| auth.c (192595) | auth.c (204917) |
|---|---|
| 1/* $OpenBSD: auth.c,v 1.80 2008/11/04 07:58:09 djm Exp $ */ | 1/* $OpenBSD: auth.c,v 1.86 2010/03/05 02:58:11 djm Exp $ */ |
| 2/* 3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. --- 9 unchanged lines hidden (view full) --- 19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 */ 25 26#include "includes.h" | 2/* 3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. --- 9 unchanged lines hidden (view full) --- 19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 */ 25 26#include "includes.h" |
| 27__RCSID("$FreeBSD: head/crypto/openssh/auth.c 192595 2009-05-22 18:46:28Z des $"); | 27__RCSID("$FreeBSD: head/crypto/openssh/auth.c 204917 2010-03-09 19:16:43Z des $"); |
| 28 29#include <sys/types.h> 30#include <sys/stat.h> 31#include <sys/param.h> 32 33#include <netinet/in.h> 34 35#include <errno.h> --- 29 unchanged lines hidden (view full) --- 65#include "canohost.h" 66#include "uidswap.h" 67#include "misc.h" 68#include "packet.h" 69#include "loginrec.h" 70#ifdef GSSAPI 71#include "ssh-gss.h" 72#endif | 28 29#include <sys/types.h> 30#include <sys/stat.h> 31#include <sys/param.h> 32 33#include <netinet/in.h> 34 35#include <errno.h> --- 29 unchanged lines hidden (view full) --- 65#include "canohost.h" 66#include "uidswap.h" 67#include "misc.h" 68#include "packet.h" 69#include "loginrec.h" 70#ifdef GSSAPI 71#include "ssh-gss.h" 72#endif |
| 73#include "authfile.h" |
|
| 73#include "monitor_wrap.h" 74 75/* import */ 76extern ServerOptions options; 77extern int use_privsep; 78extern Buffer loginmsg; 79extern struct passwd *privsep_pw; 80 --- 10 unchanged lines hidden (view full) --- 91 * If the user's shell is not executable, false will be returned. 92 * Otherwise true is returned. 93 */ 94int 95allowed_user(struct passwd * pw) 96{ 97 struct stat st; 98 const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL; | 74#include "monitor_wrap.h" 75 76/* import */ 77extern ServerOptions options; 78extern int use_privsep; 79extern Buffer loginmsg; 80extern struct passwd *privsep_pw; 81 --- 10 unchanged lines hidden (view full) --- 92 * If the user's shell is not executable, false will be returned. 93 * Otherwise true is returned. 94 */ 95int 96allowed_user(struct passwd * pw) 97{ 98 struct stat st; 99 const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL; |
| 99 char *shell; | |
| 100 u_int i; 101#ifdef USE_SHADOW 102 struct spwd *spw = NULL; 103#endif 104 105 /* Shouldn't be called if pw is NULL, but better safe than sorry... */ 106 if (!pw || !pw->pw_name) 107 return 0; --- 41 unchanged lines hidden (view full) --- 149 if (locked) { 150 logit("User %.100s not allowed because account is locked", 151 pw->pw_name); 152 return 0; 153 } 154 } 155 156 /* | 100 u_int i; 101#ifdef USE_SHADOW 102 struct spwd *spw = NULL; 103#endif 104 105 /* Shouldn't be called if pw is NULL, but better safe than sorry... */ 106 if (!pw || !pw->pw_name) 107 return 0; --- 41 unchanged lines hidden (view full) --- 149 if (locked) { 150 logit("User %.100s not allowed because account is locked", 151 pw->pw_name); 152 return 0; 153 } 154 } 155 156 /* |
| 157 * Get the shell from the password data. An empty shell field is 158 * legal, and means /bin/sh. | 157 * Deny if shell does not exist or is not executable unless we 158 * are chrooting. |
| 159 */ | 159 */ |
