Attachment #1026 for bug #1114




int
login_write(struct logininfo *li)
{
	if (!have_capability(geteuid(), SSH_WRITE_LOGIN_RECORDS)) {
	if (geteuid() != 0) {
		logit("Attempt to write login records by non-root user (aborting)");
		return (1);
	}
#endif

	/* set the timestamp */
	login_set_current_time(li);




add_local_forward(Options *options, const Forward *newfwd)
{
	Forward *fwd;
#ifndef NO_IPPORT_RESERVED_CONCEPT
	extern uid_t original_real_uid;

	if (newfwd->listen_port < IPPORT_RESERVED &&
	    !have_capability(original_real_uid, CAP_NET_BIND_SERVICE))
		fatal("Privileged ports can only be forwarded by root.");
#endif
	if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
		fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
	fwd = &options->local_forwards[options->num_local_forwards++];

Lines 1013-1023 server_input_global_request(int type, u_ Link Here

(-)serverloop.c (-5 / +3 lines)
1013		1013
1014	/* check permissions */	1014	/* check permissions */
1015	if (!options.allow_tcp_forwarding \|\|	1015	if (!options.allow_tcp_forwarding \|\|
1016	no_port_forwarding_flag	1016	no_port_forwarding_flag \|\|
1017	#ifndef NO_IPPORT_RESERVED_CONCEPT	1017	(listen_port < IPPORT_RESERVED &&
1018	\|\| (listen_port < IPPORT_RESERVED && pw->pw_uid != 0)	1018	!have_capability(pw->pw_uid, CAP_NET_BIND_SERVICE))) {
1019	#endif
1020	) {
1021	success = 0;	1019	success = 0;
1022	packet_send_debug("Server has disabled port forwarding.");	1020	packet_send_debug("Server has disabled port forwarding.");
1023	} else {	1021	} else {

Lines 241-247 do_authenticated1(Authctxt *authctxt) Link Here

(-)session.c (-5 / +8 lines)
241	{	241	{
242	Session *s;	242	Session *s;
243	char *command;	243	char *command;
244	int success, type, screen_flag;	244	int success, type, screen_flag, privileged;
245	int enable_compression_after_reply = 0;	245	int enable_compression_after_reply = 0;
246	u_int proto_len, data_len, dlen, compression_level = 0;	246	u_int proto_len, data_len, dlen, compression_level = 0;
247		247
Lines 330-337 do_authenticated1(Authctxt *authctxt) Link Here
330	debug("Port forwarding not permitted.");	330	debug("Port forwarding not permitted.");
331	break;	331	break;
332	}	332	}
		333	privileged = have_capability(s->pw->pw_uid,
		334	CAP_NET_BIND_SERVICE);
333	debug("Received TCP/IP port forwarding request.");	335	debug("Received TCP/IP port forwarding request.");
334	channel_input_port_forward_request(s->pw->pw_uid == 0, options.gateway_ports);	336	channel_input_port_forward_request(privileged, options.gateway_ports);
335	success = 1;	337	success = 1;
336	break;	338	break;
337		339
Lines 1035-1043 do_setup_env(Session s, const char she Link Here
1035	path = child_get_env(env, "PATH");	1037	path = child_get_env(env, "PATH");
1036	# endif /* HAVE_ETC_DEFAULT_LOGIN */	1038	# endif /* HAVE_ETC_DEFAULT_LOGIN */
1037	if (path == NULL \|\| *path == '\0') {	1039	if (path == NULL \|\| *path == '\0') {
1038	child_set_env(&env, &envsize, "PATH",	1040	path = have_capability(s->pw->pw_uid,
1039	s->pw->pw_uid == 0 ?	1041	SSH_PRIVILEGED_LOGIN) ? SUPERUSER_PATH :
1040	SUPERUSER_PATH : _PATH_STDPATH);	1042	_PATH_STDPATH;
		1043	child_set_env(&env, &envsize, "PATH", path);
1041	}	1044	}
1042	# endif /* HAVE_CYGWIN */	1045	# endif /* HAVE_CYGWIN */
1043	#endif /* HAVE_LOGIN_CAP */	1046	#endif /* HAVE_LOGIN_CAP */




	char *p, *cp, *line, buf[256];
	struct stat st;
	struct passwd *pw;
	int dummy, privileged_port;
	extern int optind, optreset;
	extern char *optarg;
	struct servent *sp;

	if (options.control_path != NULL)
		control_client(options.control_path);

	privileged_port = options.use_privileged_port &&
	    have_capability(original_effective_uid, CAP_NET_BIND_SERVICE);

