From 248c0784bfcadea9bed9dd9b919b7e4633b4f86a Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Wed, 4 Jul 2001 03:40:39 +0000 Subject: - provos@cvs.openbsd.org 2001/06/25 17:54:47 [auth.c auth.h auth-rsa.c] terminate secure_filename checking after checking homedir. that way it works on AFS. okay markus@ --- ChangeLog | 6 +++++- auth-rsa.c | 4 ++-- auth.c | 15 +++++++++++++-- auth.h | 5 +++-- 4 files changed, 23 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 555d047e0..a9cf6dbc0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,10 @@ [ssh-keygen.1] sshd(8) will never read the private keys, but ssh(1) does; hugh@mimosa.com + - provos@cvs.openbsd.org 2001/06/25 17:54:47 + [auth.c auth.h auth-rsa.c] + terminate secure_filename checking after checking homedir. that way + it 20010629 - (bal) Removed net_aton() since we don't use it any more @@ -5836,4 +5840,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1346 2001/07/04 03:35:24 mouring Exp $ +$Id: ChangeLog,v 1.1347 2001/07/04 03:40:39 mouring Exp $ diff --git a/auth-rsa.c b/auth-rsa.c index 899daae3b..ec8f6ce21 100644 --- a/auth-rsa.c +++ b/auth-rsa.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rsa.c,v 1.42 2001/06/22 21:55:48 markus Exp $"); +RCSID("$OpenBSD: auth-rsa.c,v 1.43 2001/06/25 17:54:47 provos Exp $"); #include #include @@ -159,7 +159,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) return 0; } if (options.strict_modes && - secure_filename(f, file, pw->pw_uid, line, sizeof(line)) != 0) { + secure_filename(f, file, pw, line, sizeof(line)) != 0) { xfree(file); fclose(f); log("Authentication refused: %s", line); diff --git a/auth.c b/auth.c index 9abcdde1d..892bb261a 100644 --- a/auth.c +++ b/auth.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth.c,v 1.24 2001/06/23 00:20:57 markus Exp $"); +RCSID("$OpenBSD: auth.c,v 1.25 2001/06/25 17:54:48 provos Exp $"); #ifdef HAVE_LOGIN_H #include @@ -351,12 +351,17 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, * Returns 0 on success and -1 on failure */ int -secure_filename(FILE *f, const char *file, uid_t uid, char *err, size_t errlen) +secure_filename(FILE *f, const char *file, struct passwd *pw, + char *err, size_t errlen) { + uid_t uid = pw->pw_uid; + char homedir[MAXPATHLEN]; char buf[MAXPATHLEN]; char *cp; struct stat st; + strlcpy(homedir, dirname(pw->pw_dir), sizeof(homedir)); + if (realpath(file, buf) == NULL) { snprintf(err, errlen, "realpath %s failed: %s", file, strerror(errno)); @@ -372,6 +377,8 @@ secure_filename(FILE *f, const char *file, uid_t uid, char *err, size_t errlen) return -1; } + debug3("secure_filename: terminating check at '%s'", homedir); + /* for each component of the canonical path, walking upwards */ for (;;) { if ((cp = dirname(buf)) == NULL) { @@ -380,6 +387,10 @@ secure_filename(FILE *f, const char *file, uid_t uid, char *err, size_t errlen) } strlcpy(buf, cp, sizeof(buf)); + /* If are passed the homedir then we can stop */ + if (strcmp(buf, homedir) == 0) + break; + debug3("secure_filename: checking '%s'", buf); if (stat(buf, &st) < 0 || (st.st_uid != 0 && st.st_uid != uid) || diff --git a/auth.h b/auth.h index b9585d3af..415967c2c 100644 --- a/auth.h +++ b/auth.h @@ -21,7 +21,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $OpenBSD: auth.h,v 1.18 2001/06/23 00:20:58 markus Exp $ + * $OpenBSD: auth.h,v 1.19 2001/06/25 17:54:49 provos Exp $ */ #ifndef AUTH_H #define AUTH_H @@ -168,7 +168,8 @@ char *authorized_keys_file2(struct passwd *pw); /* check a file and the path to it */ int -secure_filename(FILE *f, const char *file, uid_t u, char *err, size_t errlen); +secure_filename(FILE *f, const char *file, struct passwd *pw, + char *err, size_t errlen); /* helper for hostbased auth */ HostStatus -- cgit v1.2.3