Re: PRIVSEP annoys me.

From: Markus Friedl (markus@openbsd.org)
Date: 03/28/03

  • Next message: James Dennis: "Re: PRIVSEP annoys me." 
    Date: Fri, 28 Mar 2003 18:39:55 +0100
From: Markus Friedl <markus@openbsd.org>
To: ???? ???? <phanix@hotmail.com>

    what's the point of using a new message type if it's the same as
    RSAAuthentication?

    the stat() fails because the process that reads
    from the network is chrooted.

    check PRIVSEP() in auth-rsa.c to figure out how
    RSAAuthentication works with PRIVSEP.

    On Fri, Mar 28, 2003 at 03:42:06PM +0800, ???? ???? wrote:
    >
    > I added a new authentication method to openssh called ICCAuthentication(IC
    > card).
    > When server receives SSH_CMSG_AUTH_ICC, it reads the rsa public key file in
    > the user's home dir(e. g. /home/peter/.icc/authorized_key), gets the
    > pubkey,
    > generates an 32 8-bit long random number, encrypts it with the pubkey, and
    > send
    > it to the client as an challenge, just like RSAAuthentication. The client
    > then
    > decrypts the challenge with the private key in the user's IC card, and send
    > a
    > response to the server.
    >
    > Here is the auth_icc_prepare_key() function in my auth-icc.c.
    > This function gets the pubkey in the ~/.icc/authorized_key file.
    >
    > int
    > auth_icc_prepare_key(struct passwd *pw, Key **rkey)
    > {
    > char line[8192], file[MAXPATHLEN];
    > u_char n_e[131];
    > FILE *f;
    > struct stat st;
    > Key *key;
    >
    > /* Temporarily use the user's uid. */
    > temporarily_use_uid(pw);
    >
    > /* The authorized key file. */
    > snprintf( file, sizeof file, "%.500s/%.100s", pw->pw_dir,
    > _PATH_SSH_USER_ICC_PERMITTED_KEY );
    >
    > debug("trying public RSA key file %s", file);
    >
    > /* Fail quietly if file does not exist */
    > /* If UsePriviledgeSeperation is yes, stat() always fails. */
    > if (stat(file, &st) < 0) {
    > /* Restore the privileged uid. */
    > debug("Public key file does not exist.");
    > restore_uid();
    > return 0;
    > }
    >
    > /* Open the file containing the authorized keys. */
    > f = fopen(file, "r");
    > if (!f) {
    > packet_send_debug("Could not open file %.900s
    > for reading.",file);
    > packet_send_debug("If your home is on an NFS volume,
    > it may need to be world-readable.");
    > /* Restore the privileged uid. */
    > restore_uid();
    > return 0;
    > }
    >
    > if (options.strict_modes &&
    > secure_filename(f, file, pw, line, sizeof(line)) != 0) {
    > fclose(f);
    > log("Authentication refused: %s", line);
    > restore_uid();
    > return 0;
    > }
    >
    > key = key_new(KEY_RSA);
    >
    > /*
    > * Get the public key from the file. If ok, perform a
    > * challenge-response dialog to verify that the user has
    > * the right IC card.
    > */
    > if( fread( n_e, 131, 1, f ) < 1 ) {
    > restore_uid();
    > packet_send_debug("Read file %.900s error.",file);
    > return 0;
    > }
    > key->rsa->n = BN_bin2bn( n_e, 128, NULL );
    > key->rsa->e = BN_bin2bn( n_e+128, 3, NULL );
    >
    > /* Restore the privileged uid. */
    > restore_uid();
    >
    > /* Close the file. */
    > fclose(f);
    >
    > /* return key if allowed */
    > if ( rkey != NULL ) {
    > *rkey = key;
    > return 1;
    > } else {
    > key_free(key);
    > return 0;
    > }
    > }
    >
    > Everything is ok if in sshd_config: "UsePriviledgeSeperation no".
    > If I set "UsePriviledgeSeperation" yes, the stat() in the function always
    > returns <0, but the file does exists.
    > I set the file as:
    > /home/peter/.icc/authorized_key peter.peter rw-r--r--
    >
    > Why in privsep the sshd cannot access the file?
    > Please help me.
    > Thank you.
    >
    > xhtech. Beijing
    >
    >
    >
    >
    >
    > _________________________________________________________________
    > ?????????????????????????????? MSN Hotmail?? http://www.hotmail.com
    >

  • Next message: James Dennis: "Re: PRIVSEP annoys me."