| 160 shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell; | 160 if (options.chroot_directory == NULL || 161 strcasecmp(options.chroot_directory, "none") == 0) { 162 char *shell = xstrdup((pw->pw_shell[0] == '\0') ? 163 _PATH_BSHELL : pw->pw_shell); /* empty = /bin/sh */ |
| 161 | 164 |
| 162 /* deny if shell does not exists or is not executable */ 163 if (stat(shell, &st) != 0) { 164 logit("User %.100s not allowed because shell %.100s does not exist", 165 pw->pw_name, shell); 166 return 0; | 165 if (stat(shell, &st) != 0) { 166 logit("User %.100s not allowed because shell %.100s " 167 "does not exist", pw->pw_name, shell); 168 xfree(shell); 169 return 0; 170 } 171 if (S_ISREG(st.st_mode) == 0 || 172 (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) { 173 logit("User %.100s not allowed because shell %.100s " 174 "is not executable", pw->pw_name, shell); 175 xfree(shell); 176 return 0; 177 } 178 xfree(shell); |
| 167 } | 179 } |
| 168 if (S_ISREG(st.st_mode) == 0 || 169 (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) { 170 logit("User %.100s not allowed because shell %.100s is not executable", 171 pw->pw_name, shell); 172 return 0; 173 } | |
| 174 175 if (options.num_deny_users > 0 || options.num_allow_users > 0 || 176 options.num_deny_groups > 0 || options.num_allow_groups > 0) { 177 hostname = get_canonical_hostname(options.use_dns); 178 ipaddr = get_remote_ipaddr(); 179 } 180 181 /* Return false if user is listed in DenyUsers */ --- 269 unchanged lines hidden (view full) --- 451 if (stat(buf, &st) < 0 || 452 (st.st_uid != 0 && st.st_uid != uid) || 453 (st.st_mode & 022) != 0) { 454 snprintf(err, errlen, 455 "bad ownership or modes for directory %s", buf); 456 return -1; 457 } 458 | 180 181 if (options.num_deny_users > 0 || options.num_allow_users > 0 || 182 options.num_deny_groups > 0 || options.num_allow_groups > 0) { 183 hostname = get_canonical_hostname(options.use_dns); 184 ipaddr = get_remote_ipaddr(); 185 } 186 187 /* Return false if user is listed in DenyUsers */ --- 269 unchanged lines hidden (view full) --- 457 if (stat(buf, &st) < 0 || 458 (st.st_uid != 0 && st.st_uid != uid) || 459 (st.st_mode & 022) != 0) { 460 snprintf(err, errlen, 461 "bad ownership or modes for directory %s", buf); 462 return -1; 463 } 464 |
| 459 /* If are passed the homedir then we can stop */ | 465 /* If are past the homedir then we can stop */ |
| 460 if (comparehome && strcmp(homedir, buf) == 0) { 461 debug3("secure_filename: terminating check at '%s'", 462 buf); 463 break; 464 } 465 /* 466 * dirname should always complete with a "/" path, 467 * but we can be paranoid and check for "." too --- 11 unchanged lines hidden (view full) --- 479 struct stat st; 480 int fd; 481 FILE *f; 482 483 /* 484 * Open the file containing the authorized keys 485 * Fail quietly if file does not exist 486 */ | 466 if (comparehome && strcmp(homedir, buf) == 0) { 467 debug3("secure_filename: terminating check at '%s'", 468 buf); 469 break; 470 } 471 /* 472 * dirname should always complete with a "/" path, 473 * but we can be paranoid and check for "." too --- 11 unchanged lines hidden (view full) --- 485 struct stat st; 486 int fd; 487 FILE *f; 488 489 /* 490 * Open the file containing the authorized keys 491 * Fail quietly if file does not exist 492 */ |
| 487 if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1) | 493 if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1) { 494 if (errno != ENOENT) 495 debug("Could not open keyfile '%s': %s", file, 496 strerror(errno)); |
| 488 return NULL; | 497 return NULL; |
| 498 } |
|
