Blame - auth.c - platform/external/openssh

blob: ef3cdba3c8fa98600ef1fef63cd4fd6684ff76b8 [file] [log] [blame]

Damien Miller	116e6df	2002-05-22 15:06:28 +1000	[diff] [blame]	1	/*
Ben Lindstrom	92a2e38	2001-03-05 06:59:27 +0000	[diff] [blame]	2	* Copyright (c) 2000 Markus Friedl. All rights reserved.
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	3	*
				4	* Redistribution and use in source and binary forms, with or without
				5	* modification, are permitted provided that the following conditions
				6	* are met:
				7	* 1. Redistributions of source code must retain the above copyright
				8	* notice, this list of conditions and the following disclaimer.
				9	* 2. Redistributions in binary form must reproduce the above copyright
				10	* notice, this list of conditions and the following disclaimer in the
				11	* documentation and/or other materials provided with the distribution.
				12	*
				13	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
				14	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
				15	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
				16	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
				17	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
				18	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
				19	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
				20	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
				21	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
				22	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	23	*/
				24
				25	#include "includes.h"
Darren Tucker	89413db	2004-05-24 10:36:23 +1000	[diff] [blame]	26	RCSID("$OpenBSD: auth.c,v 1.54 2004/05/23 23:59:53 dtucker Exp $");
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	27
Damien Miller	d2c208a	2000-05-17 22:00:02 +1000	[diff] [blame]	28	#ifdef HAVE_LOGIN_H
				29	#include <login.h>
				30	#endif
Darren Tucker	15ee748	2004-02-22 09:43:15 +1100	[diff] [blame]	31	#ifdef USE_SHADOW
Damien Miller	1f335fb	2000-06-26 11:31:33 +1000	[diff] [blame]	32	#include <shadow.h>
Darren Tucker	15ee748	2004-02-22 09:43:15 +1100	[diff] [blame]	33	#endif
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	34
Ben Lindstrom	68c3ce1	2001-06-10 17:24:51 +0000	[diff] [blame]	35	#ifdef HAVE_LIBGEN_H
Ben Lindstrom	bfb3a0e	2001-06-05 20:25:05 +0000	[diff] [blame]	36	#include <libgen.h>
Ben Lindstrom	68c3ce1	2001-06-10 17:24:51 +0000	[diff] [blame]	37	#endif
Ben Lindstrom	bfb3a0e	2001-06-05 20:25:05 +0000	[diff] [blame]	38
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	39	#include "xmalloc.h"
				40	#include "match.h"
				41	#include "groupaccess.h"
				42	#include "log.h"
				43	#include "servconf.h"
Damien Miller	efb4afe	2000-04-12 18:45:05 +1000	[diff] [blame]	44	#include "auth.h"
Ben Lindstrom	db65e8f	2001-01-19 04:26:52 +0000	[diff] [blame]	45	#include "auth-options.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	46	#include "canohost.h"
Ben Lindstrom	bfb3a0e	2001-06-05 20:25:05 +0000	[diff] [blame]	47	#include "buffer.h"
				48	#include "bufaux.h"
Ben Lindstrom	83647ce	2001-06-25 04:30:16 +0000	[diff] [blame]	49	#include "uidswap.h"
Ben Lindstrom	7ebb635	2002-03-22 03:04:08 +0000	[diff] [blame]	50	#include "misc.h"
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	51	#include "bufaux.h"
				52	#include "packet.h"
Damien Miller	efb4afe	2000-04-12 18:45:05 +1000	[diff] [blame]	53
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	54	/* import */
				55	extern ServerOptions options;
Darren Tucker	b9aa0a0	2003-07-08 22:59:59 +1000	[diff] [blame]	56	extern Buffer loginmsg;
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	57
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	58	/* Debugging messages */
				59	Buffer auth_debug;
				60	int auth_debug_init;
				61
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	62	/*
Kevin Steves	7b61cfa	2001-01-14 19:11:00 +0000	[diff] [blame]	63	* Check if the user is allowed to log in via ssh. If user is listed
				64	* in DenyUsers or one of user's groups is listed in DenyGroups, false
				65	* will be returned. If AllowUsers isn't empty and user isn't listed
				66	* there, or if AllowGroups isn't empty and one of user's groups isn't
				67	* listed there, false will be returned.
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	68	* If the user's shell is not executable, false will be returned.
Damien Miller	4af5130	2000-04-16 11:18:38 +1000	[diff] [blame]	69	* Otherwise true is returned.
