diff options
| author | Kevin Steves <stevesk@cvs.openbsd.org> | 2002-03-20 19:12:26 +0000 |
|---|---|---|
| committer | Kevin Steves <stevesk@cvs.openbsd.org> | 2002-03-20 19:12:26 +0000 |
| commit | 532e8762fdd1299c6042711b62799a1610d1c674 (patch) | |
| tree | da015222f64da0a6839ccc975c1c19a106a82782 /usr.bin | |
| parent | cd6441a7c10ebca46c9e044c23c3d7d45b380523 (diff) | |
for unprivileged user, group do:
pw=getpwnam(SSH_PRIVSEP_USER); do_setusercontext(pw). ok provos@
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/ssh/servconf.c | 21 | ||||
| -rw-r--r-- | usr.bin/ssh/servconf.h | 5 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh.h | 9 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd.c | 15 |
4 files changed, 21 insertions, 29 deletions
diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c index bb447e18549..ee7e4cd168a 100644 --- a/usr.bin/ssh/servconf.c +++ b/usr.bin/ssh/servconf.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.104 2002/03/19 03:03:43 stevesk Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.105 2002/03/20 19:12:24 stevesk Exp $"); #if defined(KRB4) || defined(KRB5) #include <krb.h> @@ -108,9 +108,6 @@ initialize_server_options(ServerOptions *options) options->authorized_keys_file = NULL; options->authorized_keys_file2 = NULL; - options->unprivileged_user = -1; - options->unprivileged_group = -1; - /* Needs to be accessable in many places */ use_privsep = -1; } @@ -237,10 +234,6 @@ fill_default_server_options(ServerOptions *options) /* Turn privilege separation _off_ by default */ if (use_privsep == -1) use_privsep = 0; - if (options->unprivileged_user == -1) - options->unprivileged_user = 32767; - if (options->unprivileged_group == -1) - options->unprivileged_group = 32767; } /* Keyword tokens. */ @@ -270,7 +263,7 @@ typedef enum { sBanner, sVerifyReverseMapping, sHostbasedAuthentication, sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, - sUsePrivilegeSeparation, sUnprivUser, sUnprivGroup, + sUsePrivilegeSeparation, sDeprecated } ServerOpCodes; @@ -344,8 +337,6 @@ static struct { { "authorizedkeysfile", sAuthorizedKeysFile }, { "authorizedkeysfile2", sAuthorizedKeysFile2 }, { "useprivilegeseparation", sUsePrivilegeSeparation}, - { "unprivuser", sUnprivUser}, - { "unprivgroup", sUnprivGroup}, { NULL, sBadOption } }; @@ -720,14 +711,6 @@ parse_flag: intptr = &use_privsep; goto parse_flag; - case sUnprivUser: - intptr = &options->unprivileged_user; - goto parse_int; - - case sUnprivGroup: - intptr = &options->unprivileged_group; - goto parse_int; - case sAllowUsers: while ((arg = strdelim(&cp)) && *arg != '\0') { if (options->num_allow_users >= MAX_ALLOW_USERS) diff --git a/usr.bin/ssh/servconf.h b/usr.bin/ssh/servconf.h index 8a7ed2c049d..3b0ac8cafe5 100644 --- a/usr.bin/ssh/servconf.h +++ b/usr.bin/ssh/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.56 2002/03/19 03:03:43 stevesk Exp $ */ +/* $OpenBSD: servconf.h,v 1.57 2002/03/20 19:12:25 stevesk Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -129,9 +129,6 @@ typedef struct { char *authorized_keys_file; /* File containing public keys */ char *authorized_keys_file2; - - int unprivileged_user; /* User unprivileged child uses */ - int unprivileged_group; /* Group unprivileged child uses */ } ServerOptions; void initialize_server_options(ServerOptions *); diff --git a/usr.bin/ssh/ssh.h b/usr.bin/ssh/ssh.h index 7b0ccf3e73e..e8bb6d4213b 100644 --- a/usr.bin/ssh/ssh.h +++ b/usr.bin/ssh/ssh.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.h,v 1.64 2002/03/04 17:27:39 stevesk Exp $ */ +/* $OpenBSD: ssh.h,v 1.65 2002/03/20 19:12:25 stevesk Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -85,4 +85,11 @@ /* Used to identify ``EscapeChar none'' */ #define SSH_ESCAPECHAR_NONE -2 +/* + * unprivileged user when UsePrivilegeSeparation=yes; + * sshd will change its pivileges to this user and its + * primary group. + */ +#define SSH_PRIVSEP_USER "nobody" + #endif /* SSH_H */ diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index 41ad6ec6fc1..93241f5d25d 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.234 2002/03/19 10:49:35 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.235 2002/03/20 19:12:25 stevesk Exp $"); #include <openssl/dh.h> #include <openssl/bn.h> @@ -512,6 +512,7 @@ privsep_preauth_child(void) { u_int32_t rand[256]; int i; + struct passwd *pw; /* Enable challenge-response authentication for privilege separation */ privsep_challenge_enable(); @@ -523,6 +524,11 @@ privsep_preauth_child(void) /* Demote the private keys to public keys. */ demote_sensitive_data(); + if ((pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) + fatal("%s: no user", SSH_PRIVSEP_USER); + memset(pw->pw_passwd, 0, strlen(pw->pw_passwd)); + endpwent(); + /* Change our root directory*/ if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, @@ -531,10 +537,9 @@ privsep_preauth_child(void) fatal("chdir(/)"); /* Drop our privileges */ - setegid(options.unprivileged_group); - setgid(options.unprivileged_group); - seteuid(options.unprivileged_user); - setuid(options.unprivileged_user); + debug3("privsep user:group %u:%u", (u_int)pw->pw_uid, + (u_int)pw->pw_gid); + do_setusercontext(pw); } static void |