- djm@cvs.openbsd.org 2003/11/04 08:54:09
[auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c] [auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c] [session.c] standardise arguments to auth methods - they should all take authctxt. check authctxt->valid rather then pw != NULL; ok markus@
This commit is contained in:
parent
8f746ec970
commit
3e3b5145e5
|
@ -10,6 +10,12 @@
|
|||
- jakob@cvs.openbsd.org 2003/11/03 09:37:32
|
||||
[sshconnect.c]
|
||||
do not free static type pointer in warn_changed_key()
|
||||
- djm@cvs.openbsd.org 2003/11/04 08:54:09
|
||||
[auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c]
|
||||
[auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c]
|
||||
[session.c]
|
||||
standardise arguments to auth methods - they should all take authctxt.
|
||||
check authctxt->valid rather then pw != NULL; ok markus@
|
||||
|
||||
20031115
|
||||
- (dtucker) [regress/agent-ptrace.sh] Test for GDB output from Solaris and
|
||||
|
@ -1430,4 +1436,4 @@
|
|||
- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
|
||||
Report from murple@murple.net, diagnosis from dtucker@zip.com.au
|
||||
|
||||
$Id: ChangeLog,v 1.3100 2003/11/17 10:11:15 djm Exp $
|
||||
$Id: ChangeLog,v 1.3101 2003/11/17 10:13:40 djm Exp $
|
||||
|
|
|
@ -28,7 +28,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth-krb5.c,v 1.13 2003/09/23 20:17:11 markus Exp $");
|
||||
RCSID("$OpenBSD: auth-krb5.c,v 1.14 2003/11/04 08:54:09 djm Exp $");
|
||||
|
||||
#include "ssh.h"
|
||||
#include "ssh1.h"
|
||||
|
@ -72,7 +72,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
|
|||
krb5_error_code problem;
|
||||
krb5_ccache ccache = NULL;
|
||||
|
||||
if (authctxt->pw == NULL)
|
||||
if (!authctxt->valid)
|
||||
return (0);
|
||||
|
||||
temporarily_use_uid(authctxt->pw);
|
||||
|
|
|
@ -36,7 +36,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth-passwd.c,v 1.29 2003/08/26 09:58:43 markus Exp $");
|
||||
RCSID("$OpenBSD: auth-passwd.c,v 1.30 2003/11/04 08:54:09 djm Exp $");
|
||||
|
||||
#include "packet.h"
|
||||
#include "log.h"
|
||||
|
@ -60,11 +60,8 @@ auth_password(Authctxt *authctxt, const char *password)
|
|||
struct passwd * pw = authctxt->pw;
|
||||
int ok = authctxt->valid;
|
||||
|
||||
/* deny if no user. */
|
||||
if (pw == NULL)
|
||||
return 0;
|
||||
#ifndef HAVE_CYGWIN
|
||||
if (pw && pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
|
||||
if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
|
||||
ok = 0;
|
||||
#endif
|
||||
if (*password == '\0' && options.permit_empty_passwd == 0)
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth-rh-rsa.c,v 1.36 2003/06/02 09:17:34 markus Exp $");
|
||||
RCSID("$OpenBSD: auth-rh-rsa.c,v 1.37 2003/11/04 08:54:09 djm Exp $");
|
||||
|
||||
#include "packet.h"
|
||||
#include "uidswap.h"
|
||||
|
@ -52,14 +52,15 @@ auth_rhosts_rsa_key_allowed(struct passwd *pw, char *cuser, char *chost,
|
|||
* its host key. Returns true if authentication succeeds.
