summaryrefslogtreecommitdiff
path: root/auth.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2020-02-21 11:57:14 +0000
committerColin Watson <cjwatson@debian.org>2020-02-21 11:57:14 +0000
commitf0de78bd4f29fa688c5df116f3f9cd43543a76d0 (patch)
tree856b0dee3f2764c13a32dad5ffe2424fab7fef41 /auth.c
parent4213eec74e74de6310c27a40c3e9759a08a73996 (diff)
parent8aa3455b16fddea4c0144a7c4a1edb10ec67dcc8 (diff)
Import openssh_8.2p1.orig.tar.gz
Diffstat (limited to 'auth.c')
-rw-r--r--auth.c26
1 files changed, 14 insertions, 12 deletions
diff --git a/auth.c b/auth.c
index ca450f4e4..086b8ebb1 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth.c,v 1.141 2019/10/02 00:42:30 djm Exp $ */ 1/* $OpenBSD: auth.c,v 1.146 2020/01/31 22:42:45 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -79,6 +79,7 @@
79 79
80/* import */ 80/* import */
81extern ServerOptions options; 81extern ServerOptions options;
82extern struct include_list includes;
82extern int use_privsep; 83extern int use_privsep;
83extern struct sshbuf *loginmsg; 84extern struct sshbuf *loginmsg;
84extern struct passwd *privsep_pw; 85extern struct passwd *privsep_pw;
@@ -489,7 +490,7 @@ check_key_in_hostfiles(struct passwd *pw, struct sshkey *key, const char *host,
489 host_status = check_key_in_hostkeys(hostkeys, key, &found); 490 host_status = check_key_in_hostkeys(hostkeys, key, &found);
490 if (host_status == HOST_REVOKED) 491 if (host_status == HOST_REVOKED)
491 error("WARNING: revoked key for %s attempted authentication", 492 error("WARNING: revoked key for %s attempted authentication",
492 found->host); 493 host);
493 else if (host_status == HOST_OK) 494 else if (host_status == HOST_OK)
494 debug("%s: key for %s found at %s:%ld", __func__, 495 debug("%s: key for %s found at %s:%ld", __func__,
495 found->host, found->file, found->line); 496 found->host, found->file, found->line);
@@ -571,7 +572,7 @@ getpwnamallow(struct ssh *ssh, const char *user)
571 572
572 ci = get_connection_info(ssh, 1, options.use_dns); 573 ci = get_connection_info(ssh, 1, options.use_dns);
573 ci->user = user; 574 ci->user = user;
574 parse_server_match_config(&options, ci); 575 parse_server_match_config(&options, &includes, ci);
575 log_change_level(options.log_level); 576 log_change_level(options.log_level);
576 process_permitopen(ssh, &options); 577 process_permitopen(ssh, &options);
577 578
@@ -748,7 +749,7 @@ remote_hostname(struct ssh *ssh)
748 if (getpeername(ssh_packet_get_connection_in(ssh), 749 if (getpeername(ssh_packet_get_connection_in(ssh),
749 (struct sockaddr *)&from, &fromlen) == -1) { 750 (struct sockaddr *)&from, &fromlen) == -1) {
750 debug("getpeername failed: %.100s", strerror(errno)); 751 debug("getpeername failed: %.100s", strerror(errno));
751 return strdup(ntop); 752 return xstrdup(ntop);
752 } 753 }
753 754
754 ipv64_normalise_mapped(&from, &fromlen); 755 ipv64_normalise_mapped(&from, &fromlen);
@@ -760,7 +761,7 @@ remote_hostname(struct ssh *ssh)
760 if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), 761 if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
761 NULL, 0, NI_NAMEREQD) != 0) { 762 NULL, 0, NI_NAMEREQD) != 0) {
762 /* Host name not found. Use ip address. */ 763 /* Host name not found. Use ip address. */
763 return strdup(ntop); 764 return xstrdup(ntop);
764 } 765 }
765 766
766 /* 767 /*
@@ -775,7 +776,7 @@ remote_hostname(struct ssh *ssh)
775 logit("Nasty PTR record \"%s\" is set up for %s, ignoring", 776 logit("Nasty PTR record \"%s\" is set up for %s, ignoring",
