[BACK]Return to auth-rhosts.c CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / src / crypto / external / bsd / openssh / dist

Annotation of src/crypto/external/bsd/openssh/dist/auth-rhosts.c, Revision 1.1.1.5

1.1.1.5 ! christos    1: /* $OpenBSD: auth-rhosts.c,v 1.46 2014/12/23 22:42:48 djm Exp $ */
1.1       christos    2: /*
                      3:  * Author: Tatu Ylonen <ylo@cs.hut.fi>
                      4:  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
                      5:  *                    All rights reserved
                      6:  * Rhosts authentication.  This file contains code to check whether to admit
                      7:  * the login based on rhosts authentication.  This file also processes
                      8:  * /etc/hosts.equiv.
                      9:  *
                     10:  * As far as I am concerned, the code I have written for this software
                     11:  * can be used freely for any purpose.  Any derived versions of this
                     12:  * software must be clearly marked as such, and if the derived work is
                     13:  * incompatible with the protocol description in the RFC file, it must be
                     14:  * called by a name other than "ssh" or "Secure Shell".
                     15:  */
                     16:
                     17: #include <sys/types.h>
                     18: #include <sys/stat.h>
                     19:
                     20: #include <fcntl.h>
                     21: #include <netgroup.h>
                     22: #include <pwd.h>
                     23: #include <stdio.h>
                     24: #include <string.h>
                     25: #include <stdarg.h>
                     26: #include <unistd.h>
                     27:
                     28: #include "packet.h"
                     29: #include "buffer.h"
                     30: #include "uidswap.h"
                     31: #include "pathnames.h"
                     32: #include "log.h"
1.1.1.4   christos   33: #include "misc.h"
1.1       christos   34: #include "servconf.h"
                     35: #include "canohost.h"
                     36: #include "key.h"
                     37: #include "hostfile.h"
                     38: #include "auth.h"
                     39:
                     40: /* import */
                     41: extern ServerOptions options;
                     42: extern int use_privsep;
                     43:
                     44: /*
                     45:  * This function processes an rhosts-style file (.rhosts, .shosts, or
                     46:  * /etc/hosts.equiv).  This returns true if authentication can be granted
                     47:  * based on the file, and returns zero otherwise.
                     48:  */
                     49:
                     50: static int
                     51: check_rhosts_file(const char *filename, const char *hostname,
                     52:                  const char *ipaddr, const char *client_user,
                     53:                  const char *server_user)
                     54: {
                     55:        FILE *f;
1.1.1.5 ! christos   56: #define RBUFLN 1024
        !            57:        char buf[RBUFLN];/* Must not be larger than host, user, dummy below. */
1.1       christos   58:        int fd;
                     59:        struct stat st;
                     60:
                     61:        /* Open the .rhosts file, deny if unreadable */
                     62:        if ((fd = open(filename, O_RDONLY|O_NONBLOCK)) == -1)
                     63:                return 0;
                     64:        if (fstat(fd, &st) == -1) {
                     65:                close(fd);
                     66:                return 0;
                     67:        }
                     68:        if (!S_ISREG(st.st_mode)) {
                     69:                logit("User %s hosts file %s is not a regular file",
                     70:                    server_user, filename);
                     71:                close(fd);
                     72:                return 0;
                     73:        }
                     74:        unset_nonblock(fd);
                     75:        if ((f = fdopen(fd, "r")) == NULL) {
                     76:                close(fd);
                     77:                return 0;
                     78:        }
                     79:        while (fgets(buf, sizeof(buf), f)) {
1.1.1.5 ! christos   80:                /* All three must have length >= buf to avoid overflows. */
        !            81:                char hostbuf[RBUFLN], userbuf[RBUFLN], dummy[RBUFLN];
        !            82:                char *host, *user, *cp;
1.1       christos   83:                int negated;
                     84:
                     85:                for (cp = buf; *cp == ' ' || *cp == '\t'; cp++)
                     86:                        ;
                     87:                if (*cp == '#' || *cp == '\n' || !*cp)
                     88:                        continue;
                     89:
                     90:                /*
                     91:                 * NO_PLUS is supported at least on OSF/1.  We skip it (we
                     92:                 * don't ever support the plus syntax).
                     93:                 */
                     94:                if (strncmp(cp, "NO_PLUS", 7) == 0)
                     95:                        continue;
                     96:
                     97:                /*
                     98:                 * This should be safe because each buffer is as big as the
                     99:                 * whole string, and thus cannot be overwritten.
