src/usr.bin/ssh/auth.c - diff

Return to auth.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/auth.c between version 1.21.2.5 and 1.22

version 1.21.2.5, 2002/06/02 22:56:09

version 1.22, 2001/05/20 17:20:35

Line 37

#include "canohost.h"

#include "buffer.h"

#include "bufaux.h"

#include "uidswap.h"

#include "tildexpand.h"

#include "misc.h"

#include "bufaux.h"

#include "packet.h"

/* import */

extern ServerOptions options;

/* Debugging messages */

Buffer auth_debug;

int auth_debug_init;

* Check if the user is allowed to log in via ssh. If user is listed

* in DenyUsers or one of user's groups is listed in DenyGroups, false

Line 63

Line 54

allowed_user(struct passwd * pw)

{

struct stat st;

const char *hostname = NULL, *ipaddr = NULL;

char *shell;

int i;

Line 78

Line 68

shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell;

/* deny if shell does not exists or is not executable */

if (stat(shell, &st) != 0) {

if (stat(shell, &st) != 0)

log("User %.100s not allowed because shell %.100s does not exist",

pw->pw_name, shell);

return 0;

}

if (!((st.st_mode & S_IFREG) && (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP))))

if (S_ISREG(st.st_mode) == 0 ||

(st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) {

log("User %.100s not allowed because shell %.100s is not executable",

pw->pw_name, shell);

return 0;

}

if (options.num_deny_users > 0 || options.num_allow_users > 0) {

hostname = get_canonical_hostname(options.verify_reverse_mapping);

ipaddr = get_remote_ipaddr();

}

/* Return false if user is listed in DenyUsers */

if (options.num_deny_users > 0) {

for (i = 0; i < options.num_deny_users; i++)

if (match_user(pw->pw_name, hostname, ipaddr,

if (match_pattern(pw->pw_name, options.deny_users[i]))

options.deny_users[i])) {

log("User %.100s not allowed because listed in DenyUsers",

pw->pw_name);

return 0;

}

/* Return false if AllowUsers isn't empty and user isn't listed there */

if (options.num_allow_users > 0) {

for (i = 0; i < options.num_allow_users; i++)

if (match_user(pw->pw_name, hostname, ipaddr,

if (match_pattern(pw->pw_name, options.allow_users[i]))

options.allow_users[i]))

break;

/* i < options.num_allow_users iff we break for loop */

if (i >= options.num_allow_users) {

if (i >= options.num_allow_users)

log("User %.100s not allowed because not listed in AllowUsers",

pw->pw_name);

return 0;

}

if (options.num_deny_groups > 0 || options.num_allow_groups > 0) {

/* Get the user's group access list (primary and supplementary) */

if (ga_init(pw->pw_name, pw->pw_gid) == 0) {

if (ga_init(pw->pw_name, pw->pw_gid) == 0)

log("User %.100s not allowed because not in any group",

pw->pw_name);

return 0;

}

/* Return false if one of user's groups is listed in DenyGroups */

if (options.num_deny_groups > 0)

if (ga_match(options.deny_groups,

options.num_deny_groups)) {

ga_free();

log("User %.100s not allowed because a group is listed in DenyGroups",

pw->pw_name);

return 0;

}

Line 143

Line 108

if (!ga_match(options.allow_groups,

options.num_allow_groups)) {

ga_free();

log("User %.100s not allowed because none of user's groups are listed in AllowGroups",

pw->pw_name);

return 0;

}

ga_free();

Line 183

Line 146

authmsg,

method,

authctxt->valid ? "" : "illegal user ",

authctxt->user,

authctxt->valid && authctxt->pw->pw_uid == 0 ? "ROOT" : authctxt->user,

get_remote_ipaddr(),

get_remote_port(),

info);

Line 247

Line 210

}

if (cp[0] == '%' && cp[1] == 'u') {

buffer_append(&buffer, pw->pw_name,

strlen(pw->pw_name));

cp++;

continue;

}

Line 282

Line 245

return expand_filename(options.authorized_keys_file2, pw);

}

/* return ok if key exists in sysfile or userfile */

HostStatus

check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,

const char *sysfile, const char *userfile)

