tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-29 16:54:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

upstream: convert auth.c to new packet API

Browse Source 
with & ok markus@

OpenBSD-Commit-ID: 7e10359f614ff522b52a3f05eec576257794e8e4
This commit is contained in:
djm@openbsd.org 2019-01-19 21:41:18 +00:00 committed by Damien Miller
parent 7ec5cb4d15
commit 3a00a92159
7 changed files with 31 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
auth.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth.c,v 1.137 2019/01/19 21:37:48 djm Exp $ */ /* $OpenBSD: auth.c,v 1.138 2019/01/19 21:41:18 djm Exp $ */
/* /*
* Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2000 Markus Friedl. All rights reserved.
* *
@ -77,9 +77,6 @@
#include "compat.h" #include "compat.h"
#include "channels.h" #include "channels.h"
#include "opacket.h" /* XXX */
extern struct ssh *active_state; /* XXX */
/* import */ /* import */
extern ServerOptions options; extern ServerOptions options;
extern int use_privsep; extern int use_privsep;
@ -100,9 +97,8 @@ static struct sshbuf *auth_debug;
* Otherwise true is returned. * Otherwise true is returned.
*/ */
int int
allowed_user(struct passwd * pw) allowed_user(struct ssh *ssh, struct passwd * pw)
{ {
struct ssh *ssh = active_state; /* XXX */
struct stat st; struct stat st;
const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL; const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL;
u_int i; u_int i;
@ -312,10 +308,10 @@ format_method_key(Authctxt *authctxt)
} }
void void
auth_log(Authctxt *authctxt, int authenticated, int partial, auth_log(struct ssh *ssh, int authenticated, int partial,
const char *method, const char *submethod) const char *method, const char *submethod)
{ {
struct ssh *ssh = active_state; /* XXX */ Authctxt *authctxt = (Authctxt *)ssh->authctxt;
int level = SYSLOG_LEVEL_VERBOSE; int level = SYSLOG_LEVEL_VERBOSE;
const char *authmsg; const char *authmsg;
char *extra = NULL; char *extra = NULL;
@ -377,9 +373,9 @@ auth_log(Authctxt *authctxt, int authenticated, int partial,
void void
auth_maxtries_exceeded(Authctxt *authctxt) auth_maxtries_exceeded(struct ssh *ssh)
{ {
struct ssh *ssh = active_state; /* XXX */ Authctxt *authctxt = (Authctxt *)ssh->authctxt;
error("maximum authentication attempts exceeded for " error("maximum authentication attempts exceeded for "
"%s%.100s from %.200s port %d ssh2", "%s%.100s from %.200s port %d ssh2",
@ -387,7 +383,7 @@ auth_maxtries_exceeded(Authctxt *authctxt)
authctxt->user, authctxt->user,
ssh_remote_ipaddr(ssh), ssh_remote_ipaddr(ssh),
ssh_remote_port(ssh)); ssh_remote_port(ssh));
packet_disconnect("Too many authentication failures"); ssh_packet_disconnect(ssh, "Too many authentication failures");
/* NOTREACHED */ /* NOTREACHED */
} }
@ -562,9 +558,8 @@ auth_openprincipals(const char *file, struct passwd *pw, int strict_modes)
} }
struct passwd * struct passwd *
getpwnamallow(const char *user) getpwnamallow(struct ssh *ssh, const char *user)
{ {
struct ssh *ssh = active_state; /* XXX */
#ifdef HAVE_LOGIN_CAP #ifdef HAVE_LOGIN_CAP
extern login_cap_t *lc; extern login_cap_t *lc;
#ifdef BSD_AUTH #ifdef BSD_AUTH
@ -614,7 +609,7 @@ getpwnamallow(const char *user)
#endif /* SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */
return (NULL); return (NULL);
} }
if (!allowed_user(pw)) if (!allowed_user(ssh, pw))
return (NULL); return (NULL);
#ifdef HAVE_LOGIN_CAP #ifdef HAVE_LOGIN_CAP
if ((lc = login_getclass(pw->pw_class)) == NULL) { if ((lc = login_getclass(pw->pw_class)) == NULL) {
@ -693,9 +688,8 @@ auth_debug_add(const char *fmt,...)
} }
void void
auth_debug_send(void) auth_debug_send(struct ssh *ssh)
{ {
struct ssh *ssh = active_state; /* XXX */
char *msg; char *msg;
int r; int r;

