1/* $OpenBSD: auth.c,v 1.86 2010/03/05 02:58:11 djm Exp $ */
2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
--- 9 unchanged lines hidden (view full) ---
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26#include "includes.h"
27__RCSID("$FreeBSD: head/crypto/openssh/auth.c 204917 2010-03-09 19:16:43Z des $");
28
29#include <sys/types.h>
30#include <sys/stat.h>
31#include <sys/param.h>
32
33#include <netinet/in.h>
34
35#include <errno.h>
--- 29 unchanged lines hidden (view full) ---
65#include "canohost.h"
66#include "uidswap.h"
67#include "misc.h"
68#include "packet.h"
69#include "loginrec.h"
70#ifdef GSSAPI
71#include "ssh-gss.h"
72#endif
73#include "authfile.h"
74#include "monitor_wrap.h"
75
76/* import */
77extern ServerOptions options;
78extern int use_privsep;
79extern Buffer loginmsg;
80extern struct passwd *privsep_pw;
81
--- 10 unchanged lines hidden (view full) ---
92 * If the user's shell is not executable, false will be returned.
93 * Otherwise true is returned.
94 */
95int
96allowed_user(struct passwd * pw)
97{
98 struct stat st;
99 const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL;
100 u_int i;
101#ifdef USE_SHADOW
102 struct spwd *spw = NULL;
103#endif
104
105 /* Shouldn't be called if pw is NULL, but better safe than sorry... */
106 if (!pw || !pw->pw_name)
107 return 0;
--- 41 unchanged lines hidden (view full) ---
149 if (locked) {
150 logit("User %.100s not allowed because account is locked",
151 pw->pw_name);
152 return 0;
153 }
154 }
155
156 /*
157 * Deny if shell does not exist or is not executable unless we
158 * are chrooting.
159 */
160 if (options.chroot_directory == NULL ||
161 strcasecmp(options.chroot_directory, "none") == 0) {
162 char *shell = xstrdup((pw->pw_shell[0] == '\0') ?
163 _PATH_BSHELL : pw->pw_shell); /* empty = /bin/sh */
164
165 if (stat(shell, &st) != 0) {
166 logit("User %.100s not allowed because shell %.100s "
167 "does not exist", pw->pw_name, shell);
168 xfree(shell);
169 return 0;
170 }
171 if (S_ISREG(st.st_mode) == 0 ||
172 (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) {
173 logit("User %.100s not allowed because shell %.100s "
174 "is not executable", pw->pw_name, shell);
175 xfree(shell);
176 return 0;
177 }
178 xfree(shell);
179 }
180
181 if (options.num_deny_users > 0 || options.num_allow_users > 0 ||
182 options.num_deny_groups > 0 || options.num_allow_groups > 0) {
183 hostname = get_canonical_hostname(options.use_dns);
184 ipaddr = get_remote_ipaddr();
185 }
186
187 /* Return false if user is listed in DenyUsers */
--- 269 unchanged lines hidden (view full) ---
457 if (stat(buf, &st) < 0 ||
458 (st.st_uid != 0 && st.st_uid != uid) ||
459 (st.st_mode & 022) != 0) {
460 snprintf(err, errlen,
461 "bad ownership or modes for directory %s", buf);
462 return -1;
463 }
464
465 /* If are past the homedir then we can stop */
466 if (comparehome && strcmp(homedir, buf) == 0) {
467 debug3("secure_filename: terminating check at '%s'",
468 buf);
469 break;
470 }
471 /*
472 * dirname should always complete with a "/" path,
473 * but we can be paranoid and check for "." too
--- 11 unchanged lines hidden (view full) ---
485 struct stat st;
486 int fd;
487 FILE *f;
488
489 /*
490 * Open the file containing the authorized keys
491 * Fail quietly if file does not exist
492 */
493 if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1) {
494 if (errno != ENOENT)
495 debug("Could not open keyfile '%s': %s", file,
496 strerror(errno));
497 return NULL;
498 }
499
500 if (fstat(fd, &st) < 0) {
501 close(fd);
502 return NULL;
503 }
504 if (!S_ISREG(st.st_mode)) {
505 logit("User %s authorized keys %s is not a regular file",
506 pw->pw_name, file);
--- 24 unchanged lines hidden (view full) ---
531 auth_session_t *as;
532#endif
533#endif
534 struct passwd *pw;
535
536 parse_server_match_config(&options, user,
537 get_canonical_hostname(options.use_dns), get_remote_ipaddr());
538
539#if defined(_AIX) && defined(HAVE_SETAUTHDB)
540 aix_setauthdb(user);
541#endif
542
543 pw = getpwnam(user);
544
545#if defined(_AIX) && defined(HAVE_SETAUTHDB)
546 aix_restoreauthdb();
547#endif
548#ifdef HAVE_CYGWIN
549 /*
550 * Windows usernames are case-insensitive. To avoid later problems
551 * when trying to match the username, the user is only allowed to
552 * login if the username is given in the same case as stored in the
553 * user database.