|
||||
*/
|
||||
int
|
||||
auth_rhosts_rsa(struct passwd *pw, char *cuser, Key *client_host_key)
|
||||
auth_rhosts_rsa(Authctxt *authctxt, char *cuser, Key *client_host_key)
|
||||
{
|
||||
char *chost;
|
||||
struct passwd *pw = authctxt->pw;
|
||||
|
||||
debug("Trying rhosts with RSA host authentication for client user %.100s",
|
||||
cuser);
|
||||
|
||||
if (pw == NULL || client_host_key == NULL ||
|
||||
if (!authctxt->valid || client_host_key == NULL ||
|
||||
client_host_key->rsa == NULL)
|
||||
return 0;
|
||||
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth-rhosts.c,v 1.31 2003/06/02 09:17:34 markus Exp $");
|
||||
RCSID("$OpenBSD: auth-rhosts.c,v 1.32 2003/11/04 08:54:09 djm Exp $");
|
||||
|
||||
#include "packet.h"
|
||||
#include "uidswap.h"
|
||||
|
@ -173,10 +173,6 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam
|
|||
debug2("auth_rhosts2: clientuser %s hostname %s ipaddr %s",
|
||||
client_user, hostname, ipaddr);
|
||||
|
||||
/* no user given */
|
||||
if (pw == NULL)
|
||||
return 0;
|
||||
|
||||
/* Switch to the user's uid. */
|
||||
temporarily_use_uid(pw);
|
||||
/*
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth-rsa.c,v 1.57 2003/04/08 20:21:28 itojun Exp $");
|
||||
RCSID("$OpenBSD: auth-rsa.c,v 1.58 2003/11/04 08:54:09 djm Exp $");
|
||||
|
||||
#include <openssl/rsa.h>
|
||||
#include <openssl/md5.h>
|
||||
|
@ -284,13 +284,14 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
|
|||
* successful. This may exit if there is a serious protocol violation.
|
||||
*/
|
||||
int
|
||||
auth_rsa(struct passwd *pw, BIGNUM *client_n)
|
||||
auth_rsa(Authctxt *authctxt, BIGNUM *client_n)
|
||||
{
|
||||
Key *key;
|
||||
char *fp;
|
||||
struct passwd *pw = authctxt->pw;
|
||||
|
||||
/* no user given */
|
||||
if (pw == NULL)
|
||||
if (!authctxt->valid)
|
||||
return 0;
|
||||
|
||||
if (!PRIVSEP(auth_rsa_key_allowed(pw, client_n, &key))) {
|
||||
|
|
6
auth.h
6
auth.h
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth.h,v 1.47 2003/09/23 20:17:11 markus Exp $ */
|
||||
/* $OpenBSD: auth.h,v 1.48 2003/11/04 08:54:09 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
|
@ -102,9 +102,9 @@ int auth_rhosts(struct passwd *, const char *);
|
|||
int
|
||||
auth_rhosts2(struct passwd *, const char *, const char *, const char *);
|
||||
|
||||
int auth_rhosts_rsa(struct passwd *, char *, Key *);
|
||||
int auth_rhosts_rsa(Authctxt *, char *, Key *);
|
||||
int auth_password(Authctxt *, const char *);
|
||||
int auth_rsa(struct passwd *, BIGNUM *);
|
||||
int auth_rsa(Authctxt *, BIGNUM *);
|
||||
int auth_rsa_challenge_dialog(Key *);
|
||||
BIGNUM *auth_rsa_generate_challenge(Key *);
|
||||
int auth_rsa_verify_response(Key *, BIGNUM *, u_char[]);
|
||||
|
|
6
auth1.c
6
auth1.c
|
@ -10,7 +10,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth1.c,v 1.53 2003/09/23 20:17:11 markus Exp $");
|
||||
RCSID("$OpenBSD: auth1.c,v 1.54 2003/11/04 08:54:09 djm Exp $");
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "rsa.h"
|
||||
|
@ -139,7 +139,7 @@ do_authloop(Authctxt *authctxt)
|
|||
BN_num_bits(client_host_key->rsa->n), bits);
|
||||
packet_check_eom();
|
||||
|
||||
authenticated = auth_rhosts_rsa(pw, client_user,
|
||||
authenticated = auth_rhosts_rsa(authctxt, client_user,
|
||||
client_host_key);
|
||||
key_free(client_host_key);
|
||||
|
||||
|
@ -156,7 +156,7 @@ do_authloop(Authctxt *authctxt)
|
|||
fatal("do_authloop: BN_new failed");