	/* Open a connection to the remote host. */
	if (ssh_connect(host, &hostaddr, options.port,
	    options.address_family, options.connection_attempts,
	    privileged_port, options.proxy_command) != 0)
	    options.use_privileged_port,
#else
	    original_effective_uid == 0 && options.use_privileged_port,
#endif
	    options.proxy_command) != 0)
		exit(1);

	/*

Lines 617-623 privsep_preauth(Authctxt *authctxt) Link Here

(-)sshd.c (-1 / +2 lines)
617	close(pmonitor->m_sendfd);	617	close(pmonitor->m_sendfd);
618		618
619	/* Demote the child */	619	/* Demote the child */
620	if (getuid() == 0 \|\| geteuid() == 0)	620	if (have_capability(getuid(), CAP_SETUID) \|\|
		621	have_capability(geteuid(), CAP_SETUID))
621	privsep_preauth_child();	622	privsep_preauth_child();
622	setproctitle("%s", "[net]");	623	setproctitle("%s", "[net]");
623	}	624	}

Lines 18-24 LDFLAGS=-L. @LDFLAGS@ Link Here

(-)openbsd-compat/Makefile.in (-1 / +1 lines)
18		18
19	OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o	19	OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o
20		20
21	COMPAT=bsd-arc4random.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o	21	COMPAT=bsd-arc4random.o bsd-capability.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
22		22
23	PORTS=port-irix.o port-aix.o port-uw.o	23	PORTS=port-irix.o port-aix.o port-uw.o
24		24




/* $Id$ */

/*
 * Copyright (c) 2005 Darren Tucker.  All rights reserved.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include "includes.h"

int
have_capability(uid_t uid, int cap)
{
#ifdef NO_IPPORT_RESERVED_CONCEPT
	if (cap == CAP_NET_BIND_SERVICE)
		return 1;
#endif

#ifdef HAVE_CYGWIN
	if (cap == SSH_WRITE_LOGIN_RECORDS)
		return 1;
#endif

	if (uid == 0)
		return 1;
	return 0;
}




/* $Id$ */

/*
 * Copyright (c) 2005 Darren Tucker.  All rights reserved.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

/* POSIX Capabilities, if not defined */
#ifndef CAP_SETUID
# define CAP_SETUID			0x1001
#endif
#ifndef CAP_SETGID
# define CAP_SETGID			0x1002
#endif
#ifndef CAP_NET_BIND_SERVICE
# define CAP_NET_BIND_SERVICE		0x1003
#endif

/* SSH-specific capabilities */
#define SSH_WRITE_LOGIN_RECORDS		0x8001
#define SSH_PRIVILEGED_LOGIN		0x8002

int have_capability(uid_t, int);

Lines 172-177 char shadow_pw(struct passwd pw); Link Here

(-)openbsd-compat/openbsd-compat.h (+2 lines)
172	/* rfc2553 socket API replacements */	172	/* rfc2553 socket API replacements */
173	#include "fake-rfc2553.h"	173	#include "fake-rfc2553.h"
174		174
		175	#include "bsd-capability.h"
		176
175	/* Routines for a single OS platform */	177	/* Routines for a single OS platform */
176	#include "bsd-cray.h"	178	#include "bsd-cray.h"
177	#include "bsd-cygwin_util.h"	179	#include "bsd-cygwin_util.h"

Return to bug 1114

Lines 414-425 login_set_addr(struct logininfo *li, con Link Here

(-)loginrec.c (-3 / +1 lines)
414	int	414	int
415	login_write(struct logininfo *li)	415	login_write(struct logininfo *li)
416	{	416	{
417	#ifndef HAVE_CYGWIN	417	if (!have_capability(geteuid(), SSH_WRITE_LOGIN_RECORDS)) {
418	if (geteuid() != 0) {
419	logit("Attempt to write login records by non-root user (aborting)");	418	logit("Attempt to write login records by non-root user (aborting)");
420	return (1);	419	return (1);
421	}	420	}
422	#endif
423		421
424	/* set the timestamp */	422	/* set the timestamp */
425	login_set_current_time(li);	423	login_set_current_time(li);

