diff options
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | auth-rsa.c | 4 | ||||
| -rw-r--r-- | auth.c | 15 | ||||
| -rw-r--r-- | auth.h | 5 |
4 files changed, 23 insertions, 7 deletions
| @@ -9,6 +9,10 @@ | |||
| 9 | [ssh-keygen.1] | 9 | [ssh-keygen.1] |
| 10 | sshd(8) will never read the private keys, but ssh(1) does; | 10 | sshd(8) will never read the private keys, but ssh(1) does; |
| 11 | hugh@mimosa.com | 11 | hugh@mimosa.com |
| 12 | - provos@cvs.openbsd.org 2001/06/25 17:54:47 | ||
| 13 | [auth.c auth.h auth-rsa.c] | ||
| 14 | terminate secure_filename checking after checking homedir. that way | ||
| 15 | it | ||
| 12 | 16 | ||
| 13 | 20010629 | 17 | 20010629 |
| 14 | - (bal) Removed net_aton() since we don't use it any more | 18 | - (bal) Removed net_aton() since we don't use it any more |
| @@ -5836,4 +5840,4 @@ | |||
| 5836 | - Wrote replacements for strlcpy and mkdtemp | 5840 | - Wrote replacements for strlcpy and mkdtemp |
| 5837 | - Released 1.0pre1 | 5841 | - Released 1.0pre1 |
| 5838 | 5842 | ||
| 5839 | $Id: ChangeLog,v 1.1346 2001/07/04 03:35:24 mouring Exp $ | 5843 | $Id: ChangeLog,v 1.1347 2001/07/04 03:40:39 mouring Exp $ |
diff --git a/auth-rsa.c b/auth-rsa.c index 899daae3b..ec8f6ce21 100644 --- a/auth-rsa.c +++ b/auth-rsa.c | |||
| @@ -14,7 +14,7 @@ | |||
| 14 | */ | 14 | */ |
| 15 | 15 | ||
| 16 | #include "includes.h" | 16 | #include "includes.h" |
| 17 | RCSID("$OpenBSD: auth-rsa.c,v 1.42 2001/06/22 21:55:48 markus Exp $"); | 17 | RCSID("$OpenBSD: auth-rsa.c,v 1.43 2001/06/25 17:54:47 provos Exp $"); |
| 18 | 18 | ||
| 19 | #include <openssl/rsa.h> | 19 | #include <openssl/rsa.h> |
| 20 | #include <openssl/md5.h> | 20 | #include <openssl/md5.h> |
| @@ -159,7 +159,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) | |||
| 159 | return 0; | 159 | return 0; |
| 160 | } | 160 | } |
| 161 | if (options.strict_modes && | 161 | if (options.strict_modes && |
| 162 | secure_filename(f, file, pw->pw_uid, line, sizeof(line)) != 0) { | 162 | secure_filename(f, file, pw, line, sizeof(line)) != 0) { |
| 163 | xfree(file); | 163 | xfree(file); |
| 164 | fclose(f); | 164 | fclose(f); |
| 165 | log("Authentication refused: %s", line); | 165 | log("Authentication refused: %s", line); |
| @@ -23,7 +23,7 @@ | |||
| 23 | */ | 23 | */ |
| 24 | 24 | ||
| 25 | #include "includes.h" | 25 | #include "includes.h" |
| 26 | RCSID("$OpenBSD: auth.c,v 1.24 2001/06/23 00:20:57 markus Exp $"); | 26 | RCSID("$OpenBSD: auth.c,v 1.25 2001/06/25 17:54:48 provos Exp $"); |
| 27 | 27 | ||
| 28 | #ifdef HAVE_LOGIN_H | 28 | #ifdef HAVE_LOGIN_H |
| 29 | #include <login.h> | 29 | #include <login.h> |
| @@ -351,12 +351,17 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, | |||
| 351 | * Returns 0 on success and -1 on failure | 351 | * Returns 0 on success and -1 on failure |
| 352 | */ | 352 | */ |
| 353 | int | 353 | int |