{

Key *found;

char *user_hostfile;

struct stat st;

HostStatus host_status;

/* Check if we know the host and its host key. */

found = key_new(key->type);

host_status = check_host_in_hostfile(sysfile, host, key, found, NULL);

if (host_status != HOST_OK && userfile != NULL) {

user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);

if (options.strict_modes &&

(stat(user_hostfile, &st) == 0) &&

((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||

(st.st_mode & 022) != 0)) {

log("Authentication refused for %.100s: "

"bad owner or modes for %.200s",

pw->pw_name, user_hostfile);

} else {

temporarily_use_uid(pw);

host_status = check_host_in_hostfile(user_hostfile,

host, key, found, NULL);

restore_uid();

}

xfree(user_hostfile);

}

key_free(found);

debug2("check_key_in_hostfiles: key %s for %s", host_status == HOST_OK ?

"ok" : "not found", host);

return host_status;

}

* Check a given file for security. This is defined as all components

* of the path to the file must either be owned by either the owner of

* of the file or root and no directories must be group or world writable.

* of the file or root and no directories must be world writable.

* XXX Should any specific check be done for sym links ?

Line 334

Line 258

* Returns 0 on success and -1 on failure

int

secure_filename(FILE *f, const char *file, struct passwd *pw,

secure_filename(FILE *f, const char *file, uid_t uid, char *err, size_t errlen)

char *err, size_t errlen)

{

uid_t uid = pw->pw_uid;

char buf[MAXPATHLEN];

char buf[MAXPATHLEN], homedir[MAXPATHLEN];

char *cp;

struct stat st;

Line 347

Line 269

strerror(errno));

return -1;

}

if (realpath(pw->pw_dir, homedir) == NULL) {

snprintf(err, errlen, "realpath %s failed: %s", pw->pw_dir,

strerror(errno));

return -1;

}

/* check the open file to avoid races */

if (fstat(fileno(f), &st) < 0 ||

Line 374

Line 291

if (stat(buf, &st) < 0 ||

(st.st_uid != 0 && st.st_uid != uid) ||

(st.st_mode & 022) != 0) {

snprintf(err, errlen,

"bad ownership or modes for directory %s", buf);

return -1;

}

/* If are passed the homedir then we can stop */

if (strcmp(homedir, buf) == 0) {

debug3("secure_filename: terminating check at '%s'",

buf);

break;

}

* dirname should always complete with a "/" path,

* but we can be paranoid and check for "." too

Line 393

Line 304

break;

}

return 0;

}

struct passwd *

getpwnamallow(const char *user)

{

#ifdef HAVE_LOGIN_CAP

extern login_cap_t *lc;

#ifdef BSD_AUTH

auth_session_t *as;

#endif

struct passwd *pw;

pw = getpwnam(user);

if (pw == NULL || !allowed_user(pw))

return (NULL);

#ifdef HAVE_LOGIN_CAP

if ((lc = login_getclass(pw->pw_class)) == NULL) {

debug("unable to get login class: %s", user);

return (NULL);

}

#ifdef BSD_AUTH

if ((as = auth_open()) == NULL || auth_setpwd(as, pw) != 0 ||

auth_approval(as, lc, pw->pw_name, "ssh") <= 0) {

debug("Approval failure for %s", user);

pw = NULL;

}

if (as != NULL)

auth_close(as);

#endif

if (pw != NULL)

return (pwcopy(pw));

return (NULL);

}

void

auth_debug_add(const char *fmt,...)

{

char buf[1024];

va_list args;

if (!auth_debug_init)

return;

va_start(args, fmt);

vsnprintf(buf, sizeof(buf), fmt, args);

va_end(args);

buffer_put_cstring(&auth_debug, buf);

}

void

auth_debug_send(void)

{

char *msg;

if (!auth_debug_init)

return;

while (buffer_len(&auth_debug)) {

msg = buffer_get_string(&auth_debug, NULL);

packet_send_debug("%s", msg);

xfree(msg);

}

void

auth_debug_reset(void)

{

if (auth_debug_init)

buffer_clear(&auth_debug);

else {

buffer_init(&auth_debug);

auth_debug_init = 1;

}