- markus@cvs.openbsd.org 2001/06/23 00:20:57

[auth2.c auth.c auth.h auth-rh-rsa.c] *known_hosts2 is obsolete for hostbased authentication and only used for backward compat. merge ssh1/2 hostkey check and move it to auth.c
author: Ben Lindstrom <mouring@eviladmin.org> 2001-06-25 04:30:16 +0000
committer: Ben Lindstrom <mouring@eviladmin.org> 2001-06-25 04:30:16 +0000
commit: 83647ce474c37c8533e2aaf02f7366fbc0602ad9 (patch)
tree: 940fb5b1b82e7714a67188b8758d05674f935697
parent: 7d5ed3a07b0f00e961d636514ac42d4f1bc57a3e (diff)
5 files changed, 73 insertions, 64 deletions
diff --git a/ChangeLog b/ChangeLog
index 5f29306f..997b3c9c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -38,6 +38,11 @@
    - deraadt@cvs.openbsd.org 2001/06/23 00:16:16
      [scp.c]
      slightly better care
+   - markus@cvs.openbsd.org 2001/06/23 00:20:57
+     [auth2.c auth.c auth.h auth-rh-rsa.c]
+     *known_hosts2 is obsolete for hostbased authentication and
+     only used for backward compat. merge ssh1/2 hostkey check
+     and move it to auth.c
 
 20010622
  - (stevesk) handle systems without pw_expire and pw_change.
@@ -5722,4 +5727,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.1306 2001/06/25 04:28:30 mouring Exp $
+$Id: ChangeLog,v 1.1307 2001/06/25 04:30:16 mouring Exp $
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c
index 506a5a23..870436b5 100644
--- a/auth-rh-rsa.c
+++ b/auth-rh-rsa.c
@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-rh-rsa.c,v 1.23 2001/04/06 21:00:04 markus Exp $");
+RCSID("$OpenBSD: auth-rh-rsa.c,v 1.24 2001/06/23 00:20:57 markus Exp $");
 
 #include "packet.h"
 #include "xmalloc.h"
@@ -38,7 +38,7 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key
 	extern ServerOptions options;
 	const char *canonical_hostname;
 	HostStatus host_status;
-	Key *client_key, *found;
+	Key *client_key;
 
 	debug("Trying rhosts with RSA host authentication for client user %.100s", client_user);
 
@@ -58,37 +58,12 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key
 	client_key = key_new(KEY_RSA1);
 	BN_copy(client_key->rsa->e, client_host_key->e);
 	BN_copy(client_key->rsa->n, client_host_key->n);
-	found = key_new(KEY_RSA1);
 
-	/* Check if we know the host and its host key. */
-	host_status = check_host_in_hostfile(_PATH_SSH_SYSTEM_HOSTFILE, canonical_hostname,
-	    client_key, found, NULL);
+	host_status = check_key_in_hostfiles(pw, client_key, canonical_hostname,
+	    _PATH_SSH_SYSTEM_HOSTFILE,
+	    options.ignore_user_known_hosts ? _PATH_SSH_USER_HOSTFILE : NULL);
 
-	/* Check user host file unless ignored. */
-	if (host_status != HOST_OK && !options.ignore_user_known_hosts) {
-		struct stat st;
-		char *user_hostfile = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid);
-		/*
-		 * Check file permissions of _PATH_SSH_USER_HOSTFILE, auth_rsa()
-		 * did already check pw->pw_dir, but there is a race XXX
-		 */
-		if (options.strict_modes &&
-		    (stat(user_hostfile, &st) == 0) &&
-		    ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
-		     (st.st_mode & 022) != 0)) {
-			log("Rhosts RSA authentication refused for %.100s: bad owner or modes for %.200s",
-			    pw->pw_name, user_hostfile);
-		} else {
-			/* XXX race between stat and the following open() */
-			temporarily_use_uid(pw);
-			host_status = check_host_in_hostfile(user_hostfile, canonical_hostname,
-			    client_key, found, NULL);
-			restore_uid();
-		}
-		xfree(user_hostfile);
-	}
 	key_free(client_key);
-	key_free(found);
 
 	if (host_status != HOST_OK) {
 		debug("Rhosts with RSA host authentication denied: unknown or invalid host key");
diff --git a/auth.c b/auth.c
index e4f86754..9abcdde1 100644
--- a/auth.c
+++ b/auth.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.23 2001/05/24 11:12:42 markus Exp $");
+RCSID("$OpenBSD: auth.c,v 1.24 2001/06/23 00:20:57 markus Exp $");
 
 #ifdef HAVE_LOGIN_H
 #include <login.h>
@@ -46,6 +46,8 @@ RCSID("$OpenBSD: auth.c,v 1.23 2001/05/24 11:12:42 markus Exp $");
 #include "canohost.h"
 #include "buffer.h"
 #include "bufaux.h"
+#include "uidswap.h"
+#include "tildexpand.h"
 
 /* import */
 extern ServerOptions options;
@@ -297,6 +299,45 @@ authorized_keys_file2(struct passwd *pw)
 	return expand_filename(options.authorized_keys_file2, pw);
 }
 
