summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2002-03-22 03:11:49 +0000
committerBen Lindstrom <mouring@eviladmin.org>2002-03-22 03:11:49 +0000
commitc7431341911e911993776c357ca57d1fb7ed1b23 (patch)
tree3e7fec3c3985b8f7584b4a03ce7df035d361c442
parentf34e4eb6c730fa38640aeef5f6801035caaba460 (diff)
- stevesk@cvs.openbsd.org 2002/03/20 19:12:25
[servconf.c servconf.h ssh.h sshd.c] for unprivileged user, group do: pw=getpwnam(SSH_PRIVSEP_USER); do_setusercontext(pw). ok provos@
-rw-r--r--ChangeLog6
-rw-r--r--servconf.c21
-rw-r--r--servconf.h5
-rw-r--r--ssh.h9
-rw-r--r--sshd.c15
5 files changed, 26 insertions, 30 deletions
diff --git a/ChangeLog b/ChangeLog
index ed52bdc9..48a67cb0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -100,6 +100,10 @@
- markus@cvs.openbsd.org 2002/03/19 15:31:47
[auth.c]
check for NULL; from provos@
+ - stevesk@cvs.openbsd.org 2002/03/20 19:12:25
+ [servconf.c servconf.h ssh.h sshd.c]
+ for unprivileged user, group do:
+ pw=getpwnam(SSH_PRIVSEP_USER); do_setusercontext(pw). ok provos@
20020317
- (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is wanted,
@@ -7946,4 +7950,4 @@
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1
-$Id: ChangeLog,v 1.1953 2002/03/22 03:08:30 mouring Exp $
+$Id: ChangeLog,v 1.1954 2002/03/22 03:11:49 mouring Exp $
diff --git a/servconf.c b/servconf.c
index 08585490..8e6ee5bb 100644
--- a/servconf.c
+++ b/servconf.c
@@ -10,7 +10,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.104 2002/03/19 03:03:43 stevesk Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.105 2002/03/20 19:12:24 stevesk Exp $");
#if defined(KRB4) || defined(KRB5)
#include <krb.h>
@@ -113,9 +113,6 @@ initialize_server_options(ServerOptions *options)
options->authorized_keys_file = NULL;
options->authorized_keys_file2 = NULL;
- options->unprivileged_user = -1;
- options->unprivileged_group = -1;
-
/* Needs to be accessable in many places */
use_privsep = -1;
}
@@ -247,10 +244,6 @@ fill_default_server_options(ServerOptions *options)
/* Turn privilege separation _off_ by default */
if (use_privsep == -1)
use_privsep = 0;
- if (options->unprivileged_user == -1)
- options->unprivileged_user = 32767;
- if (options->unprivileged_group == -1)
- options->unprivileged_group = 32767;
}
/* Keyword tokens. */
@@ -283,7 +276,7 @@ typedef enum {
sBanner, sVerifyReverseMapping, sHostbasedAuthentication,
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
- sUsePrivilegeSeparation, sUnprivUser, sUnprivGroup,
+ sUsePrivilegeSeparation,
sDeprecated
} ServerOpCodes;
@@ -360,8 +353,6 @@ static struct {
{ "authorizedkeysfile", sAuthorizedKeysFile },
{ "authorizedkeysfile2", sAuthorizedKeysFile2 },
{ "useprivilegeseparation", sUsePrivilegeSeparation},
- { "unprivuser", sUnprivUser},
- { "unprivgroup", sUnprivGroup},
{ NULL, sBadOption }
};
@@ -742,14 +733,6 @@ parse_flag:
intptr = &use_privsep;
goto parse_flag;
- case sUnprivUser:
- intptr = &options->unprivileged_user;
- goto parse_int;
-
- case sUnprivGroup:
- intptr = &options->unprivileged_group;
- goto parse_int;
-
case sAllowUsers:
while ((arg = strdelim(&cp)) && *arg != '\0') {
if (options->num_allow_users >= MAX_ALLOW_USERS)
diff --git a/servconf.h b/servconf.h
index 06afaa3c..c4e5b5f4 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.56 2002/03/19 03:03:43 stevesk Exp $ */
+/* $OpenBSD: servconf.h,v 1.57 2002/03/20 19:12:25 stevesk Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -130,9 +130,6 @@ typedef struct {
char *authorized_keys_file; /* File containing public keys */
char *authorized_keys_file2;
int pam_authentication_via_kbd_int;
-
- int unprivileged_user; /* User unprivileged child uses */
- int unprivileged_group; /* Group unprivileged child uses */
} ServerOptions;
void initialize_server_options(ServerOptions *);
diff --git a/ssh.h b/ssh.h
index fdf554df..078c9f7c 100644
--- a/ssh.h
+++ b/ssh.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.h,v 1.64 2002/03/04 17:27:39 stevesk Exp $ */
+/* $OpenBSD: ssh.h,v 1.65 2002/03/20 19:12:25 stevesk Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -99,4 +99,11 @@
/* Used to identify ``EscapeChar none'' */
#define SSH_ESCAPECHAR_NONE -2
+/*
+ * unprivileged user when UsePrivilegeSeparation=yes;
+ * sshd will change its pivileges to this user and its
+ * primary group.
+ */
+#define SSH_PRIVSEP_USER "nobody"
+
#endif /* SSH_H */
diff --git a/sshd.c b/sshd.c
index b6e71d84..dc109815 100644
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.234 2002/03/19 10:49:35 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.235 2002/03/20 19:12:25 stevesk Exp $");
#include <openssl/dh.h>
#include <openssl/bn.h>
@@ -521,6 +521,7 @@ privsep_preauth_child(void)
{
u_int32_t rand[256];
int i;
+ struct passwd *pw;
/* Enable challenge-response authentication for privilege separation */
privsep_challenge_enable();
@@ -532,6 +533,11 @@ privsep_preauth_child(void)
/* Demote the private keys to public keys. */
demote_sensitive_data();
+ if ((pw = getpwnam(SSH_PRIVSEP_USER)) == NULL)
+ fatal("%s: no user", SSH_PRIVSEP_USER);
+ memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
+ endpwent();
+
/* Change our root directory*/
if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
@@ -540,10 +546,9 @@ privsep_preauth_child(void)
fatal("chdir(/)");
/* Drop our privileges */
- setegid(options.unprivileged_group);
- setgid(options.unprivileged_group);
- seteuid(options.unprivileged_user);
- setuid(options.unprivileged_user);
+ debug3("privsep user:group %u:%u", (u_int)pw->pw_uid,
+ (u_int)pw->pw_gid);
+ do_setusercontext(pw);
}
static void