554 */
555 if (pw != NULL && strcmp(user, pw->pw_name) != 0) {
556 logit("Login name %.100s does not match stored username %.100s",
557 user, pw->pw_name);
558 pw = NULL;
559 }
560#endif
561 if (pw == NULL) {
562 logit("Invalid user %.100s from %.100s",
563 user, get_remote_ipaddr());
564#ifdef CUSTOM_FAILED_LOGIN
565 record_failed_login(user,
566 get_canonical_hostname(options.use_dns), "ssh");
567#endif
568#ifdef SSH_AUDIT_EVENTS
--- 18 unchanged lines hidden (view full) ---
587 auth_close(as);
588#endif
589#endif
590 if (pw != NULL)
591 return (pwcopy(pw));
592 return (NULL);
593}
594
595/* Returns 1 if key is revoked by revoked_keys_file, 0 otherwise */
596int
597auth_key_is_revoked(Key *key)
598{
599 char *key_fp;
600
601 if (options.revoked_keys_file == NULL)
602 return 0;
603
604 switch (key_in_file(key, options.revoked_keys_file, 0)) {
605 case 0:
606 /* key not revoked */
607 return 0;
608 case -1:
609 /* Error opening revoked_keys_file: refuse all keys */
610 error("Revoked keys file is unreadable: refusing public key "
611 "authentication");
612 return 1;
613 case 1:
614 /* Key revoked */
615 key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
616 error("WARNING: authentication attempt with a revoked "
617 "%s key %s ", key_type(key), key_fp);
618 xfree(key_fp);
619 return 1;
620 }
621 fatal("key_in_file returned junk");
622}
623
624void
625auth_debug_add(const char *fmt,...)
626{
627 char buf[1024];
628 va_list args;
629
630 if (!auth_debug_init)
631 return;
--- 52 unchanged lines hidden ---
2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
--- 9 unchanged lines hidden (view full) ---
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26#include "includes.h"
27__RCSID("$FreeBSD: head/crypto/openssh/auth.c 204917 2010-03-09 19:16:43Z des $");
28
29#include <sys/types.h>
30#include <sys/stat.h>
31#include <sys/param.h>
32
33#include <netinet/in.h>
34
35#include <errno.h>
--- 29 unchanged lines hidden (view full) ---
65#include "canohost.h"
66#include "uidswap.h"
67#include "misc.h"
68#include "packet.h"
69#include "loginrec.h"
70#ifdef GSSAPI
71#include "ssh-gss.h"
72#endif
73#include "authfile.h"
74#include "monitor_wrap.h"
75
76/* import */
77extern ServerOptions options;
78extern int use_privsep;
79extern Buffer loginmsg;
80extern struct passwd *privsep_pw;
81
--- 10 unchanged lines hidden (view full) ---
92 * If the user's shell is not executable, false will be returned.
93 * Otherwise true is returned.
94 */
95int
96allowed_user(struct passwd * pw)
97{
98 struct stat st;
99 const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL;
100 u_int i;
101#ifdef USE_SHADOW
102 struct spwd *spw = NULL;
103#endif
104
105 /* Shouldn't be called if pw is NULL, but better safe than sorry... */
106 if (!pw || !pw->pw_name)
107 return 0;
--- 41 unchanged lines hidden (view full) ---
149 if (locked) {
150 logit("User %.100s not allowed because account is locked",
151 pw->pw_name);
152 return 0;
153 }
154 }
155
156 /*
157 * Deny if shell does not exist or is not executable unless we
158 * are chrooting.
159 */
160 if (options.chroot_directory == NULL ||
161 strcasecmp(options.chroot_directory, "none") == 0) {
162 char *shell = xstrdup((pw->pw_shell[0] == '\0') ?
