RE: PRIVSEP annoys me. - Part 2

From: Chris Macneill (chris.macneill@eguesswork.co.uk)
Date: 03/28/03

  • Next message: Niels Provos: "Re: PRIVSEP annoys me."
    From: "Chris Macneill" <chris.macneill@eguesswork.co.uk>
    To: "'¶«·½ ó»ÎÄ'" <phanix@hotmail.com>, <secureshell@securityfocus.com>
    Date: Fri, 28 Mar 2003 18:39:17 -0000
    
    

    Peter,

    Markus Friedl makes a valid point; it is simpler than my first response.

    To make a function work in Privilege Separation mode, surround your original function with the macro PRIVSEP(), e.g. PRIVSEP(xxxx());

    In Privilege Separation mode the macro causes mm_xxxx(); to be executed, not xxxx();, you will also need a function mm_ans_xxxx(); to return the response from your code executed in the Privileged process.

    Look at other mm_ and mm_ans_ functions in monitor_wrap.c and monitor.c to get the idea of how to build your own functions.

    See how auth_password() is implemented, you'll find an mm_auth_password() function in monitor_wrap.c and an mm_ans_auth_password() in monitor.c. "grep" through the rest of the code to see usage of the PRIVSEP() macro.

    Regards,

    Chris Macneill
    Educated Guesswork Ltd.

    -----Original Message-----
    From: ¶«·½ ó»ÎÄ [mailto:phanix@hotmail.com]
    Sent: 28 March 2003 07:42
    To: secureshell@securityfocus.com
    Subject: PRIVSEP annoys me.

    I added a new authentication method to openssh called ICCAuthentication(IC
    card).
    When server receives SSH_CMSG_AUTH_ICC, it reads the rsa public key file in
    the user's home dir(e. g. /home/peter/.icc/authorized_key), gets the
    pubkey,
    generates an 32 8-bit long random number, encrypts it with the pubkey, and
    send
    it to the client as an challenge, just like RSAAuthentication. The client
    then
    decrypts the challenge with the private key in the user's IC card, and send
    a
    response to the server.

    Here is the auth_icc_prepare_key() function in my auth-icc.c.
    This function gets the pubkey in the ~/.icc/authorized_key file.

    int
    auth_icc_prepare_key(struct passwd *pw, Key **rkey)
    {
            char line[8192], file[MAXPATHLEN];
            u_char n_e[131];
            FILE *f;
            struct stat st;
            Key *key;

            /* Temporarily use the user's uid. */
            temporarily_use_uid(pw);

            /* The authorized key file. */
            snprintf( file, sizeof file, "%.500s/%.100s", pw->pw_dir,
                            _PATH_SSH_USER_ICC_PERMITTED_KEY );
            
            debug("trying public RSA key file %s", file);
            
            /* Fail quietly if file does not exist */
             /* If UsePriviledgeSeperation is yes, stat() always fails. */
            if (stat(file, &st) < 0) {
                    /* Restore the privileged uid. */
                    debug("Public key file does not exist.");
                    restore_uid();
                    return 0;
            }
            
            /* Open the file containing the authorized keys. */
            f = fopen(file, "r");
            if (!f) {
                    packet_send_debug("Could not open file %.900s
                                         for reading.",file);
                    packet_send_debug("If your home is on an NFS volume,
                                         it may need to be world-readable.");
                    /* Restore the privileged uid. */
                    restore_uid();
                    return 0;
            }

            if (options.strict_modes &&
                secure_filename(f, file, pw, line, sizeof(line)) != 0) {
                    fclose(f);
                    log("Authentication refused: %s", line);
                    restore_uid();
                    return 0;
            }

            key = key_new(KEY_RSA);

            /*
             * Get the public key from the file. If ok, perform a
             * challenge-response dialog to verify that the user has
             * the right IC card.
             */
            if( fread( n_e, 131, 1, f ) < 1 ) {
                    restore_uid();
                    packet_send_debug("Read file %.900s error.",file);
                    return 0;
            }
            key->rsa->n = BN_bin2bn( n_e, 128, NULL );
            key->rsa->e = BN_bin2bn( n_e+128, 3, NULL );
            
            /* Restore the privileged uid. */
            restore_uid();

            /* Close the file. */
            fclose(f);

            /* return key if allowed */
            if ( rkey != NULL ) {
                    *rkey = key;
                    return 1;
            } else {
                    key_free(key);
                    return 0;
            }
    }

    Everything is ok if in sshd_config: "UsePriviledgeSeperation no".
    If I set "UsePriviledgeSeperation" yes, the stat() in the function always
    returns <0, but the file does exists.
    I set the file as:
    /home/peter/.icc/authorized_key peter.peter rw-r--r--

    Why in privsep the sshd cannot access the file?
    Please help me.
    Thank you.

    xhtech. Beijing

    _________________________________________________________________
    享用世界上最大的电子邮件系统— MSN Hotmail。 http://www.hotmail.com

    ---
    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.463 / Virus Database: 262 - Release Date: 17/03/2003
     
    

  • Next message: Niels Provos: "Re: PRIVSEP annoys me."