Lines 210-220 void Link Here

(-)readconf.c (-3 / +3 lines)
210	add_local_forward(Options options, const Forward newfwd)	210	add_local_forward(Options options, const Forward newfwd)
211	{	211	{
212	Forward *fwd;	212	Forward *fwd;
213	#ifndef NO_IPPORT_RESERVED_CONCEPT
214	extern uid_t original_real_uid;	213	extern uid_t original_real_uid;
215	if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0)	214
		215	if (newfwd->listen_port < IPPORT_RESERVED &&
		216	!have_capability(original_real_uid, CAP_NET_BIND_SERVICE))
216	fatal("Privileged ports can only be forwarded by root.");	217	fatal("Privileged ports can only be forwarded by root.");
217	#endif
218	if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)	218	if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
219	fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);	219	fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
220	fwd = &options->local_forwards[options->num_local_forwards++];	220	fwd = &options->local_forwards[options->num_local_forwards++];

Lines 182-188 main(int ac, char **av) Link Here

(-)ssh.c (-7 / +5 lines)
182	char p, cp, *line, buf[256];	182	char p, cp, *line, buf[256];
183	struct stat st;	183	struct stat st;
184	struct passwd *pw;	184	struct passwd *pw;
185	int dummy;	185	int dummy, privileged_port;
186	extern int optind, optreset;	186	extern int optind, optreset;
187	extern char *optarg;	187	extern char *optarg;
188	struct servent *sp;	188	struct servent *sp;
Lines 636-650 again: Link Here
636	if (options.control_path != NULL)	636	if (options.control_path != NULL)
637	control_client(options.control_path);	637	control_client(options.control_path);
638		638
		639	privileged_port = options.use_privileged_port &&
		640	have_capability(original_effective_uid, CAP_NET_BIND_SERVICE);
		641
639	/* Open a connection to the remote host. */	642	/* Open a connection to the remote host. */
640	if (ssh_connect(host, &hostaddr, options.port,	643	if (ssh_connect(host, &hostaddr, options.port,
641	options.address_family, options.connection_attempts,	644	options.address_family, options.connection_attempts,
642	#ifdef HAVE_CYGWIN	645	privileged_port, options.proxy_command) != 0)
643	options.use_privileged_port,
644	#else
645	original_effective_uid == 0 && options.use_privileged_port,
646	#endif
647	options.proxy_command) != 0)
648	exit(1);	646	exit(1);
649		647
650	/*	648	/*

Added Link Here

(-)openbsd-compat/bsd-capability.c (+37 lines)
1	/* $Id$ */
2
3	/*
4	* Copyright (c) 2005 Darren Tucker. All rights reserved.
5	*
6	* Permission to use, copy, modify, and distribute this software for any
7	* purpose with or without fee is hereby granted, provided that the above
8	* copyright notice and this permission notice appear in all copies.
9	*
10	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17	*/
18
19	#include "includes.h"
20
21	int
22	have_capability(uid_t uid, int cap)
23	{
24	#ifdef NO_IPPORT_RESERVED_CONCEPT
25	if (cap == CAP_NET_BIND_SERVICE)
26	return 1;
27	#endif
28
29	#ifdef HAVE_CYGWIN
30	if (cap == SSH_WRITE_LOGIN_RECORDS)
31	return 1;
32	#endif
33
34	if (uid == 0)
35	return 1;
36	return 0;
37	}

Added Link Here

(-)openbsd-compat/bsd-capability.h (+34 lines)
1	/* $Id$ */
2
3	/*
4	* Copyright (c) 2005 Darren Tucker. All rights reserved.
5	*
6	* Permission to use, copy, modify, and distribute this software for any
7	* purpose with or without fee is hereby granted, provided that the above
8	* copyright notice and this permission notice appear in all copies.
9	*
10	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17	*/
18
19	/* POSIX Capabilities, if not defined */
20	#ifndef CAP_SETUID
21	# define CAP_SETUID 0x1001
22	#endif
23	#ifndef CAP_SETGID
24	# define CAP_SETGID 0x1002
25	#endif
26	#ifndef CAP_NET_BIND_SERVICE
27	# define CAP_NET_BIND_SERVICE 0x1003
28	#endif
29
30	/* SSH-specific capabilities */
31	#define SSH_WRITE_LOGIN_RECORDS 0x8001
32	#define SSH_PRIVILEGED_LOGIN 0x8002
33
34	int have_capability(uid_t, int);