summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog8
-rw-r--r--auth-krb5.c4
-rw-r--r--auth-passwd.c7
-rw-r--r--auth-rh-rsa.c7
-rw-r--r--auth-rhosts.c6
-rw-r--r--auth-rsa.c7
-rw-r--r--auth.h6
-rw-r--r--auth1.c6
-rw-r--r--auth2-pubkey.c5
-rw-r--r--auth2.c3
-rw-r--r--monitor.c4
-rw-r--r--serverloop.c6
-rw-r--r--session.c4
13 files changed, 35 insertions, 38 deletions
diff --git a/ChangeLog b/ChangeLog
index 86f4bffe8..eb617187a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,12 @@
10 - jakob@cvs.openbsd.org 2003/11/03 09:37:32 10 - jakob@cvs.openbsd.org 2003/11/03 09:37:32
11 [sshconnect.c] 11 [sshconnect.c]
12 do not free static type pointer in warn_changed_key() 12 do not free static type pointer in warn_changed_key()
13 - djm@cvs.openbsd.org 2003/11/04 08:54:09
14 [auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c]
15 [auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c]
16 [session.c]
17 standardise arguments to auth methods - they should all take authctxt.
18 check authctxt->valid rather then pw != NULL; ok markus@
13 19
1420031115 2020031115
15 - (dtucker) [regress/agent-ptrace.sh] Test for GDB output from Solaris and 21 - (dtucker) [regress/agent-ptrace.sh] Test for GDB output from Solaris and
@@ -1430,4 +1436,4 @@
1430 - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. 1436 - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
1431 Report from murple@murple.net, diagnosis from dtucker@zip.com.au 1437 Report from murple@murple.net, diagnosis from dtucker@zip.com.au
1432 1438
1433$Id: ChangeLog,v 1.3100 2003/11/17 10:11:15 djm Exp $ 1439$Id: ChangeLog,v 1.3101 2003/11/17 10:13:40 djm Exp $
diff --git a/auth-krb5.c b/auth-krb5.c
index e31f2eb0e..101e53bca 100644
--- a/auth-krb5.c
+++ b/auth-krb5.c
@@ -28,7 +28,7 @@
28 */ 28 */
29 29
30#include "includes.h" 30#include "includes.h"
31RCSID("$OpenBSD: auth-krb5.c,v 1.13 2003/09/23 20:17:11 markus Exp $"); 31RCSID("$OpenBSD: auth-krb5.c,v 1.14 2003/11/04 08:54:09 djm Exp $");
32 32
33#include "ssh.h" 33#include "ssh.h"
34#include "ssh1.h" 34#include "ssh1.h"
@@ -72,7 +72,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
72 krb5_error_code problem; 72 krb5_error_code problem;
73 krb5_ccache ccache = NULL; 73 krb5_ccache ccache = NULL;
74 74
75 if (authctxt->pw == NULL) 75 if (!authctxt->valid)
76 return (0); 76 return (0);
77 77
78 temporarily_use_uid(authctxt->pw); 78 temporarily_use_uid(authctxt->pw);
diff --git a/auth-passwd.c b/auth-passwd.c
index 971c7ba19..b7e275556 100644
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -36,7 +36,7 @@
36 */ 36 */
37 37
38#include "includes.h" 38#include "includes.h"
39RCSID("$OpenBSD: auth-passwd.c,v 1.29 2003/08/26 09:58:43 markus Exp $"); 39RCSID("$OpenBSD: auth-passwd.c,v 1.30 2003/11/04 08:54:09 djm Exp $");
40 40
41#include "packet.h" 41#include "packet.h"
42#include "log.h" 42#include "log.h"
@@ -60,11 +60,8 @@ auth_password(Authctxt *authctxt, const char *password)
60 struct passwd * pw = authctxt->pw; 60 struct passwd * pw = authctxt->pw;
61 int ok = authctxt->valid; 61 int ok = authctxt->valid;
62 62
63 /* deny if no user. */
64 if (pw == NULL)
65 return 0;
66#ifndef HAVE_CYGWIN 63#ifndef HAVE_CYGWIN
67 if (pw && pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) 64 if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
68 ok = 0; 65 ok = 0;
69#endif 66#endif
70 if (*password == '\0' && options.permit_empty_passwd == 0) 67 if (*password == '\0' && options.permit_empty_passwd == 0)
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c
index 2eb7e6e2d..29eb538ec 100644
--- a/auth-rh-rsa.c
+++ b/auth-rh-rsa.c
@@ -13,7 +13,7 @@
13 */ 13 */
14 14
15#include "includes.h" 15#include "includes.h"
16RCSID("$OpenBSD: auth-rh-rsa.c,v 1.36 2003/06/02 09:17:34 markus Exp $"); 16RCSID("$OpenBSD: auth-rh-rsa.c,v 1.37 2003/11/04 08:54:09 djm Exp $");
17 17
18#include "packet.h" 18#include "packet.h"
19#include "uidswap.h" 19#include "uidswap.h"
@@ -52,14 +52,15 @@ auth_rhosts_rsa_key_allowed(struct passwd *pw, char *cuser, char *chost,
52 * its host key. Returns true if authentication succeeds. 52 * its host key. Returns true if authentication succeeds.
