X-Git-Url: http://andersk.mit.edu/gitweb/gssapi-openssh.git/blobdiff_plain/dfddba3d7e01aaef75b0f84b9f3c53f34e2504c9..9fb46e529d8731bf8ea9981ee29f831b04a55672:/openssh/auth.c diff --git a/openssh/auth.c b/openssh/auth.c index 70bf48a..f35600e 100644 --- a/openssh/auth.c +++ b/openssh/auth.c @@ -1,3 +1,4 @@ +/* $OpenBSD: auth.c,v 1.78 2007/09/21 08:15:29 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -23,39 +24,56 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth.c,v 1.57 2005/01/22 08:17:59 dtucker Exp $"); +#include +#include +#include + +#include + +#include +#ifdef HAVE_PATHS_H +# include +#endif +#include #ifdef HAVE_LOGIN_H #include #endif #ifdef USE_SHADOW #include #endif - #ifdef HAVE_LIBGEN_H #include #endif +#include +#include +#include #include "xmalloc.h" #include "match.h" #include "groupaccess.h" #include "log.h" +#include "buffer.h" #include "servconf.h" +#include "key.h" +#include "hostfile.h" #include "auth.h" #include "auth-options.h" #include "canohost.h" -#include "buffer.h" -#include "bufaux.h" #include "uidswap.h" #include "misc.h" -#include "bufaux.h" #include "packet.h" #include "loginrec.h" +#ifdef GSSAPI +#include "ssh-gss.h" +#endif #include "monitor_wrap.h" /* import */ extern ServerOptions options; +extern int use_privsep; extern Buffer loginmsg; +extern struct passwd *privsep_pw; /* Debugging messages */ Buffer auth_debug; @@ -76,7 +94,7 @@ allowed_user(struct passwd * pw) struct stat st; const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL; char *shell; - int i; + u_int i; #ifdef USE_SHADOW struct spwd *spw = NULL; #endif @@ -97,7 +115,11 @@ allowed_user(struct passwd * pw) /* grab passwd field for locked account check */ #ifdef USE_SHADOW if (spw != NULL) +#ifdef USE_LIBIAF + passwd = get_iaf_password(pw); +#else passwd = spw->sp_pwdp; +#endif /* USE_LIBIAF */ #else passwd = pw->pw_passwd; #endif @@ -119,6 +141,9 @@ allowed_user(struct passwd * pw) if (strstr(passwd, LOCKED_PASSWD_SUBSTR)) locked = 1; #endif +#ifdef USE_LIBIAF + free(passwd); +#endif /* USE_LIBIAF */ if (locked) { logit("User %.100s not allowed because account is locked", pw->pw_name); @@ -145,7 +170,8 @@ allowed_user(struct passwd * pw) return 0; } - if (options.num_deny_users > 0 || options.num_allow_users > 0) { + if (options.num_deny_users > 0 || options.num_allow_users > 0 || + options.num_deny_groups > 0 || options.num_allow_groups > 0) { hostname = get_canonical_hostname(options.use_dns); ipaddr = get_remote_ipaddr(); } @@ -223,6 +249,9 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) void (*authlog) (const char *fmt,...) = verbose; char *authmsg; + if (use_privsep && !mm_is_monitor() && !authctxt->postponed) + return; + /* Raise logging level */ if (authenticated == 1 || !authctxt->valid || @@ -240,7 +269,7 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) method, authctxt->valid ? "" : "invalid user ", (authctxt->user && authctxt->user[0]) ? - authctxt->user : "", + authctxt->user : "unknown", get_remote_ipaddr(), get_remote_port(), info); @@ -252,44 +281,15 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) strcmp(method, "challenge-response") == 0)) record_failed_login(authctxt->user, get_canonical_hostname(options.use_dns), "ssh"); +# ifdef WITH_AIXAUTHENTICATE + if (authenticated) + sys_auth_record_login(authctxt->user, + get_canonical_hostname(options.use_dns), "ssh", &loginmsg); +# endif #endif #ifdef SSH_AUDIT_EVENTS - if (authenticated == 0 && !authctxt->postponed) { - ssh_audit_event_t event; - - debug3("audit failed auth attempt, method %s euid %d", - method, (int)geteuid()); - /* - * Because the auth loop is used in both monitor and slave, - * we must be careful to send each event only once and with - * enough