12
auth.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth.h,v 1.97 2019/01/19 21:38:24 djm Exp $ */ /* $OpenBSD: auth.h,v 1.98 2019/01/19 21:41:18 djm Exp $ */
/* /*
* Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2000 Markus Friedl. All rights reserved.
@ -168,8 +168,8 @@ void remove_kbdint_device(const char *);
void do_authentication2(struct ssh *); void do_authentication2(struct ssh *);
void auth_log(Authctxt *, int, int, const char *, const char *); void auth_log(struct ssh *, int, int, const char *, const char *);
void auth_maxtries_exceeded(Authctxt *) __attribute__((noreturn)); void auth_maxtries_exceeded(struct ssh *) __attribute__((noreturn));
void userauth_finish(struct ssh *, int, const char *, const char *); void userauth_finish(struct ssh *, int, const char *, const char *);
int auth_root_allowed(struct ssh *, const char *); int auth_root_allowed(struct ssh *, const char *);
@ -186,8 +186,8 @@ void auth2_challenge_stop(struct ssh *);
int bsdauth_query(void *, char **, char **, u_int *, char ***, u_int **); int bsdauth_query(void *, char **, char **, u_int *, char ***, u_int **);
int bsdauth_respond(void *, u_int, char **); int bsdauth_respond(void *, u_int, char **);
int allowed_user(struct passwd *); int allowed_user(struct ssh *, struct passwd *);
struct passwd * getpwnamallow(const char *user); struct passwd * getpwnamallow(struct ssh *, const char *user);
char *expand_authorized_keys(const char *, struct passwd *pw); char *expand_authorized_keys(const char *, struct passwd *pw);
char *authorized_principals_file(struct passwd *); char *authorized_principals_file(struct passwd *);
@ -222,7 +222,7 @@ void auth_log_authopts(const char *, const struct sshauthopt *, int);
/* debug messages during authentication */ /* debug messages during authentication */
void auth_debug_add(const char *fmt,...) void auth_debug_add(const char *fmt,...)
__attribute__((format(printf, 1, 2))); __attribute__((format(printf, 1, 2)));
void auth_debug_send(void); void auth_debug_send(struct ssh *);
void auth_debug_reset(void); void auth_debug_reset(void);
struct passwd *fakepw(void); struct passwd *fakepw(void);

8
auth2.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2.c,v 1.153 2019/01/19 21:38:24 djm Exp $ */ /* $OpenBSD: auth2.c,v 1.154 2019/01/19 21:41:18 djm Exp $ */
/* /*
* Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2000 Markus Friedl. All rights reserved.
* *
@ -284,7 +284,7 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
if (authctxt->attempt++ == 0) { if (authctxt->attempt++ == 0) {
/* setup auth context */ /* setup auth context */
authctxt->pw = PRIVSEP(getpwnamallow(user)); authctxt->pw = PRIVSEP(getpwnamallow(ssh, user));
authctxt->user = xstrdup(user); authctxt->user = xstrdup(user);
if (authctxt->pw && strcmp(service, "ssh-connection")==0) { if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
authctxt->valid = 1; authctxt->valid = 1;
@ -381,7 +381,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method,
} }
/* Log before sending the reply */ /* Log before sending the reply */
auth_log(authctxt, authenticated, partial, method, submethod); auth_log(ssh, authenticated, partial, method, submethod);
/* Update information exposed to session */ /* Update information exposed to session */
if (authenticated || partial) if (authenticated || partial)
@ -429,7 +429,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method,
#ifdef SSH_AUDIT_EVENTS #ifdef SSH_AUDIT_EVENTS
PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES)); PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
#endif #endif
auth_maxtries_exceeded(authctxt); auth_maxtries_exceeded(ssh);
} }
methods = authmethods_get(authctxt); methods = authmethods_get(authctxt);
debug3("%s: failure partial=%d next methods=\"%s\"", __func__, debug3("%s: failure partial=%d next methods=\"%s\"", __func__,

