7 files changed, 80 insertions, 19 deletions

diff --git a/ChangeLog b/ChangeLog
index c4e583fe1..92afe6b46 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,7 @@
 20020513
  - (djm) Add --with-superuser-path=xxx configure option to specify what $PATH
    the superuser receives.
+ - (djm) Bug #231: UsePrivilegeSeparation turns off Banner.
 
 20020511
  - (tim) [configure.ac] applied a rework of djm's OpenSSL search cleanup patch.
@@ -571,4 +572,4 @@
  - (stevesk) entropy.c: typo in debug message
  - (djm) ssh-keygen -i needs seeded RNG; report from markus@
 
-$Id: ChangeLog,v 1.2107 2002/05/13 00:48:57 djm Exp $
+$Id: ChangeLog,v 1.2108 2002/05/13 01:07:41 djm Exp $
diff --git a/auth.h b/auth.h
index a336926fc..f03a26e0a 100644
--- a/auth.h
+++ b/auth.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: auth.h,v 1.35 2002/03/19 10:35:39 markus Exp $        */
+/*      $OpenBSD: auth.h,v 1.36 2002/05/12 23:53:45 djm Exp $   */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -136,6 +136,8 @@ void	auth_log(Authctxt *, int, char *, char *);
 void    userauth_finish(Authctxt *, int, char *);
 int     auth_root_allowed(char *);
 
+char    *auth2_read_banner(void);
+
 void    privsep_challenge_enable(void);
 
 int     auth2_challenge(Authctxt *, char *);
diff --git a/auth2.c b/auth2.c
index 61fd0a738..20584caa9 100644
--- a/auth2.c
+++ b/auth2.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.89 2002/03/19 14:27:39 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.90 2002/05/12 23:53:45 djm Exp $");
 
 #include <openssl/evp.h>
 
@@ -283,25 +283,45 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
         }
 }
 
-static void
-userauth_banner(void)
+char *
+auth2_read_banner(void)
 {
         struct stat st;
         char *banner = NULL;
         off_t len, n;
         int fd;
 
-        if (options.banner == NULL || (datafellows & SSH_BUG_BANNER))
-                return;
-        if ((fd = open(options.banner, O_RDONLY)) < 0)
-                return;
-        if (fstat(fd, &st) < 0)
-                goto done;
+        if ((fd = open(options.banner, O_RDONLY)) == -1)
+                return (NULL);
+        if (fstat(fd, &st) == -1) {
+                close(fd);
+                return (NULL);
+        }
         len = st.st_size;
         banner = xmalloc(len + 1);
-        if ((n = read(fd, banner, len)) < 0)
-                goto done;
+        n = atomicio(read, fd, banner, len);
+        close(fd);
+
+        if (n != len) {
+                free(banner);
+                return (NULL);
+        }
         banner[n] = '\0';
+        
+        return (banner);
+}
+
+static void
+userauth_banner(void)
+{
+        char *banner = NULL;
+
+        if (options.banner == NULL || (datafellows & SSH_BUG_BANNER))
+                return;
+
+        if ((banner = PRIVSEP(auth2_read_banner())) == NULL)
+                goto done;
+
         packet_start(SSH2_MSG_USERAUTH_BANNER);
         packet_put_cstring(banner);
         packet_put_cstring("");         /* language, unused */
@@ -310,7 +330,6 @@ userauth_banner(void)
 done:
         if (banner)
                 xfree(banner);
-        close(fd);
         return;
 }
 
diff --git a/monitor.c b/monitor.c
index a27cf0f3d..279ec37ff 100644
--- a/monitor.c
+++ b/monitor.c
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: monitor.c,v 1.9 2002/03/30 18:51:15 markus Exp $");
+RCSID("$OpenBSD: monitor.c,v 1.10 2002/05/12 23:53:45 djm Exp $");
 