privs to write the event. - */ - event = audit_classify_auth(method); - switch(event) { - case SSH_AUTH_FAIL_NONE: - case SSH_AUTH_FAIL_PASSWD: - case SSH_AUTH_FAIL_KBDINT: - if (geteuid() == 0) - audit_event(event); - break; - case SSH_AUTH_FAIL_PUBKEY: - case SSH_AUTH_FAIL_HOSTBASED: - case SSH_AUTH_FAIL_GSSAPI: - /* - * This is required to handle the case where privsep - * is enabled but it's root logging in, since - * use_privsep won't be cleared until after a - * successful login. - */ - if (geteuid() == 0) - audit_event(event); - else - PRIVSEP(audit_event(event)); - break; - default: - error("unknown authentication audit event %d", event); - } - } + if (authenticated == 0 && !authctxt->postponed) + audit_event(audit_classify_auth(method)); #endif } @@ -302,7 +302,6 @@ auth_root_allowed(char *method) switch (options.permit_root_login) { case PERMIT_YES: return 1; - break; case PERMIT_NO_PASSWD: if (strcmp(method, "password") != 0) return 1; @@ -327,63 +326,38 @@ auth_root_allowed(char *method) * This returns a buffer allocated by xmalloc. */ char * -expand_filename(const char *filename, struct passwd *pw) +expand_authorized_keys(const char *filename, struct passwd *pw) { - Buffer buffer; - char *file; - const char *cp; + char *file, ret[MAXPATHLEN]; + int i; - /* - * Build the filename string in the buffer by making the appropriate - * substitutions to the given file name. - */ - buffer_init(&buffer); - for (cp = filename; *cp; cp++) { - if (cp[0] == '%' && cp[1] == '%') { - buffer_append(&buffer, "%", 1); - cp++; - continue; - } - if (cp[0] == '%' && cp[1] == 'h') { - buffer_append(&buffer, pw->pw_dir, strlen(pw->pw_dir)); - cp++; - continue; - } - if (cp[0] == '%' && cp[1] == 'u') { - buffer_append(&buffer, pw->pw_name, - strlen(pw->pw_name)); - cp++; - continue; - } - buffer_append(&buffer, cp, 1); - } - buffer_append(&buffer, "\0", 1); + file = percent_expand(filename, "h", pw->pw_dir, + "u", pw->pw_name, (char *)NULL); /* * Ensure that filename starts anchored. If not, be backward * compatible and prepend the '%h/' */ - file = xmalloc(MAXPATHLEN); - cp = buffer_ptr(&buffer); - if (*cp != '/') - snprintf(file, MAXPATHLEN, "%s/%s", pw->pw_dir, cp); - else - strlcpy(file, cp, MAXPATHLEN); - - buffer_free(&buffer); - return file; + if (*file == '/') + return (file); + + i = snprintf(ret, sizeof(ret), "%s/%s", pw->pw_dir, file); + if (i < 0 || (size_t)i >= sizeof(ret)) + fatal("expand_authorized_keys: path too long"); + xfree(file); + return (xstrdup(ret)); } char * authorized_keys_file(struct passwd *pw) { - return expand_filename(options.authorized_keys_file, pw); + return expand_authorized_keys(options.authorized_keys_file, pw); } char * authorized_keys_file2(struct passwd *pw) { - return expand_filename(options.authorized_keys_file2, pw); + return expand_authorized_keys(options.authorized_keys_file2, pw); } /* return ok if key exists in sysfile or userfile */ @@ -508,10 +482,13 @@ getpwnamallow(const char *user) #endif struct passwd *pw; + parse_server_match_config(&options, user, + get_canonical_hostname(options.use_dns), get_remote_ipaddr()); + pw = getpwnam(user); if (pw == NULL) { logit("Invalid user %.100s from %.100s", - (user && user[0]) ? user : "", + (user && user[0]) ? user : "unknown", get_remote_ipaddr()); #ifdef CUSTOM_FAILED_LOGIN record_failed_login(user, @@ -594,8 +571,8 @@ fakepw(void) fake.pw_passwd = "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK"; fake.pw_gecos = "NOUSER"; - fake.pw_uid = (uid_t)-1; - fake.pw_gid = (gid_t)-1; + fake.pw_uid = privsep_pw == NULL ? (uid_t)-1 : privsep_pw->pw_uid; + fake.pw_gid = privsep_pw == NULL ? (gid_t)-1 : privsep_pw->pw_gid; #ifdef HAVE_PW_CLASS_IN_PASSWD fake.pw_class = ""; #endif