|
||||
packet_get_bignum(n);
|
||||
packet_check_eom();
|
||||
authenticated = auth_rsa(pw, n);
|
||||
authenticated = auth_rsa(authctxt, n);
|
||||
BN_clear_free(n);
|
||||
break;
|
||||
|
||||
|
|
|
@ -23,7 +23,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth2-pubkey.c,v 1.4 2003/06/24 08:23:46 markus Exp $");
|
||||
RCSID("$OpenBSD: auth2-pubkey.c,v 1.5 2003/11/04 08:54:09 djm Exp $");
|
||||
|
||||
#include "ssh2.h"
|
||||
#include "xmalloc.h"
|
||||
|
@ -175,9 +175,6 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file)
|
|||
Key *found;
|
||||
char *fp;
|
||||
|
||||
if (pw == NULL)
|
||||
return 0;
|
||||
|
||||
/* Temporarily use the user's uid. */
|
||||
temporarily_use_uid(pw);
|
||||
|
||||
|
|
3
auth2.c
3
auth2.c
|
@ -23,7 +23,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth2.c,v 1.103 2003/09/23 20:17:11 markus Exp $");
|
||||
RCSID("$OpenBSD: auth2.c,v 1.104 2003/11/04 08:54:09 djm Exp $");
|
||||
|
||||
#include "ssh2.h"
|
||||
#include "xmalloc.h"
|
||||
|
@ -77,7 +77,6 @@ static void input_userauth_request(int, u_int32_t, void *);
|
|||
static Authmethod *authmethod_lookup(const char *);
|
||||
static char *authmethods_get(void);
|
||||
int user_key_allowed(struct passwd *, Key *);
|
||||
int hostbased_key_allowed(struct passwd *, const char *, char *, Key *);
|
||||
|
||||
/*
|
||||
* loop until authctxt->success == TRUE
|
||||
|
|
|
@ -25,7 +25,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: monitor.c,v 1.50 2003/09/23 20:17:11 markus Exp $");
|
||||
RCSID("$OpenBSD: monitor.c,v 1.51 2003/11/04 08:54:09 djm Exp $");
|
||||
|
||||
#include <openssl/dh.h>
|
||||
|
||||
|
@ -946,7 +946,7 @@ mm_answer_keyallowed(int socket, Buffer *m)
|
|||
|
||||
debug3("%s: key_from_blob: %p", __func__, key);
|
||||
|
||||
if (key != NULL && authctxt->pw != NULL) {
|
||||
if (key != NULL && authctxt->valid) {
|
||||
switch(type) {
|
||||
case MM_USERKEY:
|
||||
allowed = options.pubkey_authentication &&
|
||||
|
|
|
@ -35,7 +35,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: serverloop.c,v 1.111 2003/09/23 20:17:11 markus Exp $");
|
||||
RCSID("$OpenBSD: serverloop.c,v 1.112 2003/11/04 08:54:09 djm Exp $");
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "packet.h"
|
||||
|
@ -973,8 +973,8 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
|
|||
u_short listen_port;
|
||||
|
||||
pw = the_authctxt->pw;
|
||||
if (pw == NULL)
|
||||
fatal("server_input_global_request: no user");
|
||||
if (pw == NULL || !the_authctxt->pw)
|
||||
fatal("server_input_global_request: no/invalid user");
|
||||
listen_address = packet_get_string(NULL);
|
||||
listen_port = (u_short)packet_get_int();
|
||||
debug("server_input_global_request: tcpip-forward listen %s port %d",
|
||||
|
|
|
@ -33,7 +33,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: session.c,v 1.166 2003/10/14 19:54:39 markus Exp $");
|
||||
RCSID("$OpenBSD: session.c,v 1.167 2003/11/04 08:54:09 djm Exp $");
|
||||
|
||||
#include "ssh.h"
|
||||
#include "ssh1.h"
|
||||
|
@ -1532,7 +1532,7 @@ session_open(Authctxt *authctxt, int chanid)
|
|||
}
|
||||
s->authctxt = authctxt;
|
||||
s->pw = authctxt->pw;
|
||||
if (s->pw == NULL)
|
||||
if (s->pw == NULL || !authctxt->valid)
|
||||
fatal("no user for session %d", s->self);
|
||||
debug("session_open: session %d: link with channel %d", s->self, chanid);
|
||||
s->chanid = chanid;
|
||||
|
|
Loading…
Reference in New Issue