version 1.41.2.5, 2003/04/03 22:35:16 |
version 1.42, 2002/05/13 20:44:58 |
|
|
|
|
/* |
/* |
* Check a given file for security. This is defined as all components |
* Check a given file for security. This is defined as all components |
* of the path to the file must be owned by either the owner of |
* of the path to the file must either be owned by either the owner of |
* of the file or root and no directories must be group or world writable. |
* of the file or root and no directories must be group or world writable. |
* |
* |
* XXX Should any specific check be done for sym links ? |
* XXX Should any specific check be done for sym links ? |
|
|
uid_t uid = pw->pw_uid; |
uid_t uid = pw->pw_uid; |
char buf[MAXPATHLEN], homedir[MAXPATHLEN]; |
char buf[MAXPATHLEN], homedir[MAXPATHLEN]; |
char *cp; |
char *cp; |
int comparehome = 0; |
|
struct stat st; |
struct stat st; |
|
|
if (realpath(file, buf) == NULL) { |
if (realpath(file, buf) == NULL) { |
|
|
strerror(errno)); |
strerror(errno)); |
return -1; |
return -1; |
} |
} |
if (realpath(pw->pw_dir, homedir) != NULL) |
if (realpath(pw->pw_dir, homedir) == NULL) { |
comparehome = 1; |
snprintf(err, errlen, "realpath %s failed: %s", pw->pw_dir, |
|
strerror(errno)); |
|
return -1; |
|
} |
|
|
/* check the open file to avoid races */ |
/* check the open file to avoid races */ |
if (fstat(fileno(f), &st) < 0 || |
if (fstat(fileno(f), &st) < 0 || |
|
|
} |
} |
|
|
/* If are passed the homedir then we can stop */ |
/* If are passed the homedir then we can stop */ |
if (comparehome && strcmp(homedir, buf) == 0) { |
if (strcmp(homedir, buf) == 0) { |
debug3("secure_filename: terminating check at '%s'", |
debug3("secure_filename: terminating check at '%s'", |
buf); |
buf); |
break; |
break; |
|
|
struct passwd *pw; |
struct passwd *pw; |
|
|
pw = getpwnam(user); |
pw = getpwnam(user); |
if (pw == NULL) { |
if (pw == NULL || !allowed_user(pw)) |
log("Illegal user %.100s from %.100s", |
|
user, get_remote_ipaddr()); |
|
return (NULL); |
return (NULL); |
} |
|
if (!allowed_user(pw)) |
|
return (NULL); |
|
#ifdef HAVE_LOGIN_CAP |
#ifdef HAVE_LOGIN_CAP |
if ((lc = login_getclass(pw->pw_class)) == NULL) { |
if ((lc = login_getclass(pw->pw_class)) == NULL) { |
debug("unable to get login class: %s", user); |
debug("unable to get login class: %s", user); |
|
|
} |
} |
#ifdef BSD_AUTH |
#ifdef BSD_AUTH |
if ((as = auth_open()) == NULL || auth_setpwd(as, pw) != 0 || |
if ((as = auth_open()) == NULL || auth_setpwd(as, pw) != 0 || |
auth_approval(as, lc, pw->pw_name, "ssh") <= 0) { |
auth_approval(NULL, lc, pw->pw_name, "ssh") <= 0) { |
debug("Approval failure for %s", user); |
debug("Approval failure for %s", user); |
pw = NULL; |
pw = NULL; |
} |
} |