diff options
| author | Ben Lindstrom <mouring@eviladmin.org> | 2002-03-22 02:30:41 +0000 |
|---|---|---|
| committer | Ben Lindstrom <mouring@eviladmin.org> | 2002-03-22 02:30:41 +0000 |
| commit | 7a2073c50b92c053594d48a651ebafae052a71ed (patch) | |
| tree | 7cfceb925262a07a356b0667e19f33eec497b602 | |
| parent | 0f345f5ee1e71e1e9f8780ec13b2da23b6a9f7f8 (diff) | |
- provos@cvs.openbsd.org 2002/03/18 17:50:31
[auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h
auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c
session.h servconf.h serverloop.c session.c sshd.c]
integrate privilege separated openssh; its turned off by default for now.
work done by me and markus@
applied, but outside of ensure that smaller code bits migrated with
their owners.. no work was tried to 'fix' it to work. =) Later project!
| -rw-r--r-- | ChangeLog | 8 | ||||
| -rw-r--r-- | Makefile.in | 6 | ||||
| -rw-r--r-- | auth-bsdauth.c | 15 | ||||
| -rw-r--r-- | auth-options.c | 80 | ||||
| -rw-r--r-- | auth-rh-rsa.c | 6 | ||||
| -rw-r--r-- | auth-rsa.c | 17 | ||||
| -rw-r--r-- | auth-skey.c | 17 | ||||
| -rw-r--r-- | auth.h | 5 | ||||
| -rw-r--r-- | auth1.c | 25 | ||||
| -rw-r--r-- | auth2-chall.c | 21 | ||||
| -rw-r--r-- | auth2.c | 43 | ||||
| -rw-r--r-- | kex.c | 8 | ||||
| -rw-r--r-- | kex.h | 3 | ||||
| -rw-r--r-- | kexdh.c | 5 | ||||
| -rw-r--r-- | kexgex.c | 9 | ||||
| -rw-r--r-- | monitor.c | 1440 | ||||
| -rw-r--r-- | monitor.h | 78 | ||||
| -rw-r--r-- | monitor_fdpass.c | 86 | ||||
| -rw-r--r-- | monitor_fdpass.h | 32 | ||||
| -rw-r--r-- | monitor_mm.c | 329 | ||||
| -rw-r--r-- | monitor_mm.h | 64 | ||||
| -rw-r--r-- | monitor_wrap.c | 894 | ||||
| -rw-r--r-- | monitor_wrap.h | 85 | ||||
| -rw-r--r-- | servconf.c | 42 | ||||
| -rw-r--r-- | servconf.h | 5 | ||||
| -rw-r--r-- | serverloop.c | 4 | ||||
| -rw-r--r-- | session.c | 117 | ||||
| -rw-r--r-- | session.h | 34 | ||||
| -rw-r--r-- | sshd.c | 209 |
29 files changed, 3549 insertions, 138 deletions
@@ -59,6 +59,12 @@ - provos@cvs.openbsd.org 2002/03/18 17:31:54 [compress.c] export compression streams for ssh-privsep + - provos@cvs.openbsd.org 2002/03/18 17:50:31 + [auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h + auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c + session.h servconf.h serverloop.c session.c sshd.c] + integrate privilege separated openssh; its turned off by default for now. + work done by me and markus@ 20020317 - (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is wanted, @@ -7905,4 +7911,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1942 2002/03/22 01:51:24 mouring Exp $ +$Id: ChangeLog,v 1.1943 2002/03/22 02:30:41 mouring Exp $ diff --git a/Makefile.in b/Makefile.in index 31aa8e58..cae801ef 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.199 2002/03/13 02:19:42 djm Exp $ +# $Id: Makefile.in,v 1.200 2002/03/22 02:30:43 mouring Exp $ prefix=@prefix@ exec_prefix=@exec_prefix@ @@ -50,11 +50,11 @@ INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@ TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} $(SFTP_PROGS) -LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o dh.o dispatch.o fatal.o mac.o hostfile.o key.o kex.o kexdh.o kexgex.o log.o match.o misc.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o scard.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o +LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o dh.o dispatch.o fatal.o mac.o hostfile.o key.o kex.o kexdh.o kexgex.o log.o match.o misc.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o scard.