diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2015-05-01 03:23:51 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2015-05-10 11:54:10 +1000 |
| commit | 179be0f5e62f1f492462571944e45a3da660d82b (patch) | |
| tree | 354cf8effdfb0db2f3f1573bc01544a54eb8cec0 /monitor_wrap.c | |
| parent | a42d67be65b719a430b7fcaba2a4e4118382723a (diff) | |
upstream commit
prevent authorized_keys options picked up on public key
tests without a corresponding private key authentication being applied to
other authentication methods. Reported by halex@, ok markus@
Diffstat (limited to 'monitor_wrap.c')
| -rw-r--r-- | monitor_wrap.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/monitor_wrap.c b/monitor_wrap.c index d39d491c2..e6217b3d4 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: monitor_wrap.c,v 1.84 2015/02/16 22:13:32 djm Exp $ */ | 1 | /* $OpenBSD: monitor_wrap.c,v 1.85 2015/05/01 03:23:51 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
| 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
| @@ -371,16 +371,17 @@ mm_auth_password(Authctxt *authctxt, char *password) | |||
| 371 | } | 371 | } |
| 372 | 372 | ||
| 373 | int | 373 | int |
| 374 | mm_user_key_allowed(struct passwd *pw, Key *key) | 374 | mm_user_key_allowed(struct passwd *pw, Key *key, int pubkey_auth_attempt) |
| 375 | { | 375 | { |
| 376 | return (mm_key_allowed(MM_USERKEY, NULL, NULL, key)); | 376 | return (mm_key_allowed(MM_USERKEY, NULL, NULL, key, |
| 377 | pubkey_auth_attempt)); | ||
| 377 | } | 378 | } |
| 378 | 379 | ||
| 379 | int | 380 | int |
| 380 | mm_hostbased_key_allowed(struct passwd *pw, char *user, char *host, | 381 | mm_hostbased_key_allowed(struct passwd *pw, char *user, char *host, |
| 381 | Key *key) | 382 | Key *key) |
| 382 | { | 383 | { |
| 383 | return (mm_key_allowed(MM_HOSTKEY, user, host, key)); | 384 | return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0)); |
| 384 | } | 385 | } |
| 385 | 386 | ||
| 386 | int | 387 | int |
| @@ -390,13 +391,14 @@ mm_auth_rhosts_rsa_key_allowed(struct passwd *pw, char *user, | |||
| 390 | int ret; | 391 | int ret; |
| 391 | 392 | ||
| 392 | key->type = KEY_RSA; /* XXX hack for key_to_blob */ | 393 | key->type = KEY_RSA; /* XXX hack for key_to_blob */ |
| 393 | ret = mm_key_allowed(MM_RSAHOSTKEY, user, host, key); | 394 | ret = mm_key_allowed(MM_RSAHOSTKEY, user, host, key, 0); |
| 394 | key->type = KEY_RSA1; | 395 | key->type = KEY_RSA1; |
| 395 | return (ret); | 396 | return (ret); |
| 396 | } | 397 | } |
| 397 | 398 | ||
| 398 | int | 399 | int |
| 399 | mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key) | 400 | mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key, |
| 401 | int pubkey_auth_attempt) | ||
| 400 | { | 402 | { |
| 401 | Buffer m; | 403 | Buffer m; |
| 402 | u_char *blob; | 404 | u_char *blob; |
| @@ -414,6 +416,7 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key) | |||
| 414 | buffer_put_cstring(&m, user ? user : ""); | 416 | buffer_put_cstring(&m, user ? user : ""); |
| 415 | buffer_put_cstring(&m, host ? host : ""); | 417 | buffer_put_cstring(&m, host ? host : ""); |
| 416 | buffer_put_string(&m, blob, len); | 418 | buffer_put_string(&m, blob, len); |
| 419 | buffer_put_int(&m, pubkey_auth_attempt); | ||
| 417 | free(blob); | 420 | free(blob); |
| 418 | 421 | ||
| 419 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m); | 422 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m); |