diff options
-rw-r--r-- | ChangeLog | 8 | ||||
-rw-r--r-- | auth-krb5.c | 4 | ||||
-rw-r--r-- | auth-passwd.c | 7 | ||||
-rw-r--r-- | auth-rh-rsa.c | 7 | ||||
-rw-r--r-- | auth-rhosts.c | 6 | ||||
-rw-r--r-- | auth-rsa.c | 7 | ||||
-rw-r--r-- | auth.h | 6 | ||||
-rw-r--r-- | auth1.c | 6 | ||||
-rw-r--r-- | auth2-pubkey.c | 5 | ||||
-rw-r--r-- | auth2.c | 3 | ||||
-rw-r--r-- | monitor.c | 4 | ||||
-rw-r--r-- | serverloop.c | 6 | ||||
-rw-r--r-- | session.c | 4 |
13 files changed, 35 insertions, 38 deletions
@@ -10,6 +10,12 @@ | |||
10 | - jakob@cvs.openbsd.org 2003/11/03 09:37:32 | 10 | - jakob@cvs.openbsd.org 2003/11/03 09:37:32 |
11 | [sshconnect.c] | 11 | [sshconnect.c] |
12 | do not free static type pointer in warn_changed_key() | 12 | do not free static type pointer in warn_changed_key() |
13 | - djm@cvs.openbsd.org 2003/11/04 08:54:09 | ||
14 | [auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c] | ||
15 | [auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c] | ||
16 | [session.c] | ||
17 | standardise arguments to auth methods - they should all take authctxt. | ||
18 | check authctxt->valid rather then pw != NULL; ok markus@ | ||
13 | 19 | ||
14 | 20031115 | 20 | 20031115 |
15 | - (dtucker) [regress/agent-ptrace.sh] Test for GDB output from Solaris and | 21 | - (dtucker) [regress/agent-ptrace.sh] Test for GDB output from Solaris and |
@@ -1430,4 +1436,4 @@ | |||
1430 | - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. | 1436 | - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. |
1431 | Report from murple@murple.net, diagnosis from dtucker@zip.com.au | 1437 | Report from murple@murple.net, diagnosis from dtucker@zip.com.au |
1432 | 1438 | ||
1433 | $Id: ChangeLog,v 1.3100 2003/11/17 10:11:15 djm Exp $ | 1439 | $Id: ChangeLog,v 1.3101 2003/11/17 10:13:40 djm Exp $ |
diff --git a/auth-krb5.c b/auth-krb5.c index e31f2eb0e..101e53bca 100644 --- a/auth-krb5.c +++ b/auth-krb5.c | |||
@@ -28,7 +28,7 @@ | |||
28 | */ | 28 | */ |
29 | 29 | ||
30 | #include "includes.h" | 30 | #include "includes.h" |
31 | RCSID("$OpenBSD: auth-krb5.c,v 1.13 2003/09/23 20:17:11 markus Exp $"); | 31 | RCSID("$OpenBSD: auth-krb5.c,v 1.14 2003/11/04 08:54:09 djm Exp $"); |
32 | 32 | ||
33 | #include "ssh.h" | 33 | #include "ssh.h" |
34 | #include "ssh1.h" | 34 | #include "ssh1.h" |
@@ -72,7 +72,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password) | |||
72 | krb5_error_code problem; | 72 | krb5_error_code problem; |
73 | krb5_ccache ccache = NULL; | 73 | krb5_ccache ccache = NULL; |
74 | 74 | ||
75 | if (authctxt->pw == NULL) | 75 | if (!authctxt->valid) |
76 | return (0); | 76 | return (0); |
77 | 77 | ||
78 | temporarily_use_uid(authctxt->pw); | 78 | temporarily_use_uid(authctxt->pw); |
diff --git a/auth-passwd.c b/auth-passwd.c index 971c7ba19..b7e275556 100644 --- a/auth-passwd.c +++ b/auth-passwd.c | |||
@@ -36,7 +36,7 @@ | |||
36 | */ | 36 | */ |
37 | 37 | ||
38 | #include "includes.h" | 38 | #include "includes.h" |
39 | RCSID("$OpenBSD: auth-passwd.c,v 1.29 2003/08/26 09:58:43 markus Exp $"); | 39 | RCSID("$OpenBSD: auth-passwd.c,v 1.30 2003/11/04 08:54:09 djm Exp $"); |
40 | 40 | ||
41 | #include "packet.h" | 41 | #include "packet.h" |
42 | #include "log.h" | 42 | #include "log.h" |
