tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-31 01:35:11 +02:00
Code Issues Packages Projects Releases Wiki Activity

- (djm) [sshd.c auth.c] Set up fakepw() with privsep uid/gid, so it can

Browse Source 
be used to drop privilege to; fixes Solaris GSSAPI crash reported by
   Magnus Abrante; suggestion and feedback dtucker@
   NB. this change will require that the privilege separation user must
   exist on all the time, not just when UsePrivilegeSeparation=yes
This commit is contained in:
Damien Miller 2006-09-07 10:36:43 +10:00
parent 6e1033318c
commit 6433df036e
3 changed files with 28 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
ChangeLog
View File

@ -1,3 +1,10 @@
20060907
- (djm) [sshd.c auth.c] Set up fakepw() with privsep uid/gid, so it can
be used to drop privilege to; fixes Solaris GSSAPI crash reported by
Magnus Abrante; suggestion and feedback dtucker@
NB. this change will require that the privilege separation user must
exist on all the time, not just when UsePrivilegeSeparation=yes
20060905 20060905
- (dtucker) [configure.ac] s/AC_DEFINES/AC_DEFINE/ spotted by Roumen Petrov. - (dtucker) [configure.ac] s/AC_DEFINES/AC_DEFINE/ spotted by Roumen Petrov.
- (dtucker) [loginrec.c] Include paths.h for _PATH_BTMP. - (dtucker) [loginrec.c] Include paths.h for _PATH_BTMP.
@ -5399,4 +5406,4 @@
- (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
$Id: ChangeLog,v 1.4531 2006/09/05 09:25:19 dtucker Exp $ $Id: ChangeLog,v 1.4532 2006/09/07 00:36:43 djm Exp $

3
auth.c
View File

@ -73,6 +73,7 @@
extern ServerOptions options; extern ServerOptions options;
extern int use_privsep; extern int use_privsep;
extern Buffer loginmsg; extern Buffer loginmsg;
extern struct passwd *privsep_pw;
/* Debugging messages */ /* Debugging messages */
Buffer auth_debug; Buffer auth_debug;
@ -570,6 +571,8 @@ fakepw(void)
fake.pw_gecos = "NOUSER"; fake.pw_gecos = "NOUSER";
fake.pw_uid = (uid_t)-1; fake.pw_uid = (uid_t)-1;
fake.pw_gid = (gid_t)-1; fake.pw_gid = (gid_t)-1;
fake.pw_uid = privsep_pw->pw_uid;
fake.pw_gid = privsep_pw->pw_gid;
#ifdef HAVE_PW_CLASS_IN_PASSWD #ifdef HAVE_PW_CLASS_IN_PASSWD
fake.pw_class = ""; fake.pw_class = "";
#endif #endif

32
sshd.c
View File

@ -244,6 +244,9 @@ Buffer cfg;
/* message to be displayed after login */ /* message to be displayed after login */
Buffer loginmsg; Buffer loginmsg;
/* Unprivileged user */
struct passwd *privsep_pw = NULL;
/* Prototypes for various functions defined later in this file. */ /* Prototypes for various functions defined later in this file. */
void destroy_sensitive_data(void); void destroy_sensitive_data(void);
void demote_sensitive_data(void); void demote_sensitive_data(void);
@ -579,7 +582,6 @@ privsep_preauth_child(void)
{ {
u_int32_t rnd[256]; u_int32_t rnd[256];
gid_t gidset[1]; gid_t gidset[1];
struct passwd *pw;
int i; int i;
/* Enable challenge-response authentication for privilege separation */ /* Enable challenge-response authentication for privilege separation */
@ -592,12 +594,6 @@ privsep_preauth_child(void)
/* Demote the private keys to public keys. */ /* Demote the private keys to public keys. */
demote_sensitive_data(); demote_sensitive_data();
if ((pw = getpwnam(SSH_PRIVSEP_USER)) == NULL)
fatal("Privilege separation user %s does not exist",
SSH_PRIVSEP_USER);
memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
endpwent();
/* Change our root directory */ /* Change our root directory */
if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
@ -606,16 +602,16 @@ privsep_preauth_child(void)
fatal("chdir(\"/\"): %s", strerror(errno)); fatal("chdir(\"/\"): %s", strerror(errno));
/* Drop our privileges */ /* Drop our privileges */
debug3("privsep user:group %u:%u", (u_int)pw->pw_uid, debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid,
(u_int)pw->pw_gid); (u_int)privsep_pw->pw_gid);
#if 0 #if 0
/* XXX not ready, too heavy after chroot */ /* XXX not ready, too heavy after chroot */
do_setusercontext(pw); do_setusercontext(privsep_pw);
#else #else
gidset[0] = pw->pw_gid; gidset[0] = privsep_pw->pw_gid;
if (setgroups(1, gidset) < 0) if (setgroups(1, gidset) < 0)
fatal("setgroups: %.100s", strerror(errno)); fatal("setgroups: %.100s", strerror(errno));
permanently_set_uid(pw); permanently_set_uid(privsep_pw);
#endif #endif
} }
@ -1435,6 +1431,15 @@ main(int ac, char **av)
debug("sshd version %.100s", SSH_RELEASE); debug("sshd version %.100s", SSH_RELEASE);
/* Store privilege separation user for later use */
if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL)
fatal("Privilege separation user %s does not exist",
SSH_PRIVSEP_USER);
memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd));
strlcpy(privsep_pw->pw_passwd, "*", sizeof(privsep_pw->pw_passwd));
privsep_pw = pwcopy(privsep_pw);
endpwent();
/* load private host keys */ /* load private host keys */
sensitive_data.host_keys = xcalloc(options.num_host_key_files, sensitive_data.host_keys = xcalloc(options.num_host_key_files,
sizeof(Key *)); sizeof(Key *));
@ -1504,9 +1509,6 @@ main(int ac, char **av)
if (use_privsep) { if (use_privsep) {
struct stat st; struct stat st;
if (getpwnam(SSH_PRIVSEP_USER) == NULL)
fatal("Privilege separation user %s does not exist",
SSH_PRIVSEP_USER);
if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &st) == -1) || if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &st) == -1) ||
(S_ISDIR(st.st_mode) == 0)) (S_ISDIR(st.st_mode) == 0))
fatal("Missing privilege separation directory: %s", fatal("Missing privilege separation directory: %s",