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	70	*/
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	71	int
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	72	allowed_user(struct passwd * pw)
				73	{
				74	struct stat st;
Darren Tucker	43a0dc6	2003-08-26 14:22:12 +1000	[diff] [blame]	75	const char hostname = NULL, ipaddr = NULL, *passwd = NULL;
Damien Miller	e7cf07c	2001-03-20 09:15:57 +1100	[diff] [blame]	76	char *shell;
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	77	int i;
Darren Tucker	15ee748	2004-02-22 09:43:15 +1100	[diff] [blame]	78	#ifdef USE_SHADOW
Darren Tucker	e41bba5	2003-08-25 11:51:19 +1000	[diff] [blame]	79	struct spwd *spw = NULL;
Tim Rice	458c6bf	2003-01-08 20:04:27 -0800	[diff] [blame]	80	#endif
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	81
				82	/* Shouldn't be called if pw is NULL, but better safe than sorry... */
Kevin Steves	7b61cfa	2001-01-14 19:11:00 +0000	[diff] [blame]	83	if (!pw \|\| !pw->pw_name)
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	84	return 0;
				85
Darren Tucker	15ee748	2004-02-22 09:43:15 +1100	[diff] [blame]	86	#ifdef USE_SHADOW
Darren Tucker	e41bba5	2003-08-25 11:51:19 +1000	[diff] [blame]	87	if (!options.use_pam)
				88	spw = getspnam(pw->pw_name);
				89	#ifdef HAS_SHADOW_EXPIRE
Darren Tucker	15ee748	2004-02-22 09:43:15 +1100	[diff] [blame]	90	if (!options.use_pam && spw != NULL && auth_shadow_acctexpired(spw))
				91	return 0;
Darren Tucker	e41bba5	2003-08-25 11:51:19 +1000	[diff] [blame]	92	#endif /* HAS_SHADOW_EXPIRE */
Darren Tucker	15ee748	2004-02-22 09:43:15 +1100	[diff] [blame]	93	#endif /* USE_SHADOW */
Darren Tucker	e41bba5	2003-08-25 11:51:19 +1000	[diff] [blame]	94
Damien Miller	a8e06ce	2003-11-21 23:48:55 +1100	[diff] [blame]	95	/* grab passwd field for locked account check */
Darren Tucker	15ee748	2004-02-22 09:43:15 +1100	[diff] [blame]	96	#ifdef USE_SHADOW
Darren Tucker	e41bba5	2003-08-25 11:51:19 +1000	[diff] [blame]	97	if (spw != NULL)
				98	passwd = spw->sp_pwdp;
				99	#else
				100	passwd = pw->pw_passwd;
Damien Miller	06817f9	2003-01-07 23:55:59 +1100	[diff] [blame]	101	#endif
				102
Damien Miller	a8e06ce	2003-11-21 23:48:55 +1100	[diff] [blame]	103	/* check for locked account */
Darren Tucker	43a0dc6	2003-08-26 14:22:12 +1000	[diff] [blame]	104	if (!options.use_pam && passwd && *passwd) {
Darren Tucker	e41bba5	2003-08-25 11:51:19 +1000	[diff] [blame]	105	int locked = 0;
				106
				107	#ifdef LOCKED_PASSWD_STRING
				108	if (strcmp(passwd, LOCKED_PASSWD_STRING) == 0)
				109	locked = 1;
				110	#endif
				111	#ifdef LOCKED_PASSWD_PREFIX
				112	if (strncmp(passwd, LOCKED_PASSWD_PREFIX,
				113	strlen(LOCKED_PASSWD_PREFIX)) == 0)
				114	locked = 1;
				115	#endif
				116	#ifdef LOCKED_PASSWD_SUBSTR
				117	if (strstr(passwd, LOCKED_PASSWD_SUBSTR))
				118	locked = 1;
				119	#endif
				120	if (locked) {
				121	logit("User %.100s not allowed because account is locked",
				122	pw->pw_name);
				123	return 0;
				124	}
				125	}
				126
Damien Miller	ef7df54	2000-05-19 00:03:23 +1000	[diff] [blame]	127	/*
				128	* Get the shell from the password data. An empty shell field is
				129	* legal, and means /bin/sh.
