "includes.h" |
13 | RCSID("$OpenBSD: servconf.c,v 1.66 2001/02/11 12:59:25 markus Exp $"); | 13 | RCSID("$OpenBSD: servconf.c,v 1.67 2001/02/12 16:16:23 markus Exp $"); |
14 | 14 | ||
15 | #ifdef KRB4 | 15 | #ifdef KRB4 |
16 | #include <krb.h> | 16 | #include <krb.h> |
@@ -51,7 +51,7 @@ initialize_server_options(ServerOptions *options) | |||
51 | options->server_key_bits = -1; | 51 | options->server_key_bits = -1; |
52 | options->login_grace_time = -1; | 52 | options->login_grace_time = -1; |
53 | options->key_regeneration_time = -1; | 53 | options->key_regeneration_time = -1; |
54 | options->permit_root_login = -1; | 54 | options->permit_root_login = PERMIT_NOT_SET; |
55 | options->ignore_rhosts = -1; | 55 | options->ignore_rhosts = -1; |
56 | options->ignore_user_known_hosts = -1; | 56 | options->ignore_user_known_hosts = -1; |
57 | options->print_motd = -1; | 57 | options->print_motd = -1; |
@@ -122,8 +122,8 @@ fill_default_server_options(ServerOptions *options) | |||
122 | options->login_grace_time = 600; | 122 | options->login_grace_time = 600; |
123 | if (options->key_regeneration_time == -1) | 123 | if (options->key_regeneration_time == -1) |
124 | options->key_regeneration_time = 3600; | 124 | options->key_regeneration_time = 3600; |
125 | if (options->permit_root_login == -1) | 125 | if (options->permit_root_login == PERMIT_NOT_SET) |
126 | options->permit_root_login = 1; /* yes */ | 126 | options->permit_root_login = PERMIT_YES; |
127 | if (options->ignore_rhosts == -1) | 127 | if (options->ignore_rhosts == -1) |
128 | options->ignore_rhosts = 1; | 128 | options->ignore_rhosts = 1; |
129 | if (options->ignore_user_known_hosts == -1) | 129 | if (options->ignore_user_known_hosts == -1) |
@@ -453,14 +453,17 @@ parse_filename: | |||
453 | exit(1); | 453 | exit(1); |
454 | } | 454 | } |
455 | if (strcmp(arg, "without-password") == 0) | 455 | if (strcmp(arg, "without-password") == 0) |
456 | value = 2; | 456 | value = PERMIT_NO_PASSWD; |
457 | else if (strcmp(arg, "forced-commands-only") == 0) | ||
458 | value = PERMIT_FORCED_ONLY; | ||
457 | else if (strcmp(arg, "yes") == 0) | 459 | else if (strcmp(arg, "yes") == 0) |
458 | value = 1; | 460 | value = PERMIT_YES; |
459 | else if (strcmp(arg, "no") == 0) | 461 | else if (strcmp(arg, "no") == 0) |
460 | value = 0; | 462 | value = PERMIT_NO; |
461 | else { | 463 | else { |
462 | fprintf(stderr, "%s line %d: Bad yes/without-password/no argument: %s\n", | 464 | fprintf(stderr, "%s line %d: Bad yes/" |
463 | filename, linenum, arg); | 465 | "without-password/forced-commands-only/no " |
466 | "argument: %s\n", filename, linenum, arg); | ||
464 | exit(1); | 467 | exit(1); |
465 | } | 468 | } |
466 | if (*intptr == -1) | 469 | if (*intptr == -1) |
diff --git a/servconf.h b/servconf.h index 8236a6391..1009ce217 100644 --- a/servconf.h +++ b/servconf.h | |||
@@ -11,7 +11,7 @@ | |||
11 | * called by a name other than "ssh" or "Secure Shell". | 11 | * called by a name other than "ssh" or "Secure Shell". |
12 | */ | 12 | */ |
13 | 13 | ||
14 | /* RCSID("$OpenBSD: servconf.h,v 1.37 2001/02/11 12:59:25 markus Exp $"); */ | 14 | /* RCSID("$OpenBSD: servconf.h,v 1.38 2001/02/12 16:16:23 markus Exp $"); */ |
15 | 15 | ||
16 | #ifndef SERVCONF_H | 16 | #ifndef SERVCONF_H |
17 | #define SERVCONF_H | 17 | #define SERVCONF_H |
@@ -25,6 +25,14 @@ | |||
25 | #define MAX_SUBSYSTEMS 256 /* Max # subsystems. */ | 25 | #define MAX_SUBSYSTEMS 256 /* Max # subsystems. */ |
26 | #define MAX_HOSTKEYS 256 /* Max # hostkeys. */ | 26 | #define MAX_HOSTKEYS 256 /* Max # hostkeys. */ |
27 | 27 | ||
28 | /* permit_root_login */ | ||
29 | #define PERMIT_NOT_SET -1 | ||
30 | #define PERMIT_NO 0 | ||
31 | #define PERMIT_FORCED_ONLY 1 | ||
32 | #define PERMIT_NO_PASSWD 2 | ||
33 | #define PERMIT_YES 3 | ||
34 | |||
