[auth-passwd.c auth.c auth.h auth1.c auth2.c servconf.c servconf.h
      ssh-keygen.c sshd.8]
     PermitRootLogin={yes,without-password,forced-commands-only,no}
     (before this change, root could login even if PermitRootLogin==no)
This commit is contained in:
Ben Lindstrom 2001-02-15 03:08:27 +00:00
parent 06b33aa0e8
commit d8a9021f36
10 changed files with 72 additions and 41 deletions

View File

@ -15,6 +15,11 @@
3) or the 'MACs' keyword in ssh(d)_config
4) add hmac-{md5,sha1}-96
ok stevesk@, provos@
- markus@cvs.openbsd.org 2001/02/12 16:16:23
[auth-passwd.c auth.c auth.h auth1.c auth2.c servconf.c servconf.h
ssh-keygen.c sshd.8]
PermitRootLogin={yes,without-password,forced-commands-only,no}
(before this change, root could login even if PermitRootLogin==no)
20010214
- (djm) Don't try to close PAM session or delete credentials if the
@ -3943,4 +3948,4 @@
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1
$Id: ChangeLog,v 1.763 2001/02/15 03:01:59 mouring Exp $
$Id: ChangeLog,v 1.764 2001/02/15 03:08:27 mouring Exp $

View File

@ -36,7 +36,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth-passwd.c,v 1.20 2001/01/21 19:05:42 markus Exp $");
RCSID("$OpenBSD: auth-passwd.c,v 1.21 2001/02/12 16:16:23 markus Exp $");
#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA)
@ -110,7 +110,7 @@ auth_password(struct passwd * pw, const char *password)
if (pw == NULL)
return 0;
#ifndef HAVE_CYGWIN
if (pw->pw_uid == 0 && options.permit_root_login == 2)
if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
return 0;
#endif
#ifdef HAVE_CYGWIN

29
auth.c
View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth.c,v 1.16 2001/02/04 15:32:22 stevesk Exp $");
RCSID("$OpenBSD: auth.c,v 1.17 2001/02/12 16:16:23 markus Exp $");
#ifdef HAVE_LOGIN_H
#include <login.h>
@ -216,19 +216,26 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info)
}
/*
* Check if the user is logging in as root and root logins are disallowed.
* Note that root login is _allways_ allowed for forced commands.
* Check whether root logins are disallowed.
*/
int
auth_root_allowed(void)
auth_root_allowed(char *method)
{
if (options.permit_root_login)
switch (options.permit_root_login) {
case PERMIT_YES:
return 1;
if (forced_command) {
log("Root login accepted for forced command.");
return 1;
} else {
log("ROOT LOGIN REFUSED FROM %.200s", get_remote_ipaddr());
return 0;
break;
case PERMIT_NO_PASSWD:
if (strcmp(method, "password") != 0)
return 1;
break;
case PERMIT_FORCED_ONLY:
if (forced_command) {
log("Root login accepted for forced command.");
return 1;
}
break;
}
log("ROOT LOGIN REFUSED FROM %.200s", get_remote_ipaddr());
return 0;
}

4
auth.h
View File

@ -21,7 +21,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* $OpenBSD: auth.h,v 1.10 2001/01/21 19:05:43 markus Exp $
* $OpenBSD: auth.h,v 1.11 2001/02/12 16:16:23 markus Exp $
*/
#ifndef AUTH_H
#define AUTH_H
@ -112,7 +112,7 @@ void do_authentication2(void);
Authctxt *authctxt_new(void);
void auth_log(Authctxt *authctxt, int authenticated, char *method, char *info);
void userauth_reply(Authctxt *authctxt, int authenticated);
int auth_root_allowed(void);
int auth_root_allowed(char *method);
int auth2_challenge(Authctxt *authctxt, char *devs);

View File

@ -10,7 +10,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth1.c,v 1.15 2001/02/07 22:35:45 markus Exp $");
RCSID("$OpenBSD: auth1.c,v 1.16 2001/02/12 16:16:23 markus Exp $");
#include "xmalloc.h"
#include "rsa.h"
@ -316,7 +316,8 @@ do_authloop(Authctxt *authctxt)
}
#else
/* Special handling for root */
if (authenticated && authctxt->pw->pw_uid == 0 && !auth_root_allowed())
if (authenticated && authctxt->pw->pw_uid == 0 &&
!auth_root_allowed(get_authname(type)))
authenticated = 0;
#endif
#ifdef USE_PAM

View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth2.c,v 1.40 2001/02/10 12:52:02 markus Exp $");
RCSID("$OpenBSD: auth2.c,v 1.41 2001/02/12 16:16:23 markus Exp $");
#include <openssl/evp.h>
@ -230,7 +230,8 @@ input_userauth_request(int type, int plen, void *ctxt)
authctxt->user);
/* Special handling for root */
if (authenticated && authctxt->pw->pw_uid == 0 && !auth_root_allowed())
if (authenticated && authctxt->pw->pw_uid == 0 &&
!auth_root_allowed(method))
authenticated = 0;
#ifdef USE_PAM