				130	*/
				131	shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell;
				132
				133	/* deny if shell does not exists or is not executable */
Ben Lindstrom	6ef9ec6	2002-03-05 01:40:37 +0000	[diff] [blame]	134	if (stat(shell, &st) != 0) {
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	135	logit("User %.100s not allowed because shell %.100s does not exist",
Ben Lindstrom	6ef9ec6	2002-03-05 01:40:37 +0000	[diff] [blame]	136	pw->pw_name, shell);
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	137	return 0;
Ben Lindstrom	6ef9ec6	2002-03-05 01:40:37 +0000	[diff] [blame]	138	}
Ben Lindstrom	b61e6df	2002-03-22 01:15:33 +0000	[diff] [blame]	139	if (S_ISREG(st.st_mode) == 0 \|\|
				140	(st.st_mode & (S_IXOTH\|S_IXUSR\|S_IXGRP)) == 0) {
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	141	logit("User %.100s not allowed because shell %.100s is not executable",
Ben Lindstrom	6ef9ec6	2002-03-05 01:40:37 +0000	[diff] [blame]	142	pw->pw_name, shell);
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	143	return 0;
Ben Lindstrom	6ef9ec6	2002-03-05 01:40:37 +0000	[diff] [blame]	144	}
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	145
Ben Lindstrom	3fb5d00	2002-03-05 01:42:42 +0000	[diff] [blame]	146	if (options.num_deny_users > 0 \|\| options.num_allow_users > 0) {
Damien Miller	3a961dc	2003-06-03 10:25:48 +1000	[diff] [blame]	147	hostname = get_canonical_hostname(options.use_dns);
Ben Lindstrom	3fb5d00	2002-03-05 01:42:42 +0000	[diff] [blame]	148	ipaddr = get_remote_ipaddr();
				149	}
				150
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	151	/* Return false if user is listed in DenyUsers */
				152	if (options.num_deny_users > 0) {
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	153	for (i = 0; i < options.num_deny_users; i++)
Ben Lindstrom	6328ab3	2002-03-22 02:54:23 +0000	[diff] [blame]	154	if (match_user(pw->pw_name, hostname, ipaddr,
Ben Lindstrom	6ef9ec6	2002-03-05 01:40:37 +0000	[diff] [blame]	155	options.deny_users[i])) {
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	156	logit("User %.100s not allowed because listed in DenyUsers",
Ben Lindstrom	6328ab3	2002-03-22 02:54:23 +0000	[diff] [blame]	157	pw->pw_name);
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	158	return 0;
Ben Lindstrom	6ef9ec6	2002-03-05 01:40:37 +0000	[diff] [blame]	159	}
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	160	}
				161	/* Return false if AllowUsers isn't empty and user isn't listed there */
				162	if (options.num_allow_users > 0) {
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	163	for (i = 0; i < options.num_allow_users; i++)
Ben Lindstrom	6328ab3	2002-03-22 02:54:23 +0000	[diff] [blame]	164	if (match_user(pw->pw_name, hostname, ipaddr,
Ben Lindstrom	6026002	2001-07-04 04:56:44 +0000	[diff] [blame]	165	options.allow_users[i]))
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	166	break;
				167	/* i < options.num_allow_users iff we break for loop */
Ben Lindstrom	6ef9ec6	2002-03-05 01:40:37 +0000	[diff] [blame]	168	if (i >= options.num_allow_users) {
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	169	logit("User %.100s not allowed because not listed in AllowUsers",
Ben Lindstrom	6ef9ec6	2002-03-05 01:40:37 +0000	[diff] [blame]	170	pw->pw_name);
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	171	return 0;
Ben Lindstrom	6ef9ec6	2002-03-05 01:40:37 +0000	[diff] [blame]	172	}
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	173	}
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	174	if (options.num_deny_groups > 0 \|\| options.num_allow_groups > 0) {
Kevin Steves	7b61cfa	2001-01-14 19:11:00 +0000	[diff] [blame]	175	/* Get the user's group access list (primary and supplementary) */