 #include <openssl/dh.h>
 
@@ -96,6 +96,7 @@ struct {
 int mm_answer_moduli(int, Buffer *);
 int mm_answer_sign(int, Buffer *);
 int mm_answer_pwnamallow(int, Buffer *);
+int mm_answer_auth2_read_banner(int, Buffer *);
 int mm_answer_authserv(int, Buffer *);
 int mm_answer_authpassword(int, Buffer *);
 int mm_answer_bsdauthquery(int, Buffer *);
@@ -147,6 +148,7 @@ struct mon_table mon_dispatch_proto20[] = {
     {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
     {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
     {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
+    {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
     {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
 #ifdef USE_PAM
     {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start},
@@ -524,9 +526,11 @@ mm_answer_pwnamallow(int socket, Buffer *m)
         /* For SSHv1 allow authentication now */
         if (!compat20)
                 monitor_permit_authentications(1);
-        else
+        else {
                 /* Allow service/style information on the auth context */
                 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
+                monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
+        }
 
 #ifdef USE_PAM
         monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1);
@@ -535,6 +539,21 @@ mm_answer_pwnamallow(int socket, Buffer *m)
         return (0);
 }
 
+int mm_answer_auth2_read_banner(int socket, Buffer *m)
+{
+        char *banner;
+
+        buffer_clear(m);
+        banner = auth2_read_banner();
+        buffer_put_cstring(m, banner != NULL ? banner : "");
+        mm_request_send(socket, MONITOR_ANS_AUTH2_READ_BANNER, m);
+
+        if (banner != NULL)
+                free(banner);
+
+        return (0);
+}
+
 int
 mm_answer_authserv(int socket, Buffer *m)
 {
diff --git a/monitor.h b/monitor.h
index 56ec9d915..b5db9998e 100644
--- a/monitor.h
+++ b/monitor.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: monitor.h,v 1.3 2002/03/26 03:24:01 stevesk Exp $     */
+/*      $OpenBSD: monitor.h,v 1.4 2002/05/12 23:53:45 djm Exp $ */
 
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
@@ -33,6 +33,7 @@ enum monitor_reqtype {
         MONITOR_REQ_FREE, MONITOR_REQ_AUTHSERV,
         MONITOR_REQ_SIGN, MONITOR_ANS_SIGN,
         MONITOR_REQ_PWNAM, MONITOR_ANS_PWNAM,
+        MONITOR_REQ_AUTH2_READ_BANNER, MONITOR_ANS_AUTH2_READ_BANNER,
         MONITOR_REQ_AUTHPASSWORD, MONITOR_ANS_AUTHPASSWORD,
         MONITOR_REQ_BSDAUTHQUERY, MONITOR_ANS_BSDAUTHQUERY,
         MONITOR_REQ_BSDAUTHRESPOND, MONITOR_ANS_BSDAUTHRESPOND,
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 0fe5bc10d..380175828 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: monitor_wrap.c,v 1.5 2002/03/25 20:12:10 stevesk Exp $");
+RCSID("$OpenBSD: monitor_wrap.c,v 1.6 2002/05/12 23:53:45 djm Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/dh.h>
@@ -207,6 +207,24 @@ mm_getpwnamallow(const char *login)
         return (pw);
 }
 
+char* mm_auth2_read_banner(void)
+{
+        Buffer m;
+        char *banner;
+
+        debug3("%s entering", __FUNCTION__);
+
+        buffer_init(&m);
+        mm_request_send(monitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, &m);
+        buffer_clear(&m);
+
+        mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_AUTH2_READ_BANNER, &m);
+        banner = buffer_get_string(&m, NULL);
+        buffer_free(&m);
+        
+        return (banner);
+}
+
 /* Inform the privileged process about service and style */
 
 void
diff --git a/monitor_wrap.h b/monitor_wrap.h
index 975ba0549..ce721247b 100644
--- a/monitor_wrap.h
+++ b/monitor_wrap.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: monitor_wrap.h,v 1.4 2002/03/26 03:24:01 stevesk Exp $        */
+/*      $OpenBSD: monitor_wrap.h,v 1.5 2002/05/12 23:53:45 djm Exp $    */
 
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
@@ -44,6 +44,7 @@ DH *mm_choose_dh(int, int, int);
 int mm_key_sign(Key *, u_char **, u_int *, u_char *, u_int);
 void mm_inform_authserv(char *, char *);
 struct passwd *mm_getpwnamallow(const char *);
+char* mm_auth2_read_banner(void);
 int mm_auth_password(struct Authctxt *, char *);
 int mm_key_allowed(enum mm_keytype, char *, char *, Key *);
 int mm_user_key_allowed(struct passwd *, Key *);