- provos@cvs.openbsd.org 2001/06/25 17:54:47

[auth.c auth.h auth-rsa.c] terminate secure_filename checking after checking homedir. that way it works on AFS. okay markus@
2001-07-04 03:40:39 +00:00 · 2001-07-04 03:40:39 +00:00 · 248c0784bf
--- a/6
+++ b/6
@ -9,6 +9,10 @@
     [ssh-keygen.1]
     sshd(8) will never read the private keys, but ssh(1) does; 
     hugh@mimosa.com
+   - provos@cvs.openbsd.org 2001/06/25 17:54:47
+     [auth.c auth.h auth-rsa.c]
+     terminate secure_filename checking after checking homedir.  that way 
+     it

 20010629
 - (bal) Removed net_aton() since we don't use it any more
@ -5836,4 +5840,4 @@
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1

-$Id: ChangeLog,v 1.1346 2001/07/04 03:35:24 mouring Exp $
+$Id: ChangeLog,v 1.1347 2001/07/04 03:40:39 mouring Exp $
--- a/auth-rsa.c
+++ b/auth-rsa.c
@ -14,7 +14,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: auth-rsa.c,v 1.42 2001/06/22 21:55:48 markus Exp $");
+RCSID("$OpenBSD: auth-rsa.c,v 1.43 2001/06/25 17:54:47 provos Exp $");

 #include <openssl/rsa.h>
 #include <openssl/md5.h>
@ -159,7 +159,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
 		return 0;
 	}
 	if (options.strict_modes &&
-	    secure_filename(f, file, pw->pw_uid, line, sizeof(line)) != 0) {
+	    secure_filename(f, file, pw, line, sizeof(line)) != 0) {
 		xfree(file);
 		fclose(f);
 		log("Authentication refused: %s", line);
--- a/auth.c
+++ b/auth.c
@ -23,7 +23,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.24 2001/06/23 00:20:57 markus Exp $");
+RCSID("$OpenBSD: auth.c,v 1.25 2001/06/25 17:54:48 provos Exp $");

 #ifdef HAVE_LOGIN_H
 #include <login.h>
@ -351,12 +351,17 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,
 * Returns 0 on success and -1 on failure
 */
 int
-secure_filename(FILE *f, const char *file, uid_t uid, char *err, size_t errlen)
+secure_filename(FILE *f, const char *file, struct passwd *pw,
+    char *err, size_t errlen)
 {
+	uid_t uid = pw->pw_uid;
+	char homedir[MAXPATHLEN];
 	char buf[MAXPATHLEN];
 	char *cp;
 	struct stat st;

+	strlcpy(homedir, dirname(pw->pw_dir), sizeof(homedir));
+
 	if (realpath(file, buf) == NULL) {
 		snprintf(err, errlen, "realpath %s failed: %s", file,
 		    strerror(errno));
@ -372,6 +377,8 @@ secure_filename(FILE *f, const char *file, uid_t uid, char *err, size_t errlen)
 		return -1;
 	}

+	debug3("secure_filename: terminating check at '%s'", homedir);
+
 	/* for each component of the canonical path, walking upwards */
 	for (;;) {
 		if ((cp = dirname(buf)) == NULL) {
@ -380,6 +387,10 @@ secure_filename(FILE *f, const char *file, uid_t uid, char *err, size_t errlen)
 		}
 		strlcpy(buf, cp, sizeof(buf));

+		/* If are passed the homedir then we can stop */
+		if (strcmp(buf, homedir) == 0)
+			break;
+
 		debug3("secure_filename: checking '%s'", buf);
 		if (stat(buf, &st) < 0 ||
 		    (st.st_uid != 0 && st.st_uid != uid) ||
--- a/auth.h
+++ b/auth.h
@ -21,7 +21,7 @@
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
- * $OpenBSD: auth.h,v 1.18 2001/06/23 00:20:58 markus Exp $
+ * $OpenBSD: auth.h,v 1.19 2001/06/25 17:54:49 provos Exp $
 */
 #ifndef AUTH_H
 #define AUTH_H
@ -168,7 +168,8 @@ char	*authorized_keys_file2(struct passwd *pw);

 /* check a file and the path to it */
 int
-secure_filename(FILE *f, const char *file, uid_t u, char *err, size_t errlen);
+secure_filename(FILE *f, const char *file, struct passwd *pw,
+    char *err, size_t errlen);

 /* helper for hostbased auth */
 HostStatus