Ben Lindstrom	6ef9ec6	2002-03-05 01:40:37 +0000	[diff] [blame]	176	if (ga_init(pw->pw_name, pw->pw_gid) == 0) {
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	177	logit("User %.100s not allowed because not in any group",
Ben Lindstrom	6ef9ec6	2002-03-05 01:40:37 +0000	[diff] [blame]	178	pw->pw_name);
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	179	return 0;
Ben Lindstrom	6ef9ec6	2002-03-05 01:40:37 +0000	[diff] [blame]	180	}
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	181
Kevin Steves	7b61cfa	2001-01-14 19:11:00 +0000	[diff] [blame]	182	/* Return false if one of user's groups is listed in DenyGroups */
				183	if (options.num_deny_groups > 0)
				184	if (ga_match(options.deny_groups,
				185	options.num_deny_groups)) {
				186	ga_free();
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	187	logit("User %.100s not allowed because a group is listed in DenyGroups",
Ben Lindstrom	6ef9ec6	2002-03-05 01:40:37 +0000	[diff] [blame]	188	pw->pw_name);
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	189	return 0;
Kevin Steves	7b61cfa	2001-01-14 19:11:00 +0000	[diff] [blame]	190	}
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	191	/*
Kevin Steves	7b61cfa	2001-01-14 19:11:00 +0000	[diff] [blame]	192	* Return false if AllowGroups isn't empty and one of user's groups
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	193	* isn't listed there
				194	*/
Kevin Steves	7b61cfa	2001-01-14 19:11:00 +0000	[diff] [blame]	195	if (options.num_allow_groups > 0)
				196	if (!ga_match(options.allow_groups,
				197	options.num_allow_groups)) {
				198	ga_free();
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	199	logit("User %.100s not allowed because none of user's groups are listed in AllowGroups",
Ben Lindstrom	6ef9ec6	2002-03-05 01:40:37 +0000	[diff] [blame]	200	pw->pw_name);
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	201	return 0;
Kevin Steves	7b61cfa	2001-01-14 19:11:00 +0000	[diff] [blame]	202	}
				203	ga_free();
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	204	}
				205
				206	#ifdef WITH_AIXAUTHENTICATE
Ben Lindstrom	97e38d8	2002-10-16 00:13:52 +0000	[diff] [blame]	207	/*
				208	* Don't check loginrestrictions() for root account (use
				209	* PermitRootLogin to control logins via ssh), or if running as
				210	* non-root user (since loginrestrictions will always fail).
				211	*/
Darren Tucker	b9aa0a0	2003-07-08 22:59:59 +1000	[diff] [blame]	212	if ((pw->pw_uid != 0) && (geteuid() == 0)) {
				213	char *msg;
Damien Miller	f25c18d	2003-01-07 17:38:58 +1100	[diff] [blame]	214
Damien Miller	a8e06ce	2003-11-21 23:48:55 +1100	[diff] [blame]	215	if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &msg) != 0) {
Darren Tucker	b9aa0a0	2003-07-08 22:59:59 +1000	[diff] [blame]	216	int loginrestrict_errno = errno;
				217
				218	if (msg && *msg) {
				219	buffer_append(&loginmsg, msg, strlen(msg));
				220	aix_remove_embedded_newlines(msg);
				221	logit("Login restricted for %s: %.100s",
				222	pw->pw_name, msg);
Damien Miller	2f6a0ad	2000-05-31 11:20:11 +1000	[diff] [blame]	223	}
Darren Tucker	b9aa0a0	2003-07-08 22:59:59 +1000	[diff] [blame]	224	/* Don't fail if /etc/nologin set */
Damien Miller	a8e06ce	2003-11-21 23:48:55 +1100	[diff] [blame]	225	if (!(loginrestrict_errno == EPERM &&
Darren Tucker	b9aa0a0	2003-07-08 22:59:59 +1000	[diff] [blame]	226	stat(_PATH_NOLOGIN, &st) == 0))
				227	return 0;
Damien Miller	d2c208a	2000-05-17 22:00:02 +1000	[diff] [blame]	228	}
Damien Miller	d2c208a	2000-05-17 22:00:02 +1000	[diff] [blame]	229	}
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	230	#endif /* WITH_AIXAUTHENTICATE */
				231
				232	/* We found no reason not to let this user try to log on... */
				233	return 1;
				234	}
Ben Lindstrom	db65e8f	2001-01-19 04:26:52 +0000	[diff] [blame]	235