                    100:                 */
                    101:                switch (sscanf(buf, "%1023s %1023s %1023s", hostbuf, userbuf,
                    102:                    dummy)) {
                    103:                case 0:
                    104:                        auth_debug_add("Found empty line in %.100s.", filename);
                    105:                        continue;
                    106:                case 1:
                    107:                        /* Host name only. */
                    108:                        strlcpy(userbuf, server_user, sizeof(userbuf));
                    109:                        break;
                    110:                case 2:
                    111:                        /* Got both host and user name. */
                    112:                        break;
                    113:                case 3:
                    114:                        auth_debug_add("Found garbage in %.100s.", filename);
                    115:                        continue;
                    116:                default:
                    117:                        /* Weird... */
                    118:                        continue;
                    119:                }
                    120:
                    121:                host = hostbuf;
                    122:                user = userbuf;
                    123:                negated = 0;
                    124:
                    125:                /* Process negated host names, or positive netgroups. */
                    126:                if (host[0] == '-') {
                    127:                        negated = 1;
                    128:                        host++;
                    129:                } else if (host[0] == '+')
                    130:                        host++;
                    131:
                    132:                if (user[0] == '-') {
                    133:                        negated = 1;
                    134:                        user++;
                    135:                } else if (user[0] == '+')
                    136:                        user++;
                    137:
                    138:                /* Check for empty host/user names (particularly '+'). */
                    139:                if (!host[0] || !user[0]) {
                    140:                        /* We come here if either was '+' or '-'. */
1.1.1.5 ! christos  141:                        auth_debug_add("Ignoring wild host/user names "
        !           142:                            "in %.100s.", filename);
1.1       christos  143:                        continue;
                    144:                }
                    145:                /* Verify that host name matches. */
                    146:                if (host[0] == '@') {
                    147:                        if (!innetgr(host + 1, hostname, NULL, NULL) &&
                    148:                            !innetgr(host + 1, ipaddr, NULL, NULL))
                    149:                                continue;
1.1.1.5 ! christos  150:                } else if (strcasecmp(host, hostname) &&
        !           151:                    strcmp(host, ipaddr) != 0)
1.1       christos  152:                        continue;       /* Different hostname. */
                    153:
                    154:                /* Verify that user name matches. */
                    155:                if (user[0] == '@') {
                    156:                        if (!innetgr(user + 1, NULL, client_user, NULL))
                    157:                                continue;
                    158:                } else if (strcmp(user, client_user) != 0)
                    159:                        continue;       /* Different username. */
                    160:
                    161:                /* Found the user and host. */
                    162:                fclose(f);
                    163:
                    164:                /* If the entry was negated, deny access. */
                    165:                if (negated) {
                    166:                        auth_debug_add("Matched negative entry in %.100s.",
                    167:                            filename);
                    168:                        return 0;
                    169:                }
                    170:                /* Accept authentication. */
                    171:                return 1;
                    172:        }
                    173:
                    174:        /* Authentication using this file denied. */
                    175:        fclose(f);
                    176:        return 0;
                    177: }
                    178:
                    179: /*
                    180:  * Tries to authenticate the user using the .shosts or .rhosts file. Returns
                    181:  * true if authentication succeeds.  If ignore_rhosts is true, only
                    182:  * /etc/hosts.equiv will be considered (.rhosts and .shosts are ignored).
                    183:  */
                    184:
                    185: int
                    186: auth_rhosts(struct passwd *pw, const char *client_user)
                    187: {
                    188:        const char *hostname, *ipaddr;
                    189:
                    190:        hostname = get_canonical_hostname(options.use_dns);
                    191:        ipaddr = get_remote_ipaddr();
                    192:        return auth_rhosts2(pw, client_user, hostname, ipaddr);
                    193: }
                    194:
                    195: static int
                    196: auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostname,
                    197:     const char *ipaddr)
                    198: {
                    199:        char buf[1024];
                    200:        struct stat st;
                    201:        static const char *rhosts_files[] = {".shosts", ".rhosts", NULL};
                    202:        u_int rhosts_file_index;
                    203:
                    204:        debug2("auth_rhosts2: clientuser %s hostname %s ipaddr %s",
                    205:            client_user, hostname, ipaddr);
                    206:
                    207:        /* Switch to the user's uid. */
                    208:        temporarily_use_uid(pw);
                    209:        /*
1.1.1.5 ! christos  210:         * Quick check: if the user has no .shosts or .rhosts files and
        !           211:         * no system hosts.equiv/shosts.equiv files exist then return
1.1       christos  212:         * failure immediately without doing costly lookups from name
                    213:         * servers.
                    214:         */
                    215:        for (rhosts_file_index = 0; rhosts_files[rhosts_file_index];
                    216:            rhosts_file_index++) {
                    217:                /* Check users .rhosts or .shosts. */
                    218:                snprintf(buf, sizeof buf, "%.500s/%.100s",
                    219:                         pw->pw_dir, rhosts_files[rhosts_file_index]);
                    220:                if (stat(buf, &st) >= 0)
                    221:                        break;
                    222:        }
                    223:        /* Switch back to privileged uid. */
                    224:        restore_uid();
                    225:
1.1.1.5 ! christos  226:        /*
        !           227:         * Deny if The user has no .shosts or .rhosts file and there
        !           228:         * are no system-wide files.
        !           229:         */
1.1       christos  230:        if (!rhosts_files[rhosts_file_index] &&
                    231:            stat(_PATH_RHOSTS_EQUIV, &st) < 0 &&
1.1.1.5 ! christos  232:            stat(_PATH_SSH_HOSTS_EQUIV, &st) < 0) {
        !           233:                debug3("%s: no hosts access files exist", __func__);
1.1       christos  234:                return 0;
1.1.1.5 ! christos  235:        }
1.1       christos  236:
1.1.1.5 ! christos  237:        /*
        !           238:         * If not logging in as superuser, try /etc/hosts.equiv and
        !           239:         * shosts.equiv.