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o monitor_wrap.o monitor_fdpass.o SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o sshtty.o readconf.o clientloop.o -SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-pam.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o sshpty.o sshlogin.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o auth-skey.o auth-bsdauth.o +SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-pam.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o sshpty.o sshlogin.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o auth-skey.o auth-bsdauth.o monitor_mm.o monitor.o MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 diff --git a/auth-bsdauth.c b/auth-bsdauth.c index b70d48f2..fa06732c 100644 --- a/auth-bsdauth.c +++ b/auth-bsdauth.c @@ -22,12 +22,13 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: auth-bsdauth.c,v 1.2 2001/12/19 07:18:56 deraadt Exp $"); +RCSID("$OpenBSD: auth-bsdauth.c,v 1.3 2002/03/18 17:50:31 provos Exp $"); #ifdef BSD_AUTH #include "xmalloc.h" #include "auth.h" #include "log.h" +#include "monitor_wrap.h" static void * bsdauth_init_ctx(Authctxt *authctxt) @@ -35,7 +36,7 @@ bsdauth_init_ctx(Authctxt *authctxt) return authctxt; } -static int +int bsdauth_query(void *ctx, char **name, char **infotxt, u_int *numprompts, char ***prompts, u_int **echo_on) { @@ -76,7 +77,7 @@ bsdauth_query(void *ctx, char **name, char **infotxt, return 0; } -static int +int bsdauth_respond(void *ctx, u_int numresponses, char **responses) { Authctxt *authctxt = ctx; @@ -113,4 +114,12 @@ KbdintDevice bsdauth_device = { bsdauth_respond, bsdauth_free_ctx }; + +KbdintDevice mm_bsdauth_device = { + "bsdauth", + bsdauth_init_ctx, + mm_bsdauth_query, + mm_bsdauth_respond, + bsdauth_free_ctx +}; #endif diff --git a/auth-options.c b/auth-options.c index 8df6a6df..48be6d8e 100644 --- a/auth-options.c +++ b/auth-options.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-options.c,v 1.21 2002/01/29 14:32:03 markus Exp $"); +RCSID("$OpenBSD: auth-options.c,v 1.22 2002/03/18 17:50:31 provos Exp $"); #include "packet.h" #include "xmalloc.h" @@ -20,7 +20,13 @@ RCSID("$OpenBSD: auth-options.c,v 1.21 2002/01/29 14:32:03 markus Exp $"); #include "channels.h" #include "auth-options.h" #include "servconf.h" +#include "bufaux.h" #include "misc.h" +#include "monitor_wrap.h" + +/* Debugging messages */ +Buffer auth_debug; +int auth_debug_init; /* Flags set authorized_keys flags */ int no_port_forwarding_flag = 0; @@ -37,8 +43,27 @@ struct envstring *custom_environment = NULL; extern ServerOptions options; void +auth_send_debug(Buffer *m) +{ + char *msg; + + while (buffer_len(m)) { + msg = buffer_get_string(m, NULL); + packet_send_debug("%s", msg); + xfree(msg); + } +} + +void auth_clear_options(void) { + if (auth_debug_init) + buffer_clear(&auth_debug); + else { + buffer_init(&auth_debug); + auth_debug_init = 1; + } + no_agent_forwarding_flag = 0; no_port_forwarding_flag = 0; no_pty_flag = 0; @@ -63,6 +88,7 @@ auth_clear_options(void) int auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) { + char tmp[1024]; const char *cp; int i; @@ -75,28 +101,32 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) while (*opts && *opts != ' ' && *opts != '\t') { cp = "no-port-forwarding"; if (strncasecmp(opts, cp, strlen(cp)) == 0) { - packet_send_debug("Port forwarding disabled."); + snprintf(tmp, sizeof(tmp), "Port forwarding disabled."); + buffer_put_cstring(&auth_debug, tmp); no_port_forwarding_flag = 1; opts += strlen(cp); goto next_option; } cp = "no-agent-forwarding"; if (strncasecmp(opts, cp, strlen(cp)) == 0) { - packet_send_debug("Agent forwarding disabled."); + snprintf(tmp, sizeof(tmp), "Agent forwarding disabled."); + buffer_put_cstring(&auth_debug, tmp); no_agent_forwarding_flag = 1; opts += strlen(cp); goto next_option; } cp = "no-X11-forwarding"; if (strncasecmp(opts, cp, strlen(cp)) == 0) { - packet_send_debug("X11 forwarding disabled."); + snprintf(tmp, sizeof(tmp), "X11 forwarding disabled."); + buffer_put_cstring(&auth_debug, tmp); no_x11_forwarding_flag = 1; opts += strlen(cp); goto next_option; } cp = "no-pty"; if (strncasecmp(opts, cp, strlen(cp)) == 0) { - packet_send_debug("Pty allocation disabled."); + snprintf(tmp, sizeof(tmp), "Pty allocation disabled."); + buffer_put_cstring(&auth_debug, tmp); no_pty_flag = 1; opts += strlen(cp); goto next_option; @@ -119,14 +149,16 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) if (!*opts) { debug("%.100s, line %lu: missing end quote", file, linenum); - packet_send_debug("%.100s, line %lu: missing end quote", + snprintf(tmp, sizeof(tmp), "%.100s, line %lu: missing end quote", file, linenum); + buffer_put_cstring(&auth_debug, tmp); xfree(forced_command); forced_command = NULL; goto bad_option; } forced_command[i] = 0; - packet_send_debug("Forced command: %.900s", forced_command); + snprintf(tmp, sizeof(tmp), "Forced command: %.900s", forced_command); + buffer_put_cstring(&auth_debug, tmp); opts++; goto next_option; } @@ -151,13 +183,15 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) if (!*opts) { debug("%.100s, line %lu: missing end quote", file, linenum); - packet_send_debug("%.100s, line %lu: missing end quote", + snprintf(tmp, sizeof(tmp), "%.100s, line %lu: missing end quote", file, linenum); + buffer_put_cstring(&auth_debug, tmp); xfree(s); goto bad_option; } s[i] = 0; - packet_send_debug("Adding to environment: %.900s", s); + snprintf(tmp, sizeof(tmp), "Adding to environment: %.900s", s); + buffer_put_cstring(&auth_debug, tmp); debug("Adding to environment: %.900s", s); opts++; new_envstring = xmalloc(sizeof(struct envstring)); @@ -188,8 +222,9 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) if (!*opts) { debug("%.100s, line %lu: missing end quote", file, linenum); - packet_send_debug("%.100s, line %lu: missing end quote", + snprintf(tmp, sizeof(tmp), "%.100s, line %lu: missing end quote", file, linenum); + buffer_put_cstring(&auth_debug, tmp); xfree(patterns); goto bad_option; } @@ -202,9 +237,11 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) "correct key but not from a permitted " "host (host=%.200s, ip=%.200s).", pw->pw_name, remote_host, remote_ip); - packet_send_debug("Your host '%.200s' is not " + snprintf(tmp, sizeof(tmp), + "Your host '%.200s' is not " "permitted to use this key for login.", remote_host); + buffer_put_cstring(&auth_debug, tmp); /* deny access */ return 0; } @@ -233,8 +270,9 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) if (!*opts) { debug("%.100s, line %lu: missing end quote", file, linenum); - packet_send_debug("%.100s, line %lu: missing end quote", + snprintf(tmp, sizeof(tmp), "%.100s, line %lu: missing end quote", file, linenum); + buffer_put_cstring(&auth_debug, tmp); xfree(patterns); goto bad_option; } @@ -244,16 +282,18 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) sscanf(patterns, "%255[^/]/%5[0-9]", host, sport) != 2) { debug("%.100s, line %lu: Bad permitopen specification " "<%.100s>", file, linenum, patterns); - packet_send_debug("%.100s, line %lu: " + snprintf(tmp, sizeof(tmp), "%.100s, line %lu: " "Bad permitopen specification", file, linenum); + buffer_put_cstring(&auth_debug, tmp); xfree(patterns); goto bad_option; } if ((port = a2port(sport)) == 0) { debug("%.100s, line %lu: Bad permitopen port <%.100s>", file, linenum, sport); - packet_send_debug("%.100s, line %lu: " + snprintf(tmp, sizeof(tmp), "%.100s, line %lu: " "Bad permitopen port", file, linenum); + buffer_put_cstring(&auth_debug, tmp); xfree(patterns); goto bad_option; } @@ -276,14 +316,24 @@ next_option: opts++; /* Process the next option. */ } + + if (!use_privsep) + auth_send_debug(&auth_debug); + /* grant access */ return 1; bad_option: log("Bad options in %.100s file, line %lu: %.50s", file, linenum, opts); - packet_send_debug("Bad options in %.100s file, line %lu: %.50s", + snprintf(tmp, sizeof(tmp), + "Bad options in %.100s file, line %lu: %.50s", file, linenum, opts); + buffer_put_cstring(&auth_debug, tmp); + + if (!use_privsep) + auth_send_debug(&auth_debug); + /* deny access */ return 0; } diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c index 2a88e18b..c940ec58 100644 --- a/auth-rh-rsa.c +++ b/auth-rh-rsa.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rh-rsa.c,v 1.31 2002/03/16 17:22:09 markus Exp $"); +RCSID("$OpenBSD: auth-rh-rsa.c,v 1.32 2002/03/18 17:50:31 provos Exp $"); #include "packet.h" #include "uidswap.h" @@ -25,6 +25,8 @@ RCSID("$OpenBSD: auth-rh-rsa.c,v 1.31 2002/03/16 17:22:09 markus Exp $"); #include "auth.h" #include "canohost.h" +#include "monitor_wrap.h" + /* import */ extern ServerOptions options; @@ -69,7 +71,7 @@ auth_rhosts_rsa(struct passwd *pw, char *cuser, Key *client_host_key) chost = (char *)get_canonical_hostname(options.verify_reverse_mapping); debug("Rhosts RSA authentication: canonical host %.900s", chost); - if (!auth_rhosts_rsa_key_allowed(pw, cuser, chost, client_host_key)) { + if (!PRIVSEP(auth_rhosts_rsa_key_allowed(pw, cuser, chost, client_host_key))) { debug("Rhosts with RSA host authentication denied: unknown or invalid host key"); packet_send_debug("Your host key cannot be verified: unknown or invalid host key."); return 0; @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rsa.c,v 1.51 2002/03/14 16:56:33 markus Exp $"); +RCSID("$OpenBSD: auth-rsa.c,v 1.52 2002/03/18 17:50:31 provos Exp $"); #include <openssl/rsa.h> #include <openssl/md5.h> @@ -32,6 +32,7 @@ RCSID("$OpenBSD: auth-rsa.c,v 1.51 2002/03/14 16:56:33 markus Exp $"); #include "servconf.h" #include "auth.h" #include "hostfile.h" +#include "monitor_wrap.h" /* import */ extern ServerOptions options; @@ -52,7 +53,7 @@ extern u_char session_id[16]; * description of the options. */ -static BIGNUM * +BIGNUM * auth_rsa_generate_challenge(Key *key) { BIGNUM *challenge; @@ -70,7 +71,7 @@ auth_rsa_generate_challenge(Key *key) return challenge; } -static int +int auth_rsa_verify_response(Key *key, BIGNUM *challenge, u_char response[16]) { u_char buf[32], mdbuf[16]; @@ -113,7 +114,7 @@ auth_rsa_challenge_dialog(Key *key) if ((encrypted_challenge = BN_new()) == NULL) fatal("auth_rsa_challenge_dialog: BN_new() failed"); - challenge = auth_rsa_generate_challenge(key); + challenge = PRIVSEP(auth_rsa_generate_challenge(key)); /* Encrypt the challenge with the public key. */ rsa_public_encrypt(encrypted_challenge, challenge, key->rsa); @@ -131,7 +132,7 @@ auth_rsa_challenge_dialog(Key *key) response[i] = packet_get_char(); packet_check_eom(); - success = auth_rsa_verify_response(key, challenge, response); + success = PRIVSEP(auth_rsa_verify_response(key, challenge, response)); BN_clear_free(challenge); return (success); } @@ -141,11 +142,11 @@ auth_rsa_challenge_dialog(Key *key) * return key if login is allowed, NULL otherwise */ -static int +int auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) { char line[8192], *file; - int allowed; + int allowed = 0; u_int bits; FILE *f; u_long linenum = 0; @@ -284,7 +285,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) if (pw == NULL) return 0; - if (auth_rsa_key_allowed(pw, client_n, &key) == 0) { + if (!PRIVSEP(auth_rsa_key_allowed(pw, client_n, &key))) { auth_clear_options(); return (0); } diff --git a/auth-skey.c b/auth-skey.c index df19f750..e897d187 100644 --- a/auth-skey.c +++ b/auth-skey.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: auth-skey.c,v 1.16 2002/01/12 13:10:29 markus Exp $"); +RCSID("$OpenBSD: auth-skey.c,v 1.17 2002/03/18 17:50:31 provos Exp $"); #ifdef SKEY @@ -30,6 +30,7 @@ RCSID("$OpenBSD: auth-skey.c,v 1.16 2002/01/12 13:10:29 markus Exp $"); #include "xmalloc.h" #include "auth.h" +#include "monitor_wrap.h" static void * skey_init_ctx(Authctxt *authctxt) @@ -37,8 +38,6 @@ skey_init_ctx(Authctxt *authctxt) return authctxt; } -#define PROMPT "\nS/Key Password: " - static int skey_query(void *ctx, char **name, char **infotxt, u_int* numprompts, char ***prompts, u_int **echo_on) @@ -58,10 +57,10 @@ skey_query(void *ctx, char **name, char **infotxt, *echo_on = xmalloc(*numprompts * sizeof(u_int)); (*echo_on)[0] = 0; - len = strlen(challenge) + strlen(PROMPT) + 1; + len = strlen(challenge) + strlen(SKEY_PROMPT) + 1; p = xmalloc(len); strlcpy(p, challenge, len); - strlcat(p, PROMPT, len); + strlcat(p, SKEY_PROMPT, len); (*prompts)[0] = p; return 0; @@ -93,4 +92,12 @@ KbdintDevice skey_device = { skey_respond, skey_free_ctx }; + +KbdintDevice mm_skey_device = { + "skey", + skey_init_ctx, + mm_skey_query, + mm_skey_respond, + skey_free_ctx +}; #endif /* SKEY */ @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.h,v 1.33 2002/03/18 01:12:14 provos Exp $ */ +/* $OpenBSD: auth.h,v 1.34 2002/03/18 17:50:31 provos Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -129,6 +129,8 @@ void auth_log(Authctxt *, int, char *, char *); void userauth_finish(Authctxt *, int, char *); int auth_root_allowed(char *); +void privsep_challenge_enable(void); + int auth2_challenge(Authctxt *, char *); void auth2_challenge_stop(Authctxt *); @@ -155,4 +157,5 @@ check_key_in_hostfiles(struct passwd *, Key *, const char *, #define AUTH_FAIL_LOG (AUTH_FAIL_MAX/2) #define AUTH_FAIL_MSG "Too many authentication failures for %.100s" +#define SKEY_PROMPT "\nS/Key Password: " #endif @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth1.c,v 1.37 2002/03/18 01:12:14 provos Exp $"); +RCSID("$OpenBSD: auth1.c,v 1.38 2002/03/18 17:50:31 provos Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -26,6 +26,7 @@ RCSID("$OpenBSD: auth1.c,v 1.37 2002/03/18 01:12:14 provos Exp $"); #include "session.h" #include "misc.h" #include "uidswap.h" +#include "monitor_wrap.h" /* import */ extern ServerOptions options; @@ -89,7 +90,7 @@ do_authloop(Authctxt *authctxt) #elif defined(HAVE_OSF_SIA) 0) { #else - auth_password(authctxt, "")) { + PRIVSEP(auth_password(authctxt, ""))) { #endif auth_log(authctxt, 1, "without authentication", ""); return; @@ -253,9 +254,8 @@ do_authloop(Authctxt *authctxt) /* Do SIA auth with password */ authenticated = auth_sia_password(authctxt->user, password); -#else /* !USE_PAM && !HAVE_OSF_SIA */ /* Try