Ben Lindstrom	db65e8f	2001-01-19 04:26:52 +0000	[diff] [blame]	236	void
				237	auth_log(Authctxt authctxt, int authenticated, char method, char *info)
				238	{
				239	void (authlog) (const char fmt,...) = verbose;
				240	char *authmsg;
				241
				242	/* Raise logging level */
				243	if (authenticated == 1 \|\|
				244	!authctxt->valid \|\|
Darren Tucker	89413db	2004-05-24 10:36:23 +1000	[diff] [blame]	245	authctxt->failures >= options.max_authtries / 2 \|\|
Ben Lindstrom	db65e8f	2001-01-19 04:26:52 +0000	[diff] [blame]	246	strcmp(method, "password") == 0)
Damien Miller	2a3f20e	2003-04-09 21:12:00 +1000	[diff] [blame]	247	authlog = logit;
Ben Lindstrom	db65e8f	2001-01-19 04:26:52 +0000	[diff] [blame]	248
				249	if (authctxt->postponed)
				250	authmsg = "Postponed";
				251	else
				252	authmsg = authenticated ? "Accepted" : "Failed";
				253
				254	authlog("%s %s for %s%.100s from %.200s port %d%s",
				255	authmsg,
				256	method,
				257	authctxt->valid ? "" : "illegal user ",
Damien Miller	f655207	2001-11-12 11:06:06 +1100	[diff] [blame]	258	authctxt->user,
Ben Lindstrom	db65e8f	2001-01-19 04:26:52 +0000	[diff] [blame]	259	get_remote_ipaddr(),
				260	get_remote_port(),
				261	info);
Ben Lindstrom	e06eb68	2002-07-04 00:27:21 +0000	[diff] [blame]	262
Darren Tucker	97363a8	2003-05-02 23:42:25 +1000	[diff] [blame]	263	#ifdef CUSTOM_FAILED_LOGIN
Ben Lindstrom	e06eb68	2002-07-04 00:27:21 +0000	[diff] [blame]	264	if (authenticated == 0 && strcmp(method, "password") == 0)
Darren Tucker	97363a8	2003-05-02 23:42:25 +1000	[diff] [blame]	265	record_failed_login(authctxt->user, "ssh");
				266	#endif
Ben Lindstrom	db65e8f	2001-01-19 04:26:52 +0000	[diff] [blame]	267	}
				268
				269	/*
Ben Lindstrom	d8a9021	2001-02-15 03:08:27 +0000	[diff] [blame]	270	* Check whether root logins are disallowed.
Ben Lindstrom	db65e8f	2001-01-19 04:26:52 +0000	[diff] [blame]	271	*/
				272	int
Ben Lindstrom	d8a9021	2001-02-15 03:08:27 +0000	[diff] [blame]	273	auth_root_allowed(char *method)
Ben Lindstrom	db65e8f	2001-01-19 04:26:52 +0000	[diff] [blame]	274	{
Ben Lindstrom	d8a9021	2001-02-15 03:08:27 +0000	[diff] [blame]	275	switch (options.permit_root_login) {
				276	case PERMIT_YES:
Ben Lindstrom	db65e8f	2001-01-19 04:26:52 +0000	[diff] [blame]	277	return 1;
Ben Lindstrom	d8a9021	2001-02-15 03:08:27 +0000	[diff] [blame]	278	break;
				279	case PERMIT_NO_PASSWD:
				280	if (strcmp(method, "password") != 0)
				281	return 1;
				282	break;
				283	case PERMIT_FORCED_ONLY:
				284	if (forced_command) {
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	285	logit("Root login accepted for forced command.");
Ben Lindstrom	d8a9021	2001-02-15 03:08:27 +0000	[diff] [blame]	286	return 1;
				287	}
				288	break;
Ben Lindstrom	db65e8f	2001-01-19 04:26:52 +0000	[diff] [blame]	289	}
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	290	logit("ROOT LOGIN REFUSED FROM %.200s", get_remote_ipaddr());
Ben Lindstrom	d8a9021	2001-02-15 03:08:27 +0000	[diff] [blame]	291	return 0;
Ben Lindstrom	db65e8f	2001-01-19 04:26:52 +0000	[diff] [blame]	292	}
Ben Lindstrom	bfb3a0e	2001-06-05 20:25:05 +0000	[diff] [blame]	293
				294
				295	/*
				296	* Given a template and a passwd structure, build a filename
				297	* by substituting % tokenised options. Currently, %% becomes '%',
				298	* %h becomes the home directory and %u the username.
				299	*
				300	* This returns a buffer allocated by xmalloc.
				301	*/
				302	char *
				303	expand_filename(const char filename, struct passwd pw)
				304	{
				305	Buffer buffer;
				306	char *file;
				307	const char *cp;
				308
				309	/*
				310	* Build the filename string in the buffer by making the appropriate
				311	* substitutions to the given file name.
