src - OpenBSD base system

diff options


context:
space:
mode:

author	Markus Friedl <markus@cvs.openbsd.org>	2001-06-23 00:20:59 +0000
committer	Markus Friedl <markus@cvs.openbsd.org>	2001-06-23 00:20:59 +0000
commit	519377af4f66c4a052deb589ac9c9cb9620ca787 (patch)
tree	a617ace7a1ab1dfdad4413e6888e29d4aeb08ace
parent	47c2f94ec6f33f5dda8c5faa926b2f756048be63 (diff)

*known_hosts2 is obsolete for hostbased authentication and

only used for backward compat. merge ssh1/2 hostkey check and move it to auth.c

Diffstat

-rw-r--r--

usr.bin/ssh/auth-rh-rsa.c

-rw-r--r--

usr.bin/ssh/auth.c

-rw-r--r--

usr.bin/ssh/auth.h

-rw-r--r--

usr.bin/ssh/auth2.c

4 files changed, 67 insertions, 63 deletions

diff --git a/usr.bin/ssh/auth-rh-rsa.c b/usr.bin/ssh/auth-rh-rsa.c
index 506a5a23981..870436b5516 100644
--- a/usr.bin/ssh/auth-rh-rsa.c
+++ b/usr.bin/ssh/auth-rh-rsa.c

@@ -13,7 +13,7 @@

#include "includes.h"

-RCSID("$OpenBSD: auth-rh-rsa.c,v 1.23 2001/04/06 21:00:04 markus Exp $");

+RCSID("$OpenBSD: auth-rh-rsa.c,v 1.24 2001/06/23 00:20:57 markus Exp $");

#include "packet.h"

#include "xmalloc.h"

@@ -38,7 +38,7 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key

extern ServerOptions options;

const char *canonical_hostname;

HostStatus host_status;

- Key *client_key, *found;

+ Key *client_key;

debug("Trying rhosts with RSA host authentication for client user %.100s", client_user);

@@ -58,37 +58,12 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key

client_key = key_new(KEY_RSA1);

BN_copy(client_key->rsa->e, client_host_key->e);

BN_copy(client_key->rsa->n, client_host_key->n);

- found = key_new(KEY_RSA1);

- /* Check if we know the host and its host key. */

- host_status = check_host_in_hostfile(_PATH_SSH_SYSTEM_HOSTFILE, canonical_hostname,

- client_key, found, NULL);

+ host_status = check_key_in_hostfiles(pw, client_key, canonical_hostname,

+ _PATH_SSH_SYSTEM_HOSTFILE,

+ options.ignore_user_known_hosts ? _PATH_SSH_USER_HOSTFILE : NULL);

- /* Check user host file unless ignored. */

- if (host_status != HOST_OK && !options.ignore_user_known_hosts) {

- struct stat st;

- char *user_hostfile = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid);

- /*

- * Check file permissions of _PATH_SSH_USER_HOSTFILE, auth_rsa()

- * did already check pw->pw_dir, but there is a race XXX

- */

- if (options.strict_modes &&

- (stat(user_hostfile, &st) == 0) &&

- ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||

- (st.st_mode & 022) != 0)) {

- log("Rhosts RSA authentication refused for %.100s: bad owner or modes for %.200s",

- pw->pw_name, user_hostfile);

- } else {

- /* XXX race between stat and the following open() */

- temporarily_use_uid(pw);

- host_status = check_host_in_hostfile(user_hostfile, canonical_hostname,

- client_key, found, NULL);

- restore_uid();

- }

- xfree(user_hostfile);

- }

key_free(client_key);

- key_free(found);

if (host_status != HOST_OK) {

debug("Rhosts with RSA host authentication denied: unknown or invalid host key");

diff --git a/usr.bin/ssh/auth.c b/usr.bin/ssh/auth.c
index 5f51ba7eb4c..ffd7e174ef9 100644
--- a/usr.bin/ssh/auth.c
+++ b/usr.bin/ssh/auth.c

@@ -23,7 +23,7 @@

#include "includes.h"

-RCSID("$OpenBSD: auth.c,v 1.23 2001/05/24 11:12:42 markus Exp $");

+RCSID("$OpenBSD: auth.c,v 1.24 2001/06/23 00:20:57 markus Exp $");

#include <libgen.h>

@@ -37,6 +37,8 @@ RCSID("$OpenBSD: auth.c,v 1.23 2001/05/24 11:12:42 markus Exp $");

#include "canohost.h"

#include "buffer.h"

#include "bufaux.h"

+#include "uidswap.h"

+#include "tildexpand.h"

/* import */

extern ServerOptions options;

@@ -245,6 +247,45 @@ authorized_keys_file2(struct passwd *pw)

return expand_filename(options.authorized_keys_file2, pw);

}

+/* return ok if key exists in sysfile or userfile */

+HostStatus

+check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,

+ const char *sysfile, const char *userfile)

+ Key *found;

+ char *user_hostfile;

+ struct stat st;

+ int host_status;

+ /* Check if we know the host and its host key. */

+ found = key_new(key->type);