776 name, ntop); 777 name, ntop);
777 freeaddrinfo(ai); 778 freeaddrinfo(ai);
778 return strdup(ntop); 779 return xstrdup(ntop);
779 } 780 }
780 781
781 /* Names are stored in lowercase. */ 782 /* Names are stored in lowercase. */
@@ -796,7 +797,7 @@ remote_hostname(struct ssh *ssh)
796 if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { 797 if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {
797 logit("reverse mapping checking getaddrinfo for %.700s " 798 logit("reverse mapping checking getaddrinfo for %.700s "
798 "[%s] failed.", name, ntop); 799 "[%s] failed.", name, ntop);
799 return strdup(ntop); 800 return xstrdup(ntop);
800 } 801 }
801 /* Look for the address from the list of addresses. */ 802 /* Look for the address from the list of addresses. */
802 for (ai = aitop; ai; ai = ai->ai_next) { 803 for (ai = aitop; ai; ai = ai->ai_next) {
@@ -811,9 +812,9 @@ remote_hostname(struct ssh *ssh)
811 /* Address not found for the host name. */ 812 /* Address not found for the host name. */
812 logit("Address %.100s maps to %.600s, but this does not " 813 logit("Address %.100s maps to %.600s, but this does not "
813 "map back to the address.", ntop, name); 814 "map back to the address.", ntop, name);
814 return strdup(ntop); 815 return xstrdup(ntop);
815 } 816 }
816 return strdup(name); 817 return xstrdup(name);
817} 818}
818 819
819/* 820/*
@@ -921,7 +922,7 @@ subprocess(const char *tag, struct passwd *pw, const char *command,
921 child_set_env(&child_env, &envsize, "LANG", cp); 922 child_set_env(&child_env, &envsize, "LANG", cp);
922 923
923 for (i = 0; i < NSIG; i++) 924 for (i = 0; i < NSIG; i++)
924 signal(i, SIG_DFL); 925 ssh_signal(i, SIG_DFL);
925 926
926 if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) { 927 if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
927 error("%s: open %s: %s", tag, _PATH_DEVNULL, 928 error("%s: open %s: %s", tag, _PATH_DEVNULL,
@@ -1005,7 +1006,7 @@ auth_log_authopts(const char *loc, const struct sshauthopt *opts, int do_remote)
1005 1006
1006 snprintf(buf, sizeof(buf), "%d", opts->force_tun_device); 1007 snprintf(buf, sizeof(buf), "%d", opts->force_tun_device);
1007 /* Try to keep this alphabetically sorted */ 1008 /* Try to keep this alphabetically sorted */
1008 snprintf(msg, sizeof(msg), "key options:%s%s%s%s%s%s%s%s%s%s%s%s%s", 1009 snprintf(msg, sizeof(msg), "key options:%s%s%s%s%s%s%s%s%s%s%s%s%s%s",
1009 opts->permit_agent_forwarding_flag ? " agent-forwarding" : "", 1010 opts->permit_agent_forwarding_flag ? " agent-forwarding" : "",
1010 opts->force_command == NULL ? "" : " command", 1011 opts->force_command == NULL ? "" : " command",
1011 do_env ? " environment" : "", 1012 do_env ? " environment" : "",
@@ -1018,7 +1019,8 @@ auth_log_authopts(const char *loc, const struct sshauthopt *opts, int do_remote)
1018 opts->force_tun_device == -1 ? "" : " tun=", 1019 opts->force_tun_device == -1 ? "" : " tun=",
1019 opts->force_tun_device == -1 ? "" : buf, 1020 opts->force_tun_device == -1 ? "" : buf,
1020 opts->permit_user_rc ? " user-rc" : "", 1021 opts->permit_user_rc ? " user-rc" : "",
1021 opts->permit_x11_forwarding_flag ? " x11-forwarding" : ""); 1022 opts->permit_x11_forwarding_flag ? " x11-forwarding" : "",
1023 opts->no_require_user_presence ? " no-touch-required" : "");
1022 1024
1023 debug("%s: %s", loc, msg); 1025 debug("%s: %s", loc, msg);
1024 if (do_remote) 1026 if (do_remote)