summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog6
-rw-r--r--auth-rsa.c4
-rw-r--r--auth.c15
-rw-r--r--auth.h5
4 files changed, 23 insertions, 7 deletions
diff --git a/ChangeLog b/ChangeLog
index 555d047e0..a9cf6dbc0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,6 +9,10 @@
9 [ssh-keygen.1] 9 [ssh-keygen.1]
10 sshd(8) will never read the private keys, but ssh(1) does; 10 sshd(8) will never read the private keys, but ssh(1) does;
11 hugh@mimosa.com 11 hugh@mimosa.com
12 - provos@cvs.openbsd.org 2001/06/25 17:54:47
13 [auth.c auth.h auth-rsa.c]
14 terminate secure_filename checking after checking homedir. that way
15 it
12 16
1320010629 1720010629
14 - (bal) Removed net_aton() since we don't use it any more 18 - (bal) Removed net_aton() since we don't use it any more
@@ -5836,4 +5840,4 @@
5836 - Wrote replacements for strlcpy and mkdtemp 5840 - Wrote replacements for strlcpy and mkdtemp
5837 - Released 1.0pre1 5841 - Released 1.0pre1
5838 5842
5839$Id: ChangeLog,v 1.1346 2001/07/04 03:35:24 mouring Exp $ 5843$Id: ChangeLog,v 1.1347 2001/07/04 03:40:39 mouring Exp $
diff --git a/auth-rsa.c b/auth-rsa.c
index 899daae3b..ec8f6ce21 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -14,7 +14,7 @@
14 */ 14 */
15 15
16#include "includes.h" 16#include "includes.h"
17RCSID("$OpenBSD: auth-rsa.c,v 1.42 2001/06/22 21:55:48 markus Exp $"); 17RCSID("$OpenBSD: auth-rsa.c,v 1.43 2001/06/25 17:54:47 provos Exp $");
18 18
19#include <openssl/rsa.h> 19#include <openssl/rsa.h>
20#include <openssl/md5.h> 20#include <openssl/md5.h>
@@ -159,7 +159,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
159 return 0; 159 return 0;
160 } 160 }
161 if (options.strict_modes && 161 if (options.strict_modes &&
162 secure_filename(f, file, pw->pw_uid, line, sizeof(line)) != 0) { 162 secure_filename(f, file, pw, line, sizeof(line)) != 0) {
163 xfree(file); 163 xfree(file);
164 fclose(f); 164 fclose(f);
165 log("Authentication refused: %s", line); 165 log("Authentication refused: %s", line);
diff --git a/auth.c b/auth.c
index 9abcdde1d..892bb261a 100644
--- a/auth.c
+++ b/auth.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: auth.c,v 1.24 2001/06/23 00:20:57 markus Exp $"); 26RCSID("$OpenBSD: auth.c,v 1.25 2001/06/25 17:54:48 provos Exp $");
27 27
28#ifdef HAVE_LOGIN_H 28#ifdef HAVE_LOGIN_H
29#include <login.h> 29#include <login.h>
@@ -351,12 +351,17 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,
351 * Returns 0 on success and -1 on failure 351 * Returns 0 on success and -1 on failure
352 */ 352 */
353int 353int
354secure_filename(FILE *f, const char *file, uid_t uid, char *err, size_t errlen) 354secure_filename(FILE *f, const char *file, struct passwd *pw,
355 char *err, size_t errlen)
355{ 356{
357 uid_t uid = pw->pw_uid;
358 char homedir[MAXPATHLEN];
356 char buf[MAXPATHLEN]; 359 char buf[MAXPATHLEN];
357 char *cp; 360 char *cp;
358 struct stat st; 361 struct stat st;
359 362
363 strlcpy(homedir, dirname(pw->pw_dir), sizeof(homedir));
364
360 if (realpath(file, buf) == NULL) { 365 if (realpath(file, buf) == NULL) {
361 snprintf(err, errlen, "realpath %s failed: %s", file, 366 snprintf(err, errlen, "realpath %s failed: %s", file,
362 strerror(errno)); 367 strerror(errno));
@@ -372,6 +377,8 @@ secure_filename(FILE *f, const char *file, uid_t uid, char *err, size_t errlen)
372 return -1; 377 return -1;
373 } 378 }
374 379
380 debug3("secure_filename: terminating check at '%s'", homedir);
381
375 /* for each component of the canonical path, walking upwards */ 382 /* for each component of the canonical path, walking upwards */
376 for (;;) { 383 for (;;) {
377 if ((cp = dirname(buf)) == NULL) { 384 if ((cp = dirname(buf)) == NULL) {
@@ -380,6 +387,10 @@ secure_filename(FILE *f, const char *file, uid_t uid, char *err, size_t errlen)
380 } 387 }
381 strlcpy(buf, cp, sizeof(buf)); 388 strlcpy(buf, cp, sizeof(buf));
382 389
390 /* If are passed the homedir then we can stop */
391 if (strcmp(buf, homedir) == 0)
392 break;
393
383 debug3("secure_filename: checking '%s'", buf); 394 debug3("secure_filename: checking '%s'", buf);
384 if (stat(buf, &st) < 0 || 395 if (stat(buf, &st) < 0 ||
385 (st.st_uid != 0 && st.st_uid != uid) || 396 (st.st_uid != 0 && st.st_uid != uid) ||
diff --git a/auth.h b/auth.h
index b9585d3af..415967c2c 100644
--- a/auth.h
+++ b/auth.h
@@ -21,7 +21,7 @@
21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 * 23 *
24 * $OpenBSD: auth.h,v 1.18 2001/06/23 00:20:58 markus Exp $ 24 * $OpenBSD: auth.h,v 1.19 2001/06/25 17:54:49 provos Exp $
25 */ 25 */
26#ifndef AUTH_H 26#ifndef AUTH_H
27#define AUTH_H 27#define AUTH_H
@@ -168,7 +168,8 @@ char *authorized_keys_file2(struct passwd *pw);
168 168
169/* check a file and the path to it */ 169/* check a file and the path to it */
170int 170int
171secure_filename(FILE *f, const char *file, uid_t u, char *err, size_t errlen); 171secure_filename(FILE *f, const char *file, struct passwd *pw,
172 char *err, size_t errlen);
172 173
173/* helper for hostbased auth */ 174/* helper for hostbased auth */
174HostStatus 175HostStatus