+ host_status = check_host_in_hostfile(sysfile, host, key, found, NULL);

+ if (host_status != HOST_OK && userfile != NULL) {

+ user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);

+ if (options.strict_modes &&

+ (stat(user_hostfile, &st) == 0) &&

+ ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||

+ (st.st_mode & 022) != 0)) {

+ log("Authentication refused for %.100s: "

+ "bad owner or modes for %.200s",

+ pw->pw_name, user_hostfile);

+ } else {

+ temporarily_use_uid(pw);

+ host_status = check_host_in_hostfile(user_hostfile,

+ host, key, found, NULL);

+ restore_uid();

+ }

+ xfree(user_hostfile);

+ }

+ key_free(found);

+ debug2("check_key_in_hostfiles: key %s for %s", host_status == HOST_OK ?

+ "ok" : "not found", host);

+ return host_status;

* Check a given file for security. This is defined as all components

* of the path to the file must either be owned by either the owner of

diff --git a/usr.bin/ssh/auth.h b/usr.bin/ssh/auth.h
index 4e5e850ce17..20ead3d717e 100644
--- a/usr.bin/ssh/auth.h
+++ b/usr.bin/ssh/auth.h

@@ -21,11 +21,13 @@

* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF

* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

- * $OpenBSD: auth.h,v 1.17 2001/05/20 17:20:35 markus Exp $

+ * $OpenBSD: auth.h,v 1.18 2001/06/23 00:20:58 markus Exp $

#ifndef AUTH_H

#define AUTH_H

+#include "key.h"

+#include "hostfile.h"

#include <openssl/rsa.h>

#ifdef HAVE_LOGIN_CAP

@@ -156,7 +158,6 @@ int verify_response(Authctxt *authctxt, const char *response);

struct passwd * auth_get_user(void);

/* expand a filename - return buffer is allocated by xmalloc */

char *expand_filename(const char *template, struct passwd *pw);

char *authorized_keys_file(struct passwd *pw);

@@ -166,6 +167,11 @@ char *authorized_keys_file2(struct passwd *pw);

int

secure_filename(FILE *f, const char *file, uid_t u, char *err, size_t errlen);

+/* helper for hostbased auth */

+HostStatus

+check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,

+ const char *sysfile, const char *userfile);

#define AUTH_FAIL_MAX 6

#define AUTH_FAIL_LOG (AUTH_FAIL_MAX/2)

#define AUTH_FAIL_MSG "Too many authentication failures for %.100s"

diff --git a/usr.bin/ssh/auth2.c b/usr.bin/ssh/auth2.c
index 0eb0699255a..805182c944f 100644
--- a/usr.bin/ssh/auth2.c
+++ b/usr.bin/ssh/auth2.c

@@ -23,7 +23,7 @@

#include "includes.h"

-RCSID("$OpenBSD: auth2.c,v 1.63 2001/06/22 21:55:49 markus Exp $");

+RCSID("$OpenBSD: auth2.c,v 1.64 2001/06/23 00:20:58 markus Exp $");

#include <openssl/evp.h>

@@ -709,10 +709,7 @@ int

hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,

Key *key)

{

- Key *found;

const char *resolvedname, *ipaddr, *lookup;

- struct stat st;

- char *user_hostfile;

int host_status, len;

resolvedname = get_canonical_hostname(options.reverse_mapping_check);

@@ -740,32 +737,17 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,

}

debug2("userauth_hostbased: access allowed by auth_rhosts2");

- /* XXX this is copied from auth-rh-rsa.c and should be shared */

- found = key_new(key->type);

- host_status = check_host_in_hostfile(_PATH_SSH_SYSTEM_HOSTFILE2, lookup,

- key, found, NULL);

- if (host_status != HOST_OK && !options.ignore_user_known_hosts) {

- user_hostfile = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE2,

- pw->pw_uid);

- if (options.strict_modes &&

- (stat(user_hostfile, &st) == 0) &&

- ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||

- (st.st_mode & 022) != 0)) {

- log("Hostbased authentication refused for %.100s: "

- "bad owner or modes for %.200s",

- pw->pw_name, user_hostfile);

- } else {

- temporarily_use_uid(pw);

- host_status = check_host_in_hostfile(user_hostfile,

- lookup, key, found, NULL);

- restore_uid();

- }

- xfree(user_hostfile);

- }

- key_free(found);

+ host_status = check_key_in_hostfiles(pw, key, lookup,

+ _PATH_SSH_SYSTEM_HOSTFILE,

+ options.ignore_user_known_hosts ? _PATH_SSH_USER_HOSTFILE : NULL);

+ /* backward compat if no key has been found. */

+ if (host_status == HOST_NEW)

+ host_status = check_key_in_hostfiles(pw, key, lookup,

+ _PATH_SSH_SYSTEM_HOSTFILE2,

+ options.ignore_user_known_hosts ? _PATH_SSH_USER_HOSTFILE2 :

+ NULL);

- debug2("userauth_hostbased: key %s for %s", host_status == HOST_OK ?

- "ok" : "not found", lookup);

return (host_status == HOST_OK);

}