summaryrefslogtreecommitdiff
path: root/auth.c
diff options
context:
space:
mode:
Diffstat (limited to 'auth.c')
-rw-r--r--auth.c148
1 files changed, 98 insertions, 50 deletions
diff --git a/auth.c b/auth.c
index 68370ca94..54f4548f1 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth.c,v 1.80 2008/11/04 07:58:09 djm Exp $ */ 1/* $OpenBSD: auth.c,v 1.86 2010/03/05 02:58:11 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -70,6 +70,7 @@
70#ifdef GSSAPI 70#ifdef GSSAPI
71#include "ssh-gss.h" 71#include "ssh-gss.h"
72#endif 72#endif
73#include "authfile.h"
73#include "monitor_wrap.h" 74#include "monitor_wrap.h"
74 75
75/* import */ 76/* import */
@@ -96,7 +97,6 @@ allowed_user(struct passwd * pw)
96{ 97{
97 struct stat st; 98 struct stat st;
98 const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL; 99 const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL;
99 char *shell;
100 u_int i; 100 u_int i;
101#ifdef USE_SHADOW 101#ifdef USE_SHADOW
102 struct spwd *spw = NULL; 102 struct spwd *spw = NULL;
@@ -154,22 +154,28 @@ allowed_user(struct passwd * pw)
154 } 154 }
155 155
156 /* 156 /*
157 * Get the shell from the password data. An empty shell field is 157 * Deny if shell does not exist or is not executable unless we
158 * legal, and means /bin/sh. 158 * are chrooting.
159 */ 159 */
160 shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell; 160 if (options.chroot_directory == NULL ||
161 161 strcasecmp(options.chroot_directory, "none") == 0) {
162 /* deny if shell does not exists or is not executable */ 162 char *shell = xstrdup((pw->pw_shell[0] == '\0') ?
163 if (stat(shell, &st) != 0) { 163 _PATH_BSHELL : pw->pw_shell); /* empty = /bin/sh */
164 logit("User %.100s not allowed because shell %.100s does not exist", 164
165 pw->pw_name, shell); 165 if (stat(shell, &st) != 0) {
166 return 0; 166 logit("User %.100s not allowed because shell %.100s "
167 } 167 "does not exist", pw->pw_name, shell);
168 if (S_ISREG(st.st_mode) == 0 || 168 xfree(shell);
169 (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) { 169 return 0;
170 logit("User %.100s not allowed because shell %.100s is not executable", 170 }
171 pw->pw_name, shell); 171 if (S_ISREG(st.st_mode) == 0 ||
172 return 0; 172 (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) {
173 logit("User %.100s not allowed because shell %.100s "
174 "is not executable", pw->pw_name, shell);
175 xfree(shell);
176 return 0;
177 }
178 xfree(shell);
173 } 179 }
174 180
175 if (options.num_deny_users > 0 || options.num_allow_users > 0 || 181 if (options.num_deny_users > 0 || options.num_allow_users > 0 ||
@@ -399,38 +405,6 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,
399 return host_status; 405 return host_status;
400} 406}
401 407
402int
403reject_blacklisted_key(Key *key, int hostkey)
404{
405 char *fp;
406
407 if (blacklisted_key(key, &fp) != 1)
408 return 0;
409
410 if (options.permit_blacklisted_keys) {
411 if (hostkey)
412 error("Host key %s blacklisted (see "
413 "ssh-vulnkey(1)); continuing anyway", fp);
414 else
415 logit("Public key %s from %s blacklisted (see "
416 "ssh-vulnkey(1)); continuing anyway",
417 fp, get_remote_ipaddr());
418 xfree(fp);
419 } else {
420 if (hostkey)
421 error("Host key %s blacklisted (see "
422 "ssh-vulnkey(1))", fp);
423 else
424 logit("Public key %s from %s blacklisted (see "
425 "ssh-vulnkey(1))",
426 fp, get_remote_ipaddr());
427 xfree(fp);
428 return 1;
429 }
430