        !           240:         */
        !           241:        if (pw->pw_uid == 0)
        !           242:                debug3("%s: root user, ignoring system hosts files", __func__);
        !           243:        else {
1.1       christos  244:                if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr,
                    245:                    client_user, pw->pw_name)) {
1.1.1.5 ! christos  246:                        auth_debug_add("Accepted for %.100s [%.100s] by "
        !           247:                            "/etc/hosts.equiv.", hostname, ipaddr);
1.1       christos  248:                        return 1;
                    249:                }
                    250:                if (check_rhosts_file(_PATH_SSH_HOSTS_EQUIV, hostname, ipaddr,
                    251:                    client_user, pw->pw_name)) {
1.1.1.5 ! christos  252:                        auth_debug_add("Accepted for %.100s [%.100s] by "
        !           253:                            "%.100s.", hostname, ipaddr, _PATH_SSH_HOSTS_EQUIV);
1.1       christos  254:                        return 1;
                    255:                }
                    256:        }
1.1.1.5 ! christos  257:
1.1       christos  258:        /*
                    259:         * Check that the home directory is owned by root or the user, and is
                    260:         * not group or world writable.
                    261:         */
                    262:        if (stat(pw->pw_dir, &st) < 0) {
                    263:                logit("Rhosts authentication refused for %.100s: "
                    264:                    "no home directory %.200s", pw->pw_name, pw->pw_dir);
                    265:                auth_debug_add("Rhosts authentication refused for %.100s: "
                    266:                    "no home directory %.200s", pw->pw_name, pw->pw_dir);
                    267:                return 0;
                    268:        }
                    269:        if (options.strict_modes &&
                    270:            ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
                    271:            (st.st_mode & 022) != 0)) {
                    272:                logit("Rhosts authentication refused for %.100s: "
                    273:                    "bad ownership or modes for home directory.", pw->pw_name);
                    274:                auth_debug_add("Rhosts authentication refused for %.100s: "
                    275:                    "bad ownership or modes for home directory.", pw->pw_name);
                    276:                return 0;
                    277:        }
                    278:        /* Temporarily use the user's uid. */
                    279:        temporarily_use_uid(pw);
                    280:
                    281:        /* Check all .rhosts files (currently .shosts and .rhosts). */
                    282:        for (rhosts_file_index = 0; rhosts_files[rhosts_file_index];
                    283:            rhosts_file_index++) {
                    284:                /* Check users .rhosts or .shosts. */
                    285:                snprintf(buf, sizeof buf, "%.500s/%.100s",
                    286:                         pw->pw_dir, rhosts_files[rhosts_file_index]);
                    287:                if (stat(buf, &st) < 0)
                    288:                        continue;
                    289:
                    290:                /*
                    291:                 * Make sure that the file is either owned by the user or by
                    292:                 * root, and make sure it is not writable by anyone but the
                    293:                 * owner.  This is to help avoid novices accidentally
                    294:                 * allowing access to their account by anyone.
                    295:                 */
                    296:                if (options.strict_modes &&
                    297:                    ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
                    298:                    (st.st_mode & 022) != 0)) {
                    299:                        logit("Rhosts authentication refused for %.100s: bad modes for %.200s",
                    300:                            pw->pw_name, buf);
                    301:                        auth_debug_add("Bad file modes for %.200s", buf);
                    302:                        continue;
                    303:                }
1.1.1.5 ! christos  304:                /*
        !           305:                 * Check if we have been configured to ignore .rhosts
        !           306:                 * and .shosts files.
        !           307:                 */
1.1       christos  308:                if (options.ignore_rhosts) {
1.1.1.5 ! christos  309:                        auth_debug_add("Server has been configured to "
        !           310:                            "ignore %.100s.", rhosts_files[rhosts_file_index]);
1.1       christos  311:                        continue;
                    312:                }
                    313:                /* Check if authentication is permitted by the file. */
1.1.1.5 ! christos  314:                if (check_rhosts_file(buf, hostname, ipaddr,
        !           315:                    client_user, pw->pw_name)) {
1.1       christos  316:                        auth_debug_add("Accepted by %.100s.",
                    317:                            rhosts_files[rhosts_file_index]);
                    318:                        /* Restore the privileged uid. */
                    319:                        restore_uid();
1.1.1.5 ! christos  320:                        auth_debug_add("Accepted host %s ip %s client_user "
        !           321:                            "%s server_user %s", hostname, ipaddr,
        !           322:                            client_user, pw->pw_name);
1.1       christos  323:                        return 1;
                    324:                }
                    325:        }
                    326:
                    327:        /* Restore the privileged uid. */
                    328:        restore_uid();
                    329:        return 0;
                    330: }
                    331:
                    332: int
                    333: auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
                    334:     const char *ipaddr)
                    335: {
1.1.1.2   adam      336:        return auth_rhosts2_raw(pw, client_user, hostname, ipaddr);
1.1       christos  337: }

CVSweb <webmaster@jp.NetBSD.org>