53 */ 53 */
54int 54int
55auth_rhosts_rsa(struct passwd *pw, char *cuser, Key *client_host_key) 55auth_rhosts_rsa(Authctxt *authctxt, char *cuser, Key *client_host_key)
56{ 56{
57 char *chost; 57 char *chost;
58 struct passwd *pw = authctxt->pw;
58 59
59 debug("Trying rhosts with RSA host authentication for client user %.100s", 60 debug("Trying rhosts with RSA host authentication for client user %.100s",
60 cuser); 61 cuser);
61 62
62 if (pw == NULL || client_host_key == NULL || 63 if (!authctxt->valid || client_host_key == NULL ||
63 client_host_key->rsa == NULL) 64 client_host_key->rsa == NULL)
64 return 0; 65 return 0;
65 66
diff --git a/auth-rhosts.c b/auth-rhosts.c
index b42a64c90..585246e82 100644
--- a/auth-rhosts.c
+++ b/auth-rhosts.c
@@ -14,7 +14,7 @@
14 */ 14 */
15 15
16#include "includes.h" 16#include "includes.h"
17RCSID("$OpenBSD: auth-rhosts.c,v 1.31 2003/06/02 09:17:34 markus Exp $"); 17RCSID("$OpenBSD: auth-rhosts.c,v 1.32 2003/11/04 08:54:09 djm Exp $");
18 18
19#include "packet.h" 19#include "packet.h"
20#include "uidswap.h" 20#include "uidswap.h"
@@ -173,10 +173,6 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam
173 debug2("auth_rhosts2: clientuser %s hostname %s ipaddr %s", 173 debug2("auth_rhosts2: clientuser %s hostname %s ipaddr %s",
174 client_user, hostname, ipaddr); 174 client_user, hostname, ipaddr);
175 175
176 /* no user given */
177 if (pw == NULL)
178 return 0;
179
180 /* Switch to the user's uid. */ 176 /* Switch to the user's uid. */
181 temporarily_use_uid(pw); 177 temporarily_use_uid(pw);
182 /* 178 /*
diff --git a/auth-rsa.c b/auth-rsa.c
index 5631d238c..2f0746b30 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -14,7 +14,7 @@
14 */ 14 */
15 15
16#include "includes.h" 16#include "includes.h"
17RCSID("$OpenBSD: auth-rsa.c,v 1.57 2003/04/08 20:21:28 itojun Exp $"); 17RCSID("$OpenBSD: auth-rsa.c,v 1.58 2003/11/04 08:54:09 djm Exp $");
18 18
19#include <openssl/rsa.h> 19#include <openssl/rsa.h>
20#include <openssl/md5.h> 20#include <openssl/md5.h>
@@ -284,13 +284,14 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
284 * successful. This may exit if there is a serious protocol violation. 284 * successful. This may exit if there is a serious protocol violation.
