summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog6
-rw-r--r--monitor.c4
-rw-r--r--monitor_wrap.c17
3 files changed, 22 insertions, 5 deletions
diff --git a/ChangeLog b/ChangeLog
index 2fdcb2782..79594ab20 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -67,6 +67,10 @@
67 [kex.c kexdh.c kexgex.c kex.h sshconnect2.c sshd.c ssh-keyscan.c] 67 [kex.c kexdh.c kexgex.c kex.h sshconnect2.c sshd.c ssh-keyscan.c]
68 split kex into client and server code, no need to link 68 split kex into client and server code, no need to link
69 server code into the client; ok provos@ 69 server code into the client; ok provos@
70 - markus@cvs.openbsd.org 2003/02/16 17:30:33
71 [monitor.c monitor_wrap.c]
72 fix permitrootlogin forced-commands-only for privsep; bux #387;
73 ok provos@
70 74
7120030211 7520030211
72 - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com 76 - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com
@@ -1167,4 +1171,4 @@
1167 save auth method before monitor_reset_key_state(); bugzilla bug #284; 1171 save auth method before monitor_reset_key_state(); bugzilla bug #284;
1168 ok provos@ 1172 ok provos@
1169 1173
1170$Id: ChangeLog,v 1.2612 2003/02/24 01:03:03 djm Exp $ 1174$Id: ChangeLog,v 1.2613 2003/02/24 01:03:38 djm Exp $
diff --git a/monitor.c b/monitor.c
index 07d1728ec..694cd630a 100644
--- a/monitor.c
+++ b/monitor.c
@@ -25,7 +25,7 @@
25 */ 25 */
26 26
27#include "includes.h" 27#include "includes.h"
28RCSID("$OpenBSD: monitor.c,v 1.31 2003/02/04 09:33:22 markus Exp $"); 28RCSID("$OpenBSD: monitor.c,v 1.32 2003/02/16 17:30:33 markus Exp $");
29 29
30#include <openssl/dh.h> 30#include <openssl/dh.h>
31 31
@@ -826,6 +826,7 @@ mm_answer_keyallowed(int socket, Buffer *m)
826 826
827 buffer_clear(m); 827 buffer_clear(m);
828 buffer_put_int(m, allowed); 828 buffer_put_int(m, allowed);
829 buffer_put_int(m, forced_command != NULL);
829 830
830 mm_append_debug(m); 831 mm_append_debug(m);
831 832
@@ -1188,6 +1189,7 @@ mm_answer_rsa_keyallowed(int socket, Buffer *m)
1188 } 1189 }
1189 buffer_clear(m); 1190 buffer_clear(m);
1190 buffer_put_int(m, allowed); 1191 buffer_put_int(m, allowed);
1192 buffer_put_int(m, forced_command != NULL);
1191 1193
1192 /* clear temporarily storage (used by generate challenge) */ 1194 /* clear temporarily storage (used by generate challenge) */
1193 monitor_reset_key_state(); 1195 monitor_reset_key_state();
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 551bbc15a..1395a32f4 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -25,7 +25,7 @@
25 */ 25 */
26 26
27#include "includes.h" 27#include "includes.h"
28RCSID("$OpenBSD: monitor_wrap.c,v 1.21 2003/02/04 09:33:22 markus Exp $"); 28RCSID("$OpenBSD: monitor_wrap.c,v 1.22 2003/02/16 17:30:33 markus Exp $");
29 29
30#include <openssl/bn.h> 30#include <openssl/bn.h>
31#include <openssl/dh.h> 31#include <openssl/dh.h>
@@ -34,6 +34,7 @@ RCSID("$OpenBSD: monitor_wrap.c,v 1.21 2003/02/04 09:33:22 markus Exp $");
34#include "dh.h" 34#include "dh.h"
35#include "kex.h" 35#include "kex.h"
36#include "auth.h" 36#include "auth.h"
37#include "auth-options.h"
37#include "buffer.h" 38#include "buffer.h"
38#include "bufaux.h" 39#include "bufaux.h"
39#include "packet.h" 40#include "packet.h"
@@ -312,7 +313,7 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key)
312 Buffer m; 313 Buffer m;
313 u_char *blob; 314 u_char *blob;
314 u_int len; 315 u_int len;
315 int allowed = 0; 316 int allowed = 0, have_forced = 0;
316 317
317 debug3("%s entering", __func__); 318 debug3("%s entering", __func__);
318 319
@@ -334,6 +335,11 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key)
334 335
335 allowed = buffer_get_int(&m); 336 allowed = buffer_get_int(&m);
336 337
338 /* fake forced command */
339 auth_clear_options();
340 have_forced = buffer_get_int(&m);
341 forced_command = have_forced ? xstrdup("true") : NULL;
342
337 /* Send potential debug messages */ 343 /* Send potential debug messages */
338 mm_send_debug(&m); 344 mm_send_debug(&m);
339 345
@@ -853,7 +859,7 @@ mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
853 Key *key; 859 Key *key;
854 u_char *blob; 860 u_char *blob;
855 u_int blen; 861 u_int blen;
856 int allowed = 0; 862 int allowed = 0, have_forced = 0;
857 863
858 debug3("%s entering", __func__); 864 debug3("%s entering", __func__);
859 865
@@ -865,6 +871,11 @@ mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
865 871
866 allowed = buffer_get_int(&m); 872 allowed = buffer_get_int(&m);
867 873
874 /* fake forced command */
875 auth_clear_options();
876 have_forced = buffer_get_int(&m);
877 forced_command = have_forced ? xstrdup("true") : NULL;
878
868 if (allowed && rkey != NULL) { 879 if (allowed && rkey != NULL) {
869 blob = buffer_get_string(&m, &blen); 880 blob = buffer_get_string(&m, &blen);
870 if ((key = key_from_blob(blob, blen)) == NULL) 881 if ((key = key_from_blob(blob, blen)) == NULL)