From 9d0c06667eb4ca616ffa690e88b9dd7c438e3103 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Sat, 9 Jun 2001 01:40:00 +0000 Subject: [PATCH] - markus@cvs.openbsd.org 2001/06/07 19:57:53 [auth2.c] style is used for bsdauth. disconnect on user/service change (ietf-drafts) --- ChangeLog | 6 +++++- auth2.c | 16 +++++++--------- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index a7d071eee..a00010ee0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -62,6 +62,10 @@ - markus@cvs.openbsd.org 2001/06/06 23:19:35 [ssh-add.c] remove debug message; Darren.Moffat@eng.sun.com + - markus@cvs.openbsd.org 2001/06/07 19:57:53 + [auth2.c] + style is used for bsdauth. + disconnect on user/service change (ietf-drafts) 20010606 - OpenBSD CVS Sync @@ -5573,4 +5577,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1265 2001/06/09 01:38:24 mouring Exp $ +$Id: ChangeLog,v 1.1266 2001/06/09 01:40:00 mouring Exp $ diff --git a/auth2.c b/auth2.c index 0b4df9cda..554ca4c10 100644 --- a/auth2.c +++ b/auth2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2.c,v 1.61 2001/05/31 10:30:12 markus Exp $"); +RCSID("$OpenBSD: auth2.c,v 1.62 2001/06/07 19:57:53 markus Exp $"); #include @@ -219,14 +219,12 @@ input_userauth_request(int type, int plen, void *ctxt) setproctitle("%s", pw ? user : "unknown"); authctxt->user = xstrdup(user); authctxt->service = xstrdup(service); - authctxt->style = style ? xstrdup(style) : NULL; /* currently unused */ - } else if (authctxt->valid) { - if (strcmp(user, authctxt->user) != 0 || - strcmp(service, authctxt->service) != 0) { - log("input_userauth_request: mismatch: (%s,%s)!=(%s,%s)", - user, service, authctxt->user, authctxt->service); - authctxt->valid = 0; - } + authctxt->style = style ? xstrdup(style) : NULL; + } else if (strcmp(user, authctxt->user) != 0 || + strcmp(service, authctxt->service) != 0) { + packet_disconnect("Change of username or service not allowed: " + "(%s,%s) -> (%s,%s)", + authctxt->user, authctxt->service, user, service); } /* reset state */ dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, &protocol_error);