285 */ 285 */
286int 286int
287auth_rsa(struct passwd *pw, BIGNUM *client_n) 287auth_rsa(Authctxt *authctxt, BIGNUM *client_n)
288{ 288{
289 Key *key; 289 Key *key;
290 char *fp; 290 char *fp;
291 struct passwd *pw = authctxt->pw;
291 292
292 /* no user given */ 293 /* no user given */
293 if (pw == NULL) 294 if (!authctxt->valid)
294 return 0; 295 return 0;
295 296
296 if (!PRIVSEP(auth_rsa_key_allowed(pw, client_n, &key))) { 297 if (!PRIVSEP(auth_rsa_key_allowed(pw, client_n, &key))) {
diff --git a/auth.h b/auth.h
index b081bb5cb..34afdb492 100644
--- a/auth.h
+++ b/auth.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth.h,v 1.47 2003/09/23 20:17:11 markus Exp $ */ 1/* $OpenBSD: auth.h,v 1.48 2003/11/04 08:54:09 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -102,9 +102,9 @@ int auth_rhosts(struct passwd *, const char *);
102int 102int
103auth_rhosts2(struct passwd *, const char *, const char *, const char *); 103auth_rhosts2(struct passwd *, const char *, const char *, const char *);
104 104
105int auth_rhosts_rsa(struct passwd *, char *, Key *); 105int auth_rhosts_rsa(Authctxt *, char *, Key *);
106int auth_password(Authctxt *, const char *); 106int auth_password(Authctxt *, const char *);
107int auth_rsa(struct passwd *, BIGNUM *); 107int auth_rsa(Authctxt *, BIGNUM *);
108int auth_rsa_challenge_dialog(Key *); 108int auth_rsa_challenge_dialog(Key *);
109BIGNUM *auth_rsa_generate_challenge(Key *); 109BIGNUM *auth_rsa_generate_challenge(Key *);
110int auth_rsa_verify_response(Key *, BIGNUM *, u_char[]); 110int auth_rsa_verify_response(Key *, BIGNUM *, u_char[]);
diff --git a/auth1.c b/auth1.c
index 38c0bf93c..ea81524f1 100644
--- a/auth1.c
+++ b/auth1.c
@@ -10,7 +10,7 @@
10 */ 10 */
11 11
12#include "includes.h" 12#include "includes.h"
13RCSID("$OpenBSD: auth1.c,v 1.53 2003/09/23 20:17:11 markus Exp $"); 13RCSID("$OpenBSD: auth1.c,v 1.54 2003/11/04 08:54:09 djm Exp $");
14 14
15#include "xmalloc.h" 15#include "xmalloc.h"
16#include "rsa.h" 16#include "rsa.h"
@@ -139,7 +139,7 @@ do_authloop(Authctxt *authctxt)
139 BN_num_bits(client_host_key->rsa->n), bits); 139 BN_num_bits(client_host_key->rsa->n), bits);
140 packet_check_eom(); 140 packet_check_eom();
141 141
142 authenticated = auth_rhosts_rsa(pw, client_user, 142 authenticated = auth_rhosts_rsa(authctxt, client_user,
143 client_host_key); 143 client_host_key);
144 key_free(client_host_key); 144 key_free(client_host_key);
145 145
@@ -156,7 +156,7 @@ do_authloop(Authctxt *authctxt)
156 fatal("do_authloop: BN_new failed"); 156 fatal("do_authloop: BN_new failed");
157 packet_get_bignum(n); 157 packet_get_bignum(n);
158 packet_check_eom(); 158 packet_check_eom();
159 authenticated = auth_rsa(pw, n); 159 authenticated = auth_rsa(authctxt, n);
160 BN_clear_free(n); 160 BN_clear_free(n);
161 break; 161 break;
162 162
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index d51e939f1..c28571ab6 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: auth2-pubkey.c,v 1.4 2003/06/24 08:23:46 markus Exp $"); 26RCSID("$OpenBSD: auth2-pubkey.c,v 1.5 2003/11/04 08:54:09 djm Exp $");
27 27
28#include "ssh2.h" 28#include "ssh2.h"
29#include "xmalloc.h" 29#include "xmalloc.h"
@@ -175,9 +175,6 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file)
175 Key *found; 175 Key *found;
176 char *fp; 176 char *fp;
177 177
178 if (pw == NULL)
179 return 0;
180
181 /* Temporarily use the user's uid. */ 178 /* Temporarily use the user's uid. */
182 temporarily_use_uid(pw); 179 temporarily_use_uid(pw);
183 180
diff --git a/auth2.c b/auth2.c
index ef1173fe6..a9490ccfd 100644
--- a/auth2.c
+++ b/auth2.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: auth2.c,v 1.103 2003/09/23 20:17:11 markus Exp $"); 26RCSID("$OpenBSD: auth2.c,v 1.104 2003/11/04 08:54:09 djm Exp $");