				312	*/
				313	buffer_init(&buffer);
				314	for (cp = filename; *cp; cp++) {
				315	if (cp[0] == '%' && cp[1] == '%') {
				316	buffer_append(&buffer, "%", 1);
				317	cp++;
				318	continue;
				319	}
				320	if (cp[0] == '%' && cp[1] == 'h') {
				321	buffer_append(&buffer, pw->pw_dir, strlen(pw->pw_dir));
				322	cp++;
				323	continue;
				324	}
				325	if (cp[0] == '%' && cp[1] == 'u') {
				326	buffer_append(&buffer, pw->pw_name,
Damien Miller	9f0f5c6	2001-12-21 14:45:46 +1100	[diff] [blame]	327	strlen(pw->pw_name));
Ben Lindstrom	bfb3a0e	2001-06-05 20:25:05 +0000	[diff] [blame]	328	cp++;
				329	continue;
				330	}
				331	buffer_append(&buffer, cp, 1);
				332	}
				333	buffer_append(&buffer, "\0", 1);
				334
				335	/*
				336	* Ensure that filename starts anchored. If not, be backward
				337	* compatible and prepend the '%h/'
				338	*/
				339	file = xmalloc(MAXPATHLEN);
				340	cp = buffer_ptr(&buffer);
				341	if (*cp != '/')
				342	snprintf(file, MAXPATHLEN, "%s/%s", pw->pw_dir, cp);
				343	else
				344	strlcpy(file, cp, MAXPATHLEN);
				345
				346	buffer_free(&buffer);
				347	return file;
				348	}
				349
				350	char *
				351	authorized_keys_file(struct passwd *pw)
				352	{
				353	return expand_filename(options.authorized_keys_file, pw);
				354	}
				355
				356	char *
				357	authorized_keys_file2(struct passwd *pw)
				358	{
				359	return expand_filename(options.authorized_keys_file2, pw);
				360	}
				361
Ben Lindstrom	83647ce	2001-06-25 04:30:16 +0000	[diff] [blame]	362	/* return ok if key exists in sysfile or userfile */
				363	HostStatus
				364	check_key_in_hostfiles(struct passwd pw, Key key, const char *host,
				365	const char sysfile, const char userfile)
				366	{
				367	Key *found;
				368	char *user_hostfile;
				369	struct stat st;
Ben Lindstrom	65366a8	2001-12-06 16:32:47 +0000	[diff] [blame]	370	HostStatus host_status;
Ben Lindstrom	83647ce	2001-06-25 04:30:16 +0000	[diff] [blame]	371
				372	/* Check if we know the host and its host key. */
				373	found = key_new(key->type);
				374	host_status = check_host_in_hostfile(sysfile, host, key, found, NULL);
				375
				376	if (host_status != HOST_OK && userfile != NULL) {
				377	user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);
				378	if (options.strict_modes &&
				379	(stat(user_hostfile, &st) == 0) &&
				380	((st.st_uid != 0 && st.st_uid != pw->pw_uid) \|\|
Damien Miller	9f0f5c6	2001-12-21 14:45:46 +1100	[diff] [blame]	381	(st.st_mode & 022) != 0)) {
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	382	logit("Authentication refused for %.100s: "
Ben Lindstrom	83647ce	2001-06-25 04:30:16 +0000	[diff] [blame]	383	"bad owner or modes for %.200s",
				384	pw->pw_name, user_hostfile);
				385	} else {
				386	temporarily_use_uid(pw);
				387	host_status = check_host_in_hostfile(user_hostfile,
				388	host, key, found, NULL);
				389	restore_uid();
				390	}
				391	xfree(user_hostfile);
				392	}
				393	key_free(found);
				394
				395	debug2("check_key_in_hostfiles: key %s for %s", host_status == HOST_OK ?
				396	"ok" : "not found", host);
				397	return host_status;
				398	}
				399
				400
Ben Lindstrom	bfb3a0e	2001-06-05 20:25:05 +0000	[diff] [blame]	401	/*
				402	* Check a given file for security. This is defined as all components
Ben Lindstrom	d4ee349	2002-08-20 18:42:13 +0000	[diff] [blame]	403	* of the path to the file must be owned by either the owner of
Ben Lindstrom	60567ff	2001-06-05 20:27:53 +0000	[diff] [blame]	404	* of the file or root and no directories must be group or world writable.
Ben Lindstrom	bfb3a0e	2001-06-05 20:25:05 +0000	[diff] [blame]	405	*
				406	* XXX Should any specific check be done for sym links ?
				407	*
				408	* Takes an open file descriptor, the file name, a uid and and
				409	* error buffer plus max size as arguments.