| 489 490 if (fstat(fd, &st) < 0) { 491 close(fd); 492 return NULL; 493 } 494 if (!S_ISREG(st.st_mode)) { 495 logit("User %s authorized keys %s is not a regular file", 496 pw->pw_name, file); --- 24 unchanged lines hidden (view full) --- 521 auth_session_t *as; 522#endif 523#endif 524 struct passwd *pw; 525 526 parse_server_match_config(&options, user, 527 get_canonical_hostname(options.use_dns), get_remote_ipaddr()); 528 | 499 500 if (fstat(fd, &st) < 0) { 501 close(fd); 502 return NULL; 503 } 504 if (!S_ISREG(st.st_mode)) { 505 logit("User %s authorized keys %s is not a regular file", 506 pw->pw_name, file); --- 24 unchanged lines hidden (view full) --- 531 auth_session_t *as; 532#endif 533#endif 534 struct passwd *pw; 535 536 parse_server_match_config(&options, user, 537 get_canonical_hostname(options.use_dns), get_remote_ipaddr()); 538 |
| 539#if defined(_AIX) && defined(HAVE_SETAUTHDB) 540 aix_setauthdb(user); 541#endif 542 |
|
| 529 pw = getpwnam(user); | 543 pw = getpwnam(user); |
| 544 545#if defined(_AIX) && defined(HAVE_SETAUTHDB) 546 aix_restoreauthdb(); 547#endif 548#ifdef HAVE_CYGWIN 549 /* 550 * Windows usernames are case-insensitive. To avoid later problems 551 * when trying to match the username, the user is only allowed to 552 * login if the username is given in the same case as stored in the 553 * user database. 554 */ 555 if (pw != NULL && strcmp(user, pw->pw_name) != 0) { 556 logit("Login name %.100s does not match stored username %.100s", 557 user, pw->pw_name); 558 pw = NULL; 559 } 560#endif |
|
| 530 if (pw == NULL) { 531 logit("Invalid user %.100s from %.100s", 532 user, get_remote_ipaddr()); 533#ifdef CUSTOM_FAILED_LOGIN 534 record_failed_login(user, 535 get_canonical_hostname(options.use_dns), "ssh"); 536#endif 537#ifdef SSH_AUDIT_EVENTS --- 18 unchanged lines hidden (view full) --- 556 auth_close(as); 557#endif 558#endif 559 if (pw != NULL) 560 return (pwcopy(pw)); 561 return (NULL); 562} 563 | 561 if (pw == NULL) { 562 logit("Invalid user %.100s from %.100s", 563 user, get_remote_ipaddr()); 564#ifdef CUSTOM_FAILED_LOGIN 565 record_failed_login(user, 566 get_canonical_hostname(options.use_dns), "ssh"); 567#endif 568#ifdef SSH_AUDIT_EVENTS --- 18 unchanged lines hidden (view full) --- 587 auth_close(as); 588#endif 589#endif 590 if (pw != NULL) 591 return (pwcopy(pw)); 592 return (NULL); 593} 594 |
| 595/* Returns 1 if key is revoked by revoked_keys_file, 0 otherwise */ 596int 597auth_key_is_revoked(Key *key) 598{ 599 char *key_fp; 600 601 if (options.revoked_keys_file == NULL) 602 return 0; 603 604 switch (key_in_file(key, options.revoked_keys_file, 0)) { 605 case 0: 606 /* key not revoked */ 607 return 0; 608 case -1: 609 /* Error opening revoked_keys_file: refuse all keys */ 610 error("Revoked keys file is unreadable: refusing public key " 611 "authentication"); 612 return 1; 613 case 1: 614 /* Key revoked */ 615 key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); 616 error("WARNING: authentication attempt with a revoked " 617 "%s key %s ", key_type(key), key_fp); 618 xfree(key_fp); 619 return 1; 620 } 621 fatal("key_in_file returned junk"); 622} 623 |
|
| 564void 565auth_debug_add(const char *fmt,...) 566{ 567 char buf[1024]; 568 va_list args; 569 570 if (!auth_debug_init) 571 return; --- 52 unchanged lines hidden --- | 624void 625auth_debug_add(const char *fmt,...) 626{ 627 char buf[1024]; 628 va_list args; 629 630 if (!auth_debug_init) 631 return; --- 52 unchanged lines hidden --- |