27 27
28#include "ssh2.h" 28#include "ssh2.h"
29#include "xmalloc.h" 29#include "xmalloc.h"
@@ -77,7 +77,6 @@ static void input_userauth_request(int, u_int32_t, void *);
77static Authmethod *authmethod_lookup(const char *); 77static Authmethod *authmethod_lookup(const char *);
78static char *authmethods_get(void); 78static char *authmethods_get(void);
79int user_key_allowed(struct passwd *, Key *); 79int user_key_allowed(struct passwd *, Key *);
80int hostbased_key_allowed(struct passwd *, const char *, char *, Key *);
81 80
82/* 81/*
83 * loop until authctxt->success == TRUE 82 * loop until authctxt->success == TRUE
diff --git a/monitor.c b/monitor.c
index eaf66f7c8..e83fb45a7 100644
--- a/monitor.c
+++ b/monitor.c
@@ -25,7 +25,7 @@
25 */ 25 */
26 26
27#include "includes.h" 27#include "includes.h"
28RCSID("$OpenBSD: monitor.c,v 1.50 2003/09/23 20:17:11 markus Exp $"); 28RCSID("$OpenBSD: monitor.c,v 1.51 2003/11/04 08:54:09 djm Exp $");
29 29
30#include <openssl/dh.h> 30#include <openssl/dh.h>
31 31
@@ -946,7 +946,7 @@ mm_answer_keyallowed(int socket, Buffer *m)
946 946
947 debug3("%s: key_from_blob: %p", __func__, key); 947 debug3("%s: key_from_blob: %p", __func__, key);
948 948
949 if (key != NULL && authctxt->pw != NULL) { 949 if (key != NULL && authctxt->valid) {
950 switch(type) { 950 switch(type) {
951 case MM_USERKEY: 951 case MM_USERKEY:
952 allowed = options.pubkey_authentication && 952 allowed = options.pubkey_authentication &&
diff --git a/serverloop.c b/serverloop.c
index 21656cf87..98793b756 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -35,7 +35,7 @@
35 */ 35 */
36 36
37#include "includes.h" 37#include "includes.h"
38RCSID("$OpenBSD: serverloop.c,v 1.111 2003/09/23 20:17:11 markus Exp $"); 38RCSID("$OpenBSD: serverloop.c,v 1.112 2003/11/04 08:54:09 djm Exp $");
39 39
40#include "xmalloc.h" 40#include "xmalloc.h"
41#include "packet.h" 41#include "packet.h"
@@ -973,8 +973,8 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
973 u_short listen_port; 973 u_short listen_port;
974 974
975 pw = the_authctxt->pw; 975 pw = the_authctxt->pw;
976 if (pw == NULL) 976 if (pw == NULL || !the_authctxt->pw)
977 fatal("server_input_global_request: no user"); 977 fatal("server_input_global_request: no/invalid user");
978 listen_address = packet_get_string(NULL); 978 listen_address = packet_get_string(NULL);
979 listen_port = (u_short)packet_get_int(); 979 listen_port = (u_short)packet_get_int();
980 debug("server_input_global_request: tcpip-forward listen %s port %d", 980 debug("server_input_global_request: tcpip-forward listen %s port %d",
diff --git a/session.c b/session.c
index 2b228906d..0f8032430 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
33 */ 33 */
34 34
35#include "includes.h" 35#include "includes.h"
36RCSID("$OpenBSD: session.c,v 1.166 2003/10/14 19:54:39 markus Exp $"); 36RCSID("$OpenBSD: session.c,v 1.167 2003/11/04 08:54:09 djm Exp $");
37 37
38#include "ssh.h" 38#include "ssh.h"
39#include "ssh1.h" 39#include "ssh1.h"
@@ -1532,7 +1532,7 @@ session_open(Authctxt *authctxt, int chanid)
1532 } 1532 }
1533 s->authctxt = authctxt; 1533 s->authctxt = authctxt;
1534 s->pw = authctxt->pw; 1534 s->pw = authctxt->pw;
1535 if (s->pw == NULL) 1535 if (s->pw == NULL || !authctxt->valid)
1536 fatal("no user for session %d", s->self); 1536 fatal("no user for session %d", s->self);
1537 debug("session_open: session %d: link with channel %d", s->self, chanid); 1537 debug("session_open: session %d: link with channel %d", s->self, chanid);
1538 s->chanid = chanid; 1538 s->chanid = chanid;
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-30 09:26:30 +0000