| 354 | secure_filename(FILE *f, const char *file, uid_t uid, char *err, size_t errlen) | 354 | secure_filename(FILE *f, const char *file, struct passwd *pw, |
| 355 | char *err, size_t errlen) | ||
| 355 | { | 356 | { |
| 357 | uid_t uid = pw->pw_uid; | ||
| 358 | char homedir[MAXPATHLEN]; | ||
| 356 | char buf[MAXPATHLEN]; | 359 | char buf[MAXPATHLEN]; |
| 357 | char *cp; | 360 | char *cp; |
| 358 | struct stat st; | 361 | struct stat st; |
| 359 | 362 | ||
| 363 | strlcpy(homedir, dirname(pw->pw_dir), sizeof(homedir)); | ||
| 364 | |||
| 360 | if (realpath(file, buf) == NULL) { | 365 | if (realpath(file, buf) == NULL) { |
| 361 | snprintf(err, errlen, "realpath %s failed: %s", file, | 366 | snprintf(err, errlen, "realpath %s failed: %s", file, |
| 362 | strerror(errno)); | 367 | strerror(errno)); |
| @@ -372,6 +377,8 @@ secure_filename(FILE *f, const char *file, uid_t uid, char *err, size_t errlen) | |||
| 372 | return -1; | 377 | return -1; |
| 373 | } | 378 | } |
| 374 | 379 | ||
| 380 | debug3("secure_filename: terminating check at '%s'", homedir); | ||
| 381 | |||
| 375 | /* for each component of the canonical path, walking upwards */ | 382 | /* for each component of the canonical path, walking upwards */ |
| 376 | for (;;) { | 383 | for (;;) { |
| 377 | if ((cp = dirname(buf)) == NULL) { | 384 | if ((cp = dirname(buf)) == NULL) { |
| @@ -380,6 +387,10 @@ secure_filename(FILE *f, const char *file, uid_t uid, char *err, size_t errlen) | |||
| 380 | } | 387 | } |
| 381 | strlcpy(buf, cp, sizeof(buf)); | 388 | strlcpy(buf, cp, sizeof(buf)); |
| 382 | 389 | ||
| 390 | /* If are passed the homedir then we can stop */ | ||
| 391 | if (strcmp(buf, homedir) == 0) | ||
| 392 | break; | ||
| 393 | |||
| 383 | debug3("secure_filename: checking '%s'", buf); | 394 | debug3("secure_filename: checking '%s'", buf); |
| 384 | if (stat(buf, &st) < 0 || | 395 | if (stat(buf, &st) < 0 || |
| 385 | (st.st_uid != 0 && st.st_uid != uid) || | 396 | (st.st_uid != 0 && st.st_uid != uid) || |
| @@ -21,7 +21,7 @@ | |||
| 21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 23 | * | 23 | * |
| 24 | * $OpenBSD: auth.h,v 1.18 2001/06/23 00:20:58 markus Exp $ | 24 | * $OpenBSD: auth.h,v 1.19 2001/06/25 17:54:49 provos Exp $ |
| 25 | */ | 25 | */ |
| 26 | #ifndef AUTH_H | 26 | #ifndef AUTH_H |
| 27 | #define AUTH_H | 27 | #define AUTH_H |
| @@ -168,7 +168,8 @@ char *authorized_keys_file2(struct passwd *pw); | |||
| 168 | 168 | ||
| 169 | /* check a file and the path to it */ | 169 | /* check a file and the path to it */ |
| 170 | int | 170 | int |
| 171 | secure_filename(FILE *f, const char *file, uid_t u, char *err, size_t errlen); | 171 | secure_filename(FILE *f, const char *file, struct passwd *pw, |
| 172 | char *err, size_t errlen); | ||
| 172 | 173 | ||
| 173 | /* helper for hostbased auth */ | 174 | /* helper for hostbased auth */ |
| 174 | HostStatus | 175 | HostStatus |