View File

@ -10,7 +10,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: servconf.c,v 1.66 2001/02/11 12:59:25 markus Exp $");
RCSID("$OpenBSD: servconf.c,v 1.67 2001/02/12 16:16:23 markus Exp $");
#ifdef KRB4
#include <krb.h>
@ -51,7 +51,7 @@ initialize_server_options(ServerOptions *options)
options->server_key_bits = -1;
options->login_grace_time = -1;
options->key_regeneration_time = -1;
options->permit_root_login = -1;
options->permit_root_login = PERMIT_NOT_SET;
options->ignore_rhosts = -1;
options->ignore_user_known_hosts = -1;
options->print_motd = -1;
@ -122,8 +122,8 @@ fill_default_server_options(ServerOptions *options)
options->login_grace_time = 600;
if (options->key_regeneration_time == -1)
options->key_regeneration_time = 3600;
if (options->permit_root_login == -1)
options->permit_root_login = 1; /* yes */
if (options->permit_root_login == PERMIT_NOT_SET)
options->permit_root_login = PERMIT_YES;
if (options->ignore_rhosts == -1)
options->ignore_rhosts = 1;
if (options->ignore_user_known_hosts == -1)
@ -453,14 +453,17 @@ parse_filename:
exit(1);
}
if (strcmp(arg, "without-password") == 0)
value = 2;
value = PERMIT_NO_PASSWD;
else if (strcmp(arg, "forced-commands-only") == 0)
value = PERMIT_FORCED_ONLY;
else if (strcmp(arg, "yes") == 0)
value = 1;
value = PERMIT_YES;
else if (strcmp(arg, "no") == 0)
value = 0;
value = PERMIT_NO;
else {
fprintf(stderr, "%s line %d: Bad yes/without-password/no argument: %s\n",
filename, linenum, arg);
fprintf(stderr, "%s line %d: Bad yes/"
"without-password/forced-commands-only/no "
"argument: %s\n", filename, linenum, arg);
exit(1);
}
if (*intptr == -1)

View File

@ -11,7 +11,7 @@
* called by a name other than "ssh" or "Secure Shell".
*/
/* RCSID("$OpenBSD: servconf.h,v 1.37 2001/02/11 12:59:25 markus Exp $"); */
/* RCSID("$OpenBSD: servconf.h,v 1.38 2001/02/12 16:16:23 markus Exp $"); */
#ifndef SERVCONF_H
#define SERVCONF_H
@ -25,6 +25,14 @@
#define MAX_SUBSYSTEMS 256 /* Max # subsystems. */
#define MAX_HOSTKEYS 256 /* Max # hostkeys. */
/* permit_root_login */
#define PERMIT_NOT_SET -1
#define PERMIT_NO 0
#define PERMIT_FORCED_ONLY 1
#define PERMIT_NO_PASSWD 2
#define PERMIT_YES 3
typedef struct {
u_int num_ports;
u_int ports_from_cmdline;
@ -38,7 +46,7 @@ typedef struct {
int login_grace_time; /* Disconnect if no auth in this time
* (sec). */
int key_regeneration_time; /* Server key lifetime (seconds). */
int permit_root_login; /* If true, permit root login. */
int permit_root_login; /* PERMIT_*, see above */
int ignore_rhosts; /* Ignore .rhosts and .shosts. */
int ignore_user_known_hosts; /* Ignore ~/.ssh/known_hosts
* for RhostsRsaAuth */

View File

@ -12,7 +12,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: ssh-keygen.c,v 1.42 2001/02/04 15:32:26 stevesk Exp $");
RCSID("$OpenBSD: ssh-keygen.c,v 1.43 2001/02/12 16:16:23 markus Exp $");
#include <openssl/evp.h>
#include <openssl/pem.h>
@ -532,6 +532,7 @@ do_change_comment(struct passwd *pw)
public = key_new(KEY_RSA1);
if (!load_public_key(identity_file, public, NULL)) {
printf("%s is not a valid key file.\n", identity_file);
printf("Comments are only supported in RSA1 keys\n");
exit(1);
}

23
sshd.8
View File

@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: sshd.8,v 1.93 2001/02/11 12:59:25 markus Exp $
.\" $OpenBSD: sshd.8,v 1.94 2001/02/12 16:16:24 markus Exp $
.Dd September 25, 1999
.Dt SSHD 8
.Os
@ -552,21 +552,26 @@ Specifies whether the root can log in using
.Xr ssh 1 .
The argument must be
.Dq yes ,
.Dq without-password
.Dq without-password ,
.Dq forced-commands-only
or
.Dq no .
The default is
.Dq yes .
If this options is set to
.Dq without-password
only password authentication is disabled for root.
.Pp
Root login with RSA authentication when the
If this option is set to
.Dq without-password
password authentication is disabled for root.
.Pp
If this option is set to
.Dq forced-commands-only
root login with public key authentication will be allowed,
but only if the
.Ar command
option has been
specified will be allowed regardless of the value of this setting
option has been specified
(which may be useful for taking remote backups even if root login is
normally not allowed).
normally not allowed). All other authentication methods are disabled
for root.
.It Cm PidFile
Specifies the file that contains the process identifier of the
.Nm