431 return 0;
432}
433
434 408
435/* 409/*
436 * Check a given file for security. This is defined as all components 410 * Check a given file for security. This is defined as all components
@@ -488,7 +462,7 @@ secure_filename(FILE *f, const char *file, struct passwd *pw,
488 return -1; 462 return -1;
489 } 463 }
490 464
491 /* If are passed the homedir then we can stop */ 465 /* If are past the homedir then we can stop */
492 if (comparehome && strcmp(homedir, buf) == 0) { 466 if (comparehome && strcmp(homedir, buf) == 0) {
493 debug3("secure_filename: terminating check at '%s'", 467 debug3("secure_filename: terminating check at '%s'",
494 buf); 468 buf);
@@ -562,7 +536,28 @@ getpwnamallow(const char *user)
562 parse_server_match_config(&options, user, 536 parse_server_match_config(&options, user,
563 get_canonical_hostname(options.use_dns), get_remote_ipaddr()); 537 get_canonical_hostname(options.use_dns), get_remote_ipaddr());
564 538
539#if defined(_AIX) && defined(HAVE_SETAUTHDB)
540 aix_setauthdb(user);
541#endif
542
565 pw = getpwnam(user); 543 pw = getpwnam(user);
544
545#if defined(_AIX) && defined(HAVE_SETAUTHDB)
546 aix_restoreauthdb();
547#endif
548#ifdef HAVE_CYGWIN
549 /*
550 * Windows usernames are case-insensitive. To avoid later problems
551 * when trying to match the username, the user is only allowed to
552 * login if the username is given in the same case as stored in the
553 * user database.
554 */
555 if (pw != NULL && strcmp(user, pw->pw_name) != 0) {
556 logit("Login name %.100s does not match stored username %.100s",
557 user, pw->pw_name);
558 pw = NULL;
559 }
560#endif
566 if (pw == NULL) { 561 if (pw == NULL) {
567 logit("Invalid user %.100s from %.100s", 562 logit("Invalid user %.100s from %.100s",
568 user, get_remote_ipaddr()); 563 user, get_remote_ipaddr());
@@ -597,6 +592,59 @@ getpwnamallow(const char *user)
597 return (NULL); 592 return (NULL);
598} 593}
599 594
595/* Returns 1 if key is revoked by revoked_keys_file, 0 otherwise */
596int
597auth_key_is_revoked(Key *key, int hostkey)
598{
599 char *key_fp;
600
601 if (blacklisted_key(key, &key_fp) == 1) {
602 if (options.permit_blacklisted_keys) {
603 if (hostkey)
604 error("Host key %s blacklisted (see "
605 "ssh-vulnkey(1)); continuing anyway",
606 key_fp);
607 else
608 logit("Public key %s from %s blacklisted (see "
609 "ssh-vulnkey(1)); continuing anyway",
610 key_fp, get_remote_ipaddr());
611 xfree(key_fp);
612 } else {
613 if (hostkey)
614 error("Host key %s blacklisted (see "
615 "ssh-vulnkey(1))", key_fp);
616 else
617 logit("Public key %s from %s blacklisted (see "
618 "ssh-vulnkey(1))",
619 key_fp, get_remote_ipaddr());
620 xfree(key_fp);
621 return 1;
622 }
623 }
624
625 if (options.revoked_keys_file == NULL)
626 return 0;
627
628 switch (key_in_file(key, options.revoked_keys_file, 0)) {
629 case 0:
630 /* key not revoked */
631 return 0;
632 case -1:
633 /* Error opening revoked_keys_file: refuse all keys */
634 error("Revoked keys file is unreadable: refusing public key "
635 "authentication");
636 return 1;
637 case 1:
638 /* Key revoked */
639 key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
640 error("WARNING: authentication attempt with a revoked "
641 "%s key %s ", key_type(key), key_fp);
642 xfree(key_fp);
643 return 1;
644 }
645 fatal("key_in_file returned junk");
646}
647
600void 648void
601auth_debug_add(const char *fmt,...) 649auth_debug_add(const char *fmt,...)
602{ 650{