				410	*
				411	* Returns 0 on success and -1 on failure
				412	*/
				413	int
Ben Lindstrom	248c078	2001-07-04 03:40:39 +0000	[diff] [blame]	414	secure_filename(FILE f, const char file, struct passwd *pw,
				415	char *err, size_t errlen)
Ben Lindstrom	bfb3a0e	2001-06-05 20:25:05 +0000	[diff] [blame]	416	{
Ben Lindstrom	248c078	2001-07-04 03:40:39 +0000	[diff] [blame]	417	uid_t uid = pw->pw_uid;
Ben Lindstrom	c3e49e7	2001-10-03 17:55:26 +0000	[diff] [blame]	418	char buf[MAXPATHLEN], homedir[MAXPATHLEN];
Ben Lindstrom	bfb3a0e	2001-06-05 20:25:05 +0000	[diff] [blame]	419	char *cp;
Ben Lindstrom	485075e	2002-11-09 15:45:12 +0000	[diff] [blame]	420	int comparehome = 0;
Ben Lindstrom	bfb3a0e	2001-06-05 20:25:05 +0000	[diff] [blame]	421	struct stat st;
				422
				423	if (realpath(file, buf) == NULL) {
				424	snprintf(err, errlen, "realpath %s failed: %s", file,
				425	strerror(errno));
				426	return -1;
				427	}
Ben Lindstrom	485075e	2002-11-09 15:45:12 +0000	[diff] [blame]	428	if (realpath(pw->pw_dir, homedir) != NULL)
				429	comparehome = 1;
Ben Lindstrom	bfb3a0e	2001-06-05 20:25:05 +0000	[diff] [blame]	430
				431	/* check the open file to avoid races */
				432	if (fstat(fileno(f), &st) < 0 \|\|
				433	(st.st_uid != 0 && st.st_uid != uid) \|\|
				434	(st.st_mode & 022) != 0) {
				435	snprintf(err, errlen, "bad ownership or modes for file %s",
				436	buf);
				437	return -1;
				438	}
				439
				440	/* for each component of the canonical path, walking upwards */
				441	for (;;) {
				442	if ((cp = dirname(buf)) == NULL) {
				443	snprintf(err, errlen, "dirname() failed");
				444	return -1;
				445	}
				446	strlcpy(buf, cp, sizeof(buf));
				447
				448	debug3("secure_filename: checking '%s'", buf);
				449	if (stat(buf, &st) < 0 \|\|
				450	(st.st_uid != 0 && st.st_uid != uid) \|\|
				451	(st.st_mode & 022) != 0) {
Damien Miller	9f0f5c6	2001-12-21 14:45:46 +1100	[diff] [blame]	452	snprintf(err, errlen,
Ben Lindstrom	bfb3a0e	2001-06-05 20:25:05 +0000	[diff] [blame]	453	"bad ownership or modes for directory %s", buf);
				454	return -1;
				455	}
				456
Damien Miller	0ae6e00	2001-07-14 12:21:34 +1000	[diff] [blame]	457	/* If are passed the homedir then we can stop */
Ben Lindstrom	485075e	2002-11-09 15:45:12 +0000	[diff] [blame]	458	if (comparehome && strcmp(homedir, buf) == 0) {
Damien Miller	0ae6e00	2001-07-14 12:21:34 +1000	[diff] [blame]	459	debug3("secure_filename: terminating check at '%s'",
				460	buf);
				461	break;
				462	}
Ben Lindstrom	bfb3a0e	2001-06-05 20:25:05 +0000	[diff] [blame]	463	/*
				464	* dirname should always complete with a "/" path,
				465	* but we can be paranoid and check for "." too
				466	*/
				467	if ((strcmp("/", buf) == 0) \|\| (strcmp(".", buf) == 0))
				468	break;
				469	}
				470	return 0;
				471	}
Ben Lindstrom	2ae18f4	2002-03-22 01:24:38 +0000	[diff] [blame]	472
				473	struct passwd *
				474	getpwnamallow(const char *user)
				475	{
Ben Lindstrom	b481e13	2002-03-22 01:35:47 +0000	[diff] [blame]	476	#ifdef HAVE_LOGIN_CAP
				477	extern login_cap_t *lc;
				478	#ifdef BSD_AUTH
				479	auth_session_t *as;
				480	#endif
				481	#endif
Ben Lindstrom	2ae18f4	2002-03-22 01:24:38 +0000	[diff] [blame]	482	struct passwd *pw;
				483
				484	pw = getpwnam(user);
Damien Miller	6f0a188	2002-09-22 01:26:51 +1000	[diff] [blame]	485	if (pw == NULL) {