35 | |||
28 | typedef struct { | 36 | typedef struct { |
29 | u_int num_ports; | 37 | u_int num_ports; |
30 | u_int ports_from_cmdline; | 38 | u_int ports_from_cmdline; |
@@ -38,7 +46,7 @@ typedef struct { | |||
38 | int login_grace_time; /* Disconnect if no auth in this time | 46 | int login_grace_time; /* Disconnect if no auth in this time |
39 | * (sec). */ | 47 | * (sec). */ |
40 | int key_regeneration_time; /* Server key lifetime (seconds). */ | 48 | int key_regeneration_time; /* Server key lifetime (seconds). */ |
41 | int permit_root_login; /* If true, permit root login. */ | 49 | int permit_root_login; /* PERMIT_*, see above */ |
42 | int ignore_rhosts; /* Ignore .rhosts and .shosts. */ | 50 | int ignore_rhosts; /* Ignore .rhosts and .shosts. */ |
43 | int ignore_user_known_hosts; /* Ignore ~/.ssh/known_hosts | 51 | int ignore_user_known_hosts; /* Ignore ~/.ssh/known_hosts |
44 | * for RhostsRsaAuth */ | 52 | * for RhostsRsaAuth */ |
diff --git a/ssh-keygen.c b/ssh-keygen.c index 3b5d22fa3..f573db481 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -12,7 +12,7 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: ssh-keygen.c,v 1.42 2001/02/04 15:32:26 stevesk Exp $"); | 15 | RCSID("$OpenBSD: ssh-keygen.c,v 1.43 2001/02/12 16:16:23 markus Exp $"); |
16 | 16 | ||
17 | #include <openssl/evp.h> | 17 | #include <openssl/evp.h> |
18 | #include <openssl/pem.h> | 18 | #include <openssl/pem.h> |
@@ -532,6 +532,7 @@ do_change_comment(struct passwd *pw) | |||
532 | public = key_new(KEY_RSA1); | 532 | public = key_new(KEY_RSA1); |
533 | if (!load_public_key(identity_file, public, NULL)) { | 533 | if (!load_public_key(identity_file, public, NULL)) { |
534 | printf("%s is not a valid key file.\n", identity_file); | 534 | printf("%s is not a valid key file.\n", identity_file); |
535 | printf("Comments are only supported in RSA1 keys\n"); | ||
535 | exit(1); | 536 | exit(1); |
536 | } | 537 | } |
537 | 538 | ||
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd.8,v 1.93 2001/02/11 12:59:25 markus Exp $ | 37 | .\" $OpenBSD: sshd.8,v 1.94 2001/02/12 16:16:24 markus Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD 8 | 39 | .Dt SSHD 8 |
40 | .Os | 40 | .Os |
@@ -552,21 +552,26 @@ Specifies whether the root can log in using | |||
552 | .Xr ssh 1 . | 552 | .Xr ssh 1 . |
553 | The argument must be | 553 | The argument must be |
554 | .Dq yes , | 554 | .Dq yes , |
555 | .Dq without-password | 555 | .Dq without-password , |
556 | .Dq forced-commands-only | ||
556 | or | 557 | or |
557 | .Dq no . | 558 | .Dq no . |
558 | The default is | 559 | The default is |
559 | .Dq yes . | 560 | .Dq yes . |
560 | If this options is set to | 561 | .Pp |
562 | If this option is set to | ||
561 | .Dq without-password | 563 | .Dq without-password |
562 | only password authentication is disabled for root. | 564 | password authentication is disabled for root. |
563 | .Pp | 565 | .Pp |
564 | Root login with RSA authentication when the | 566 | If this option is set to |
567 | .Dq forced-commands-only | ||
568 | root login with public key authentication will be allowed, | ||
569 | but only if the | ||
565 | .Ar command | 570 | .Ar command |
566 | option has been | 571 | option has been specified |
567 | specified will be allowed regardless of the value of this setting | ||
568 | (which may be useful for taking remote backups even if root login is | 572 | (which may be useful for taking remote backups even if root login is |
569 | normally not allowed). | 573 | normally not allowed). All other authentication methods are disabled |
574 | for root. | ||
570 | .It Cm PidFile | 575 | .It Cm PidFile |
571 | Specifies the file that contains the process identifier of the | 576 | Specifies the file that contains the process identifier of the |
572 | .Nm | 577 | .Nm |