@@ -60,11 +60,8 @@ auth_password(Authctxt *authctxt, const char *password) | |||
60 | struct passwd * pw = authctxt->pw; | 60 | struct passwd * pw = authctxt->pw; |
61 | int ok = authctxt->valid; | 61 | int ok = authctxt->valid; |
62 | 62 | ||
63 | /* deny if no user. */ | ||
64 | if (pw == NULL) | ||
65 | return 0; | ||
66 | #ifndef HAVE_CYGWIN | 63 | #ifndef HAVE_CYGWIN |
67 | if (pw && pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) | 64 | if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) |
68 | ok = 0; | 65 | ok = 0; |
69 | #endif | 66 | #endif |
70 | if (*password == '\0' && options.permit_empty_passwd == 0) | 67 | if (*password == '\0' && options.permit_empty_passwd == 0) |
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c index 2eb7e6e2d..29eb538ec 100644 --- a/auth-rh-rsa.c +++ b/auth-rh-rsa.c | |||
@@ -13,7 +13,7 @@ | |||
13 | */ | 13 | */ |
14 | 14 | ||
15 | #include "includes.h" | 15 | #include "includes.h" |
16 | RCSID("$OpenBSD: auth-rh-rsa.c,v 1.36 2003/06/02 09:17:34 markus Exp $"); | 16 | RCSID("$OpenBSD: auth-rh-rsa.c,v 1.37 2003/11/04 08:54:09 djm Exp $"); |
17 | 17 | ||
18 | #include "packet.h" | 18 | #include "packet.h" |
19 | #include "uidswap.h" | 19 | #include "uidswap.h" |
@@ -52,14 +52,15 @@ auth_rhosts_rsa_key_allowed(struct passwd *pw, char *cuser, char *chost, | |||
52 | * its host key. Returns true if authentication succeeds. | 52 | * its host key. Returns true if authentication succeeds. |
53 | */ | 53 | */ |
54 | int | 54 | int |
55 | auth_rhosts_rsa(struct passwd *pw, char *cuser, Key *client_host_key) | 55 | auth_rhosts_rsa(Authctxt *authctxt, char *cuser, Key *client_host_key) |
56 | { | 56 | { |
57 | char *chost; | 57 | char *chost; |
58 | struct passwd *pw = authctxt->pw; | ||
58 | 59 | ||
59 | debug("Trying rhosts with RSA host authentication for client user %.100s", | 60 | debug("Trying rhosts with RSA host authentication for client user %.100s", |
60 | cuser); | 61 | cuser); |
61 | 62 | ||
62 | if (pw == NULL || client_host_key == NULL || | 63 | if (!authctxt->valid || client_host_key == NULL || |
63 | client_host_key->rsa == NULL) | 64 | client_host_key->rsa == NULL) |
64 | return 0; | 65 | return 0; |
65 | 66 | ||
diff --git a/auth-rhosts.c b/auth-rhosts.c index b42a64c90..585246e82 100644 --- a/auth-rhosts.c +++ b/auth-rhosts.c | |||
@@ -14,7 +14,7 @@ | |||
14 | */ | 14 | */ |
15 | 15 | ||
16 | #include "includes.h" | 16 | #include "includes.h" |
17 | RCSID("$OpenBSD: auth-rhosts.c,v 1.31 2003/06/02 09:17:34 markus Exp $"); | 17 | RCSID("$OpenBSD: auth-rhosts.c,v 1.32 2003/11/04 08:54:09 djm Exp $"); |
18 | 18 | ||
19 | #include "packet.h" | 19 | #include "packet.h" |
20 | #include "uidswap.h" | 20 | #include "uidswap.h" |
@@ -173,10 +173,6 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam | |||
173 | debug2("auth_rhosts2: clientuser %s hostname %s ipaddr %s", | 173 | debug2("auth_rhosts2: clientuser %s hostname %s ipaddr %s", |
174 | client_user, hostname, ipaddr); | 174 | client_user, hostname, ipaddr); |
175 | 175 | ||
176 | /* no user given */ | ||
177 | if (pw == NULL) | ||
178 | return 0; | ||
179 | |||
180 | /* Switch to the user's uid. */ | 176 | /* Switch to the user's uid. */ |
181 | temporarily_use_uid(pw); | 177 | temporarily_use_uid(pw); |
182 | /* | 178 | /* |