163 _PATH_BSHELL : pw->pw_shell); /* empty = /bin/sh */
164
165 if (stat(shell, &st) != 0) {
166 logit("User %.100s not allowed because shell %.100s "
167 "does not exist", pw->pw_name, shell);
168 xfree(shell);
169 return 0;
170 }
171 if (S_ISREG(st.st_mode) == 0 ||
172 (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) {
173 logit("User %.100s not allowed because shell %.100s "
174 "is not executable", pw->pw_name, shell);
175 xfree(shell);
176 return 0;
177 }
178 xfree(shell);
179 }
180
181 if (options.num_deny_users > 0 || options.num_allow_users > 0 ||
182 options.num_deny_groups > 0 || options.num_allow_groups > 0) {
183 hostname = get_canonical_hostname(options.use_dns);
184 ipaddr = get_remote_ipaddr();
185 }
186
187 /* Return false if user is listed in DenyUsers */
--- 269 unchanged lines hidden (view full) ---
457 if (stat(buf, &st) < 0 ||
458 (st.st_uid != 0 && st.st_uid != uid) ||
459 (st.st_mode & 022) != 0) {
460 snprintf(err, errlen,
461 "bad ownership or modes for directory %s", buf);
462 return -1;
463 }
464
465 /* If are past the homedir then we can stop */
466 if (comparehome && strcmp(homedir, buf) == 0) {
467 debug3("secure_filename: terminating check at '%s'",
468 buf);
469 break;
470 }
471 /*
472 * dirname should always complete with a "/" path,
473 * but we can be paranoid and check for "." too
--- 11 unchanged lines hidden (view full) ---
485 struct stat st;
486 int fd;
487 FILE *f;
488
489 /*
490 * Open the file containing the authorized keys
491 * Fail quietly if file does not exist
492 */
493 if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1) {
494 if (errno != ENOENT)
495 debug("Could not open keyfile '%s': %s", file,
496 strerror(errno));
497 return NULL;
498 }
499
500 if (fstat(fd, &st) < 0) {
501 close(fd);
502 return NULL;
503 }
504 if (!S_ISREG(st.st_mode)) {
505 logit("User %s authorized keys %s is not a regular file",
506 pw->pw_name, file);
--- 24 unchanged lines hidden (view full) ---
531 auth_session_t *as;
532#endif
533#endif
534 struct passwd *pw;
535
536 parse_server_match_config(&options, user,
537 get_canonical_hostname(options.use_dns), get_remote_ipaddr());
538
539#if defined(_AIX) && defined(HAVE_SETAUTHDB)
540 aix_setauthdb(user);
541#endif
542
543 pw = getpwnam(user);
544
545#if defined(_AIX) && defined(HAVE_SETAUTHDB)
546 aix_restoreauthdb();
547#endif
548#ifdef HAVE_CYGWIN
549 /*
550 * Windows usernames are case-insensitive. To avoid later problems
551 * when trying to match the username, the user is only allowed to
552 * login if the username is given in the same case as stored in the
553 * user database.
554 */
555 if (pw != NULL && strcmp(user, pw->pw_name) != 0) {
556 logit("Login name %.100s does not match stored username %.100s",
557 user, pw->pw_name);
558 pw = NULL;
559 }
560#endif
561 if (pw == NULL) {
562 logit("Invalid user %.100s from %.100s",
563 user, get_remote_ipaddr());
564#ifdef CUSTOM_FAILED_LOGIN
565 record_failed_login(user,
566 get_canonical_hostname(options.use_dns), "ssh");
567#endif
568#ifdef SSH_AUDIT_EVENTS
--- 18 unchanged lines hidden (view full) ---
587 auth_close(as);
588#endif
589#endif
590 if (pw != NULL)
591 return (pwcopy(pw));
592 return (NULL);
593}
594
595/* Returns 1 if key is revoked by revoked_keys_file, 0 otherwise */
596int
597auth_key_is_revoked(Key *key)
598{
599 char *key_fp;
600
601 if (options.revoked_keys_file == NULL)
602 return 0;
603
604 switch (key_in_file(key, options.revoked_keys_file, 0)) {
605 case 0:
606 /* key not revoked */
607 return 0;
608 case -1:
609 /* Error opening revoked_keys_file: refuse all keys */
610 error("Revoked keys file is unreadable: refusing public key "
611 "authentication");
612 return 1;
613 case 1:
614 /* Key revoked */
615 key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
616 error("WARNING: authentication attempt with a revoked "
617 "%s key %s ", key_type(key), key_fp);
618 xfree(key_fp);
619 return 1;
620 }
621 fatal("key_in_file returned junk");
622}
623
624void
625auth_debug_add(const char *fmt,...)
626{
627 char buf[1024];
628 va_list args;
629
630 if (!auth_debug_init)
631 return;
--- 52 unchanged lines hidden ---