+/* return ok if key exists in sysfile or userfile */
+HostStatus
+check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,
+    const char *sysfile, const char *userfile)
+{
+	Key *found;
+	char *user_hostfile;
+	struct stat st;
+	int host_status;
+
+	/* Check if we know the host and its host key. */
+	found = key_new(key->type);
+	host_status = check_host_in_hostfile(sysfile, host, key, found, NULL);
+
+	if (host_status != HOST_OK && userfile != NULL) {
+		user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);
+		if (options.strict_modes &&
+		    (stat(user_hostfile, &st) == 0) &&
+		    ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
+		     (st.st_mode & 022) != 0)) {
+			log("Authentication refused for %.100s: "
+			    "bad owner or modes for %.200s",
+			    pw->pw_name, user_hostfile);
+		} else {
+			temporarily_use_uid(pw);
+			host_status = check_host_in_hostfile(user_hostfile,
+			    host, key, found, NULL);
+			restore_uid();
+		}
+		xfree(user_hostfile);
+	}
+	key_free(found);
+
+	debug2("check_key_in_hostfiles: key %s for %s", host_status == HOST_OK ?
+	    "ok" : "not found", host);
+	return host_status;
+}
+
+
 /*
  * Check a given file for security. This is defined as all components
  * of the path to the file must either be owned by either the owner of
diff --git a/auth.h b/auth.h
index 2d1f1e9b..b9585d3a 100644
--- a/auth.h
+++ b/auth.h
@@ -21,11 +21,13 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
- * $OpenBSD: auth.h,v 1.17 2001/05/20 17:20:35 markus Exp $
+ * $OpenBSD: auth.h,v 1.18 2001/06/23 00:20:58 markus Exp $
  */
 #ifndef AUTH_H
 #define AUTH_H
 
+#include "key.h"
+#include "hostfile.h"
 #include <openssl/rsa.h>
 
 #ifdef HAVE_LOGIN_CAP
@@ -159,7 +161,6 @@ int	verify_response(Authctxt *authctxt, const char *response);
 
 struct passwd * auth_get_user(void);
 
-
 /* expand a filename - return buffer is allocated by xmalloc */
 char	*expand_filename(const char *template, struct passwd *pw);
 char	*authorized_keys_file(struct passwd *pw);
@@ -169,6 +170,11 @@ char	*authorized_keys_file2(struct passwd *pw);
 int
 secure_filename(FILE *f, const char *file, uid_t u, char *err, size_t errlen);
 
+/* helper for hostbased auth */
+HostStatus
+check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,
+    const char *sysfile, const char *userfile);
+
 #define AUTH_FAIL_MAX 6
 #define AUTH_FAIL_LOG (AUTH_FAIL_MAX/2)
 #define AUTH_FAIL_MSG "Too many authentication failures for %.100s"
diff --git a/auth2.c b/auth2.c
index 1d635d60..3d2dcdc6 100644
--- a/auth2.c
+++ b/auth2.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.63 2001/06/22 21:55:49 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.64 2001/06/23 00:20:58 markus Exp $");
 
 #include <openssl/evp.h>
 
@@ -761,10 +761,7 @@ int
 hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
     Key *key)
 {
-	Key *found;
 	const char *resolvedname, *ipaddr, *lookup;
-	struct stat st;
-	char *user_hostfile;
 	int host_status, len;
 
 	resolvedname = get_canonical_hostname(options.reverse_mapping_check);
@@ -792,32 +789,17 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
 	}
 	debug2("userauth_hostbased: access allowed by auth_rhosts2");
 
-	/* XXX this is copied from auth-rh-rsa.c and should be shared */
-	found = key_new(key->type);
-	host_status = check_host_in_hostfile(_PATH_SSH_SYSTEM_HOSTFILE2, lookup,
-	    key, found, NULL);
-
-	if (host_status != HOST_OK && !options.ignore_user_known_hosts) {
-		user_hostfile = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE2,
-		    pw->pw_uid);
-		if (options.strict_modes &&
-		    (stat(user_hostfile, &st) == 0) &&
-		    ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
-		     (st.st_mode & 022) != 0)) {
-			log("Hostbased authentication refused for %.100s: "
-			    "bad owner or modes for %.200s",
-			    pw->pw_name, user_hostfile);
-		} else {
-			temporarily_use_uid(pw);
-			host_status = check_host_in_hostfile(user_hostfile,
-			    lookup, key, found, NULL);
-			restore_uid();
-		}
-		xfree(user_hostfile);
-	}
-	key_free(found);
+	host_status = check_key_in_hostfiles(pw, key, lookup,
+	    _PATH_SSH_SYSTEM_HOSTFILE,
+            options.ignore_user_known_hosts ? _PATH_SSH_USER_HOSTFILE : NULL);
+
+	/* backward compat if no key has been found. */
+	if (host_status == HOST_NEW)
+		host_status = check_key_in_hostfiles(pw, key, lookup,
+		    _PATH_SSH_SYSTEM_HOSTFILE2,
+		    options.ignore_user_known_hosts ? _PATH_SSH_USER_HOSTFILE2 :
+		    NULL);
 
-	debug2("userauth_hostbased: key %s for %s", host_status == HOST_OK ?
-	    "ok" : "not found", lookup);
 	return (host_status == HOST_OK);
 }
+
author	Ben Lindstrom <mouring@eviladmin.org>	2001-06-25 04:30:16 +0000
committer	Ben Lindstrom <mouring@eviladmin.org>	2001-06-25 04:30:16 +0000
commit	83647ce474c37c8533e2aaf02f7366fbc0602ad9 (patch)
tree	940fb5b1b82e7714a67188b8758d05674f935697
parent	7d5ed3a07b0f00e961d636514ac42d4f1bc57a3e (diff)