8
monitor.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor.c,v 1.189 2019/01/19 21:31:32 djm Exp $ */ /* $OpenBSD: monitor.c,v 1.190 2019/01/19 21:41:18 djm Exp $ */
/* /*
* Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org> * Copyright 2002 Markus Friedl <markus@openbsd.org>
@ -338,7 +338,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
#endif #endif
} }
if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) { if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) {
auth_log(authctxt, authenticated, partial, auth_log(ssh, authenticated, partial,
auth_method, auth_submethod); auth_method, auth_submethod);
if (!partial && !authenticated) if (!partial && !authenticated)
authctxt->failures++; authctxt->failures++;
@ -729,7 +729,7 @@ mm_answer_pwnamallow(int sock, struct sshbuf *m)
if ((r = sshbuf_get_cstring(m, &username, NULL)) != 0) if ((r = sshbuf_get_cstring(m, &username, NULL)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r)); fatal("%s: buffer error: %s", __func__, ssh_err(r));
pwent = getpwnamallow(username); pwent = getpwnamallow(ssh, username);
authctxt->user = xstrdup(username); authctxt->user = xstrdup(username);
setproctitle("%s [priv]", pwent ? username : "unknown"); setproctitle("%s [priv]", pwent ? username : "unknown");
@ -1230,7 +1230,7 @@ mm_answer_keyallowed(int sock, struct sshbuf *m)
hostbased_chost = chost; hostbased_chost = chost;
} else { } else {
/* Log failed attempt */ /* Log failed attempt */
auth_log(authctxt, 0, 0, auth_method, NULL); auth_log(ssh, 0, 0, auth_method, NULL);
free(cuser); free(cuser);
free(chost); free(chost);
} }

5
monitor_wrap.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor_wrap.c,v 1.108 2019/01/19 21:31:32 djm Exp $ */ /* $OpenBSD: monitor_wrap.c,v 1.109 2019/01/19 21:41:18 djm Exp $ */
/* /*
* Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org> * Copyright 2002 Markus Friedl <markus@openbsd.org>
@ -251,9 +251,8 @@ mm_sshkey_sign(struct sshkey *key, u_char **sigp, size_t *lenp,
} }
struct passwd * struct passwd *
mm_getpwnamallow(const char *username) mm_getpwnamallow(struct ssh *ssh, const char *username)
{ {
struct ssh *ssh = active_state; /* XXX */
struct sshbuf *m; struct sshbuf *m;
struct passwd *pw; struct passwd *pw;
size_t len; size_t len;

5
monitor_wrap.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor_wrap.h,v 1.38 2018/07/11 18:53:29 markus Exp $ */ /* $OpenBSD: monitor_wrap.h,v 1.39 2019/01/19 21:41:18 djm Exp $ */
/* /*
* Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Niels Provos <provos@citi.umich.edu>
@ -33,6 +33,7 @@ extern int use_privsep;
enum mm_keytype { MM_NOKEY, MM_HOSTKEY, MM_USERKEY }; enum mm_keytype { MM_NOKEY, MM_HOSTKEY, MM_USERKEY };
struct ssh;
struct monitor; struct monitor;
struct Authctxt; struct Authctxt;
struct sshkey; struct sshkey;
@ -44,7 +45,7 @@ DH *mm_choose_dh(int, int, int);
int mm_sshkey_sign(struct sshkey *, u_char **, size_t *, const u_char *, size_t, int mm_sshkey_sign(struct sshkey *, u_char **, size_t *, const u_char *, size_t,
const char *, u_int compat); const char *, u_int compat);
void mm_inform_authserv(char *, char *); void mm_inform_authserv(char *, char *);
struct passwd *mm_getpwnamallow(const char *); struct passwd *mm_getpwnamallow(struct ssh *, const char *);
char *mm_auth2_read_banner(void); char *mm_auth2_read_banner(void);
int mm_auth_password(struct ssh *, char *); int mm_auth_password(struct ssh *, char *);
int mm_key_allowed(enum mm_keytype, const char *, const char *, struct sshkey *, int mm_key_allowed(enum mm_keytype, const char *, const char *, struct sshkey *,

4
session.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: session.c,v 1.310 2019/01/19 21:31:32 djm Exp $ */ /* $OpenBSD: session.c,v 1.311 2019/01/19 21:41:18 djm Exp $ */
/* /*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved * All rights reserved
@ -362,7 +362,7 @@ do_authenticated(struct ssh *ssh, Authctxt *authctxt)
else else
channel_permit_all(ssh, FORWARD_REMOTE); channel_permit_all(ssh, FORWARD_REMOTE);
} }
auth_debug_send(); auth_debug_send(ssh);
prepare_auth_info_file(authctxt->pw, authctxt->session_info); prepare_auth_info_file(authctxt->pw, authctxt->session_info);