authentication with the password. */ - authenticated = auth_password(authctxt, password); + authenticated = PRIVSEP(auth_password(authctxt, password)); #endif /* USE_PAM */ memset(password, 0, strlen(password)); @@ -359,7 +359,7 @@ Authctxt * do_authentication(void) { Authctxt *authctxt; - struct passwd *pw; + struct passwd *pw = NULL, *pwent; u_int ulen; char *p, *user, *style = NULL; @@ -382,17 +382,22 @@ do_authentication(void) authctxt->style = style; /* Verify that the user is a valid user. */ - pw = getpwnamallow(user); - if (pw) { + pwent = PRIVSEP(getpwnamallow(user)); + if (pwent) { authctxt->valid = 1; - pw = pwcopy(pw); + pw = pwcopy(pwent); } else { debug("do_authentication: illegal user %s", user); pw = NULL; } + /* Free memory */ + if (use_privsep && pwent != NULL) + pwfree(pwent); + authctxt->pw = pw; - setproctitle("%s", pw ? user : "unknown"); + setproctitle("%s%s", pw ? user : "unknown", + use_privsep ? " [net]" : ""); #ifdef USE_PAM start_pam(pw == NULL ? "NOUSER" : user); @@ -403,7 +408,7 @@ do_authentication(void) * the server. (Unless you are running Windows) */ #ifndef HAVE_CYGWIN - if (getuid() != 0 && pw && pw->pw_uid != getuid()) + if (!use_privsep && getuid() != 0 && pw && pw->pw_uid != getuid()) packet_disconnect("Cannot change user when server not running as root."); #endif diff --git a/auth2-chall.c b/auth2-chall.c index 9f1d9327..38f955a0 100644 --- a/auth2-chall.c +++ b/auth2-chall.c @@ -23,7 +23,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: auth2-chall.c,v 1.16 2002/01/13 17:57:37 markus Exp $"); +RCSID("$OpenBSD: auth2-chall.c,v 1.17 2002/03/18 17:50:31 provos Exp $"); #include "ssh2.h" #include "auth.h" @@ -310,3 +310,22 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt) userauth_finish(authctxt, authenticated, method); xfree(method); } + +void +privsep_challenge_enable(void) +{ +#ifdef BSD_AUTH + extern KbdintDevice mm_bsdauth_device; +#endif +#ifdef SKEY + extern KbdintDevice mm_skey_device; +#endif + /* As long as SSHv1 has devices[0] hard coded this is fine */ +#ifdef BSD_AUTH + devices[0] = &mm_bsdauth_device; +#else +#ifdef SKEY + devices[0] = &mm_skey_device; +#endif +#endif +} @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2.c,v 1.87 2002/03/18 01:12:14 provos Exp $"); +RCSID("$OpenBSD: auth2.c,v 1.88 2002/03/18 17:50:31 provos Exp $"); #include <openssl/evp.h> @@ -51,13 +51,14 @@ RCSID("$OpenBSD: auth2.c,v 1.87 2002/03/18 01:12:14 provos Exp $"); #include "hostfile.h" #include "canohost.h" #include "match.h" +#include "monitor_wrap.h" /* import */ extern ServerOptions options; extern u_char *session_id2; extern int session_id2_len; -static Authctxt *x_authctxt = NULL; +Authctxt *x_authctxt = NULL; static int one = 1; typedef struct Authmethod Authmethod; @@ -75,8 +76,8 @@ static void input_userauth_request(int, u_int32_t, void *); /* helper */ static Authmethod *authmethod_lookup(const char *); static char *authmethods_get(void); -static int user_key_allowed(struct passwd *, Key *); -static int hostbased_key_allowed(struct passwd *, const char *, char *, Key *); +int user_key_allowed(struct passwd *, Key *); +int hostbased_key_allowed(struct passwd *, const char *, char *, Key *); /* auth */ static void userauth_banner(void); @@ -185,7 +186,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) if (authctxt->attempt++ == 0) { /* setup auth context */ struct passwd *pw = NULL; - pw = getpwnamallow(user); + pw = PRIVSEP(getpwnamallow(user)); if (pw && strcmp(service, "ssh-connection")==0) { authctxt->pw = pwcopy(pw); authctxt->valid = 1; @@ -199,10 +200,18 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) start_pam("NOUSER"); #endif } - setproctitle("%s", pw ? user : "unknown"); + /* Free memory */ + if (use_privsep && pw != NULL) + pwfree(pw); + + setproctitle("%s%s", pw ? user : "unknown", + use_privsep ? " [net]" : ""); authctxt->user = xstrdup(user); authctxt->service = xstrdup(service); authctxt->style = style ? xstrdup(style) : NULL; + + if (use_privsep) + mm_inform_authserv(service, style); } else if (strcmp(user, authctxt->user) != 0 || strcmp(service, authctxt->service) != 0) { packet_disconnect("Change of username or service not allowed: " @@ -333,7 +342,7 @@ userauth_none(Authctxt *authctxt) #elif defined(HAVE_OSF_SIA) return 0; #else /* !HAVE_OSF_SIA && !USE_PAM */ - return auth_password(authctxt, ""); + return PRIVSEP(auth_password(authctxt, "")); #endif /* USE_PAM */ } @@ -358,7 +367,7 @@ userauth_passwd(Authctxt *authctxt) #elif defined(HAVE_OSF_SIA) auth_sia_password(authctxt->user, password) == 1) #else /* !USE_PAM && !HAVE_OSF_SIA */ - auth_password(authctxt, password) == 1) + PRIVSEP(auth_password(authctxt, password)) == 1) #endif /* USE_PAM */ authenticated = 1; memset(password, 0, len); @@ -468,8 +477,10 @@ userauth_pubkey(Authctxt *authctxt) buffer_dump(&b); #endif /* test for correct signature */ - if (user_key_allowed(authctxt->pw, key) && - key_verify(key, sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1) + authenticated = 0; + if (PRIVSEP(user_key_allowed(authctxt->pw, key)) && + PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b), + buffer_len(&b))) == 1) authenticated = 1; buffer_clear(&b); xfree(sig); @@ -485,7 +496,7 @@ userauth_pubkey(Authctxt *authctxt) * if a user is not allowed to login. is this an * issue? -markus */ - if (user_key_allowed(authctxt->pw, key)) { + if (PRIVSEP(user_key_allowed(authctxt->pw, key))) { packet_start(SSH2_MSG_USERAUTH_PK_OK); packet_put_string(pkalg, alen); packet_put_string(pkblob, blen); @@ -573,8 +584,10 @@ userauth_hostbased(Authctxt *authctxt) buffer_dump(&b); #endif /* test for allowed key and correct signature */ - if (hostbased_key_allowed(authctxt->pw, cuser, chost, key) && - key_verify(key, sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1) + authenticated = 0; + if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) && + PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b), + buffer_len(&b))) == 1) authenticated = 1; buffer_clear(&b); @@ -731,7 +744,7 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file) } /* check whether given key is in .ssh/authorized_keys* */ -static int +int user_key_allowed(struct passwd *pw, Key *key) { int success; @@ -751,7 +764,7 @@ user_key_allowed(struct passwd *pw, Key *key) } /* return 1 if given hostkey is allowed */ -static int +int hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, Key *key) { @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kex.c,v 1.47 2002/02/28 15:46:33 markus Exp $"); +RCSID("$OpenBSD: kex.c,v 1.48 2002/03/18 17:50:31 provos Exp $"); #include <openssl/crypto.h> @@ -40,9 +40,15 @@ RCSID("$OpenBSD: kex.c,v 1.47 2002/02/28 15:46:33 markus Exp $"); #include "mac.h" #include "match.h" #include "dispatch.h" +#include "monitor.h" #define KEX_COOKIE_LEN 16 +/* Use privilege separation for sshd */ +int use_privsep; +struct monitor *monitor; + + /* prototype */ static void kex_kexinit_finish(Kex *); static void kex_choose_conf(Kex *); diff --git a/kex.h b/kex.h index 755bf332..2d3523a3 100644 --- a/ |