diff --git a/auth-rsa.c b/auth-rsa.c index 5631d238c..2f0746b30 100644 --- a/auth-rsa.c +++ b/auth-rsa.c | |||
@@ -14,7 +14,7 @@ | |||
14 | */ | 14 | */ |
15 | 15 | ||
16 | #include "includes.h" | 16 | #include "includes.h" |
17 | RCSID("$OpenBSD: auth-rsa.c,v 1.57 2003/04/08 20:21:28 itojun Exp $"); | 17 | RCSID("$OpenBSD: auth-rsa.c,v 1.58 2003/11/04 08:54:09 djm Exp $"); |
18 | 18 | ||
19 | #include <openssl/rsa.h> | 19 | #include <openssl/rsa.h> |
20 | #include <openssl/md5.h> | 20 | #include <openssl/md5.h> |
@@ -284,13 +284,14 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) | |||
284 | * successful. This may exit if there is a serious protocol violation. | 284 | * successful. This may exit if there is a serious protocol violation. |
285 | */ | 285 | */ |
286 | int | 286 | int |
287 | auth_rsa(struct passwd *pw, BIGNUM *client_n) | 287 | auth_rsa(Authctxt *authctxt, BIGNUM *client_n) |
288 | { | 288 | { |
289 | Key *key; | 289 | Key *key; |
290 | char *fp; | 290 | char *fp; |
291 | struct passwd *pw = authctxt->pw; | ||
291 | 292 | ||
292 | /* no user given */ | 293 | /* no user given */ |
293 | if (pw == NULL) | 294 | if (!authctxt->valid) |
294 | return 0; | 295 | return 0; |
295 | 296 | ||
296 | if (!PRIVSEP(auth_rsa_key_allowed(pw, client_n, &key))) { | 297 | if (!PRIVSEP(auth_rsa_key_allowed(pw, client_n, &key))) { |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth.h,v 1.47 2003/09/23 20:17:11 markus Exp $ */ | 1 | /* $OpenBSD: auth.h,v 1.48 2003/11/04 08:54:09 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
@@ -102,9 +102,9 @@ int auth_rhosts(struct passwd *, const char *); | |||
102 | int | 102 | int |
103 | auth_rhosts2(struct passwd *, const char *, const char *, const char *); | 103 | auth_rhosts2(struct passwd *, const char *, const char *, const char *); |
104 | 104 | ||
105 | int auth_rhosts_rsa(struct passwd *, char *, Key *); | 105 | int auth_rhosts_rsa(Authctxt *, char *, Key *); |
106 | int auth_password(Authctxt *, const char *); | 106 | int auth_password(Authctxt *, const char *); |
107 | int auth_rsa(struct passwd *, BIGNUM *); | 107 | int auth_rsa(Authctxt *, BIGNUM *); |
108 | int auth_rsa_challenge_dialog(Key *); | 108 | int auth_rsa_challenge_dialog(Key *); |
109 | BIGNUM *auth_rsa_generate_challenge(Key *); | 109 | BIGNUM *auth_rsa_generate_challenge(Key *); |
110 | int auth_rsa_verify_response(Key *, BIGNUM *, u_char[]); | 110 | int auth_rsa_verify_response(Key *, BIGNUM *, u_char[]); |
@@ -10,7 +10,7 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include "includes.h" | 12 | #include "includes.h" |
13 | RCSID("$OpenBSD: auth1.c,v 1.53 2003/09/23 20:17:11 markus Exp $"); | 13 | RCSID("$OpenBSD: auth1.c,v 1.54 2003/11/04 08:54:09 djm Exp $"); |
14 | 14 | ||
15 | #include "xmalloc.h" | 15 | #include "xmalloc.h" |
16 | #include "rsa.h" | 16 | #include "rsa.h" |
@@ -139,7 +139,7 @@ do_authloop(Authctxt *authctxt) | |||
139 | BN_num_bits(client_host_key->rsa->n), bits); | 139 | BN_num_bits(client_host_key->rsa->n), bits); |
140 | packet_check_eom(); | 140 | packet_check_eom(); |
141 | 141 | ||
142 | authenticated = auth_rhosts_rsa(pw, client_user, | 142 | authenticated = auth_rhosts_rsa(authctxt, client_user, |
143 | client_host_key); | 143 | client_host_key); |
144 | key_free(client_host_key); | 144 | key_free(client_host_key); |