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	486	logit("Illegal user %.100s from %.100s",
Damien Miller	6f0a188	2002-09-22 01:26:51 +1000	[diff] [blame]	487	user, get_remote_ipaddr());
Darren Tucker	97363a8	2003-05-02 23:42:25 +1000	[diff] [blame]	488	#ifdef CUSTOM_FAILED_LOGIN
				489	record_failed_login(user, "ssh");
Ben Lindstrom	f5397c0	2002-11-09 16:11:10 +0000	[diff] [blame]	490	#endif
Damien Miller	6f0a188	2002-09-22 01:26:51 +1000	[diff] [blame]	491	return (NULL);
				492	}
				493	if (!allowed_user(pw))
Ben Lindstrom	b481e13	2002-03-22 01:35:47 +0000	[diff] [blame]	494	return (NULL);
				495	#ifdef HAVE_LOGIN_CAP
				496	if ((lc = login_getclass(pw->pw_class)) == NULL) {
				497	debug("unable to get login class: %s", user);
				498	return (NULL);
				499	}
				500	#ifdef BSD_AUTH
				501	if ((as = auth_open()) == NULL \|\| auth_setpwd(as, pw) != 0 \|\|
Damien Miller	13e35a0	2002-05-22 14:04:11 +1000	[diff] [blame]	502	auth_approval(as, lc, pw->pw_name, "ssh") <= 0) {
Ben Lindstrom	b481e13	2002-03-22 01:35:47 +0000	[diff] [blame]	503	debug("Approval failure for %s", user);
Ben Lindstrom	2ae18f4	2002-03-22 01:24:38 +0000	[diff] [blame]	504	pw = NULL;
Ben Lindstrom	b481e13	2002-03-22 01:35:47 +0000	[diff] [blame]	505	}
				506	if (as != NULL)
				507	auth_close(as);
				508	#endif
				509	#endif
Ben Lindstrom	f34e4eb	2002-03-22 03:08:30 +0000	[diff] [blame]	510	if (pw != NULL)
				511	return (pwcopy(pw));
				512	return (NULL);
Ben Lindstrom	2ae18f4	2002-03-22 01:24:38 +0000	[diff] [blame]	513	}
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	514
				515	void
				516	auth_debug_add(const char *fmt,...)
				517	{
				518	char buf[1024];
				519	va_list args;
				520
				521	if (!auth_debug_init)
				522	return;
				523
				524	va_start(args, fmt);
				525	vsnprintf(buf, sizeof(buf), fmt, args);
				526	va_end(args);
				527	buffer_put_cstring(&auth_debug, buf);
				528	}
				529
				530	void
				531	auth_debug_send(void)
				532	{
				533	char *msg;
				534
				535	if (!auth_debug_init)
				536	return;
				537	while (buffer_len(&auth_debug)) {
				538	msg = buffer_get_string(&auth_debug, NULL);
				539	packet_send_debug("%s", msg);
				540	xfree(msg);
				541	}
				542	}
				543
				544	void
				545	auth_debug_reset(void)
				546	{
				547	if (auth_debug_init)
				548	buffer_clear(&auth_debug);
				549	else {
				550	buffer_init(&auth_debug);
				551	auth_debug_init = 1;
				552	}
				553	}
Damien Miller	856f0be	2003-09-03 07:32:45 +1000	[diff] [blame]	554
				555	struct passwd *
				556	fakepw(void)
				557	{
				558	static struct passwd fake;
				559
				560	memset(&fake, 0, sizeof(fake));
				561	fake.pw_name = "NOUSER";
				562	fake.pw_passwd =
Damien Miller	787b2ec	2003-11-21 23:56:47 +1100	[diff] [blame]	563	"$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK";
Damien Miller	856f0be	2003-09-03 07:32:45 +1000	[diff] [blame]	564	fake.pw_gecos = "NOUSER";
Darren Tucker	1f8311c	2004-05-13 16:39:33 +1000	[diff] [blame]	565	fake.pw_uid = (uid_t)-1;
				566	fake.pw_gid = (gid_t)-1;
Damien Miller	856f0be	2003-09-03 07:32:45 +1000	[diff] [blame]	567	#ifdef HAVE_PW_CLASS_IN_PASSWD
				568	fake.pw_class = "";
				569	#endif
				570	fake.pw_dir = "/nonexist";
				571	fake.pw_shell = "/nonexist";
				572
				573	return (&fake);
				574	}