145 | 145 | ||
@@ -156,7 +156,7 @@ do_authloop(Authctxt *authctxt) | |||
156 | fatal("do_authloop: BN_new failed"); | 156 | fatal("do_authloop: BN_new failed"); |
157 | packet_get_bignum(n); | 157 | packet_get_bignum(n); |
158 | packet_check_eom(); | 158 | packet_check_eom(); |
159 | authenticated = auth_rsa(pw, n); | 159 | authenticated = auth_rsa(authctxt, n); |
160 | BN_clear_free(n); | 160 | BN_clear_free(n); |
161 | break; | 161 | break; |
162 | 162 | ||
diff --git a/auth2-pubkey.c b/auth2-pubkey.c index d51e939f1..c28571ab6 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c | |||
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: auth2-pubkey.c,v 1.4 2003/06/24 08:23:46 markus Exp $"); | 26 | RCSID("$OpenBSD: auth2-pubkey.c,v 1.5 2003/11/04 08:54:09 djm Exp $"); |
27 | 27 | ||
28 | #include "ssh2.h" | 28 | #include "ssh2.h" |
29 | #include "xmalloc.h" | 29 | #include "xmalloc.h" |
@@ -175,9 +175,6 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file) | |||
175 | Key *found; | 175 | Key *found; |
176 | char *fp; | 176 | char *fp; |
177 | 177 | ||
178 | if (pw == NULL) | ||
179 | return 0; | ||
180 | |||
181 | /* Temporarily use the user's uid. */ | 178 | /* Temporarily use the user's uid. */ |
182 | temporarily_use_uid(pw); | 179 | temporarily_use_uid(pw); |
183 | 180 | ||
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: auth2.c,v 1.103 2003/09/23 20:17:11 markus Exp $"); | 26 | RCSID("$OpenBSD: auth2.c,v 1.104 2003/11/04 08:54:09 djm Exp $"); |
27 | 27 | ||
28 | #include "ssh2.h" | 28 | #include "ssh2.h" |
29 | #include "xmalloc.h" | 29 | #include "xmalloc.h" |
@@ -77,7 +77,6 @@ static void input_userauth_request(int, u_int32_t, void *); | |||
77 | static Authmethod *authmethod_lookup(const char *); | 77 | static Authmethod *authmethod_lookup(const char *); |
78 | static char *authmethods_get(void); | 78 | static char *authmethods_get(void); |
79 | int user_key_allowed(struct passwd *, Key *); | 79 | int user_key_allowed(struct passwd *, Key *); |
80 | int hostbased_key_allowed(struct passwd *, const char *, char *, Key *); | ||
81 | 80 | ||
82 | /* | 81 | /* |
83 | * loop until authctxt->success == TRUE | 82 | * loop until authctxt->success == TRUE |
@@ -25,7 +25,7 @@ | |||
25 | */ | 25 | */ |
26 | 26 | ||
27 | #include "includes.h" | 27 | #include "includes.h" |
28 | RCSID("$OpenBSD: monitor.c,v 1.50 2003/09/23 20:17:11 markus Exp $"); | 28 | RCSID("$OpenBSD: monitor.c,v 1.51 2003/11/04 08:54:09 djm Exp $"); |
29 | 29 | ||
30 | #include <openssl/dh.h> | 30 | #include <openssl/dh.h> |
31 | 31 | ||
@@ -946,7 +946,7 @@ mm_answer_keyallowed(int socket, Buffer *m) | |||
946 | 946 | ||
947 | debug3("%s: key_from_blob: %p", __func__, key); | 947 | debug3("%s: key_from_blob: %p", __func__, key); |
948 | 948 | ||
949 | if (key != NULL && authctxt->pw != NULL) { | 949 | if (key != NULL && authctxt->valid) { |
950 | switch(type) { | 950 | switch(type) { |
951 | case MM_USERKEY: | 951 | case MM_USERKEY: |
952 | allowed = options.pubkey_authentication && | 952 | allowed = options.pubkey_authentication && |
diff --git a/serverloop.c b/serverloop.c index 21656cf87..98793b756 100644 --- a/serverloop.c +++ b/serverloop.c | |||
@@ -35,7 +35,7 @@ | |||
35 | */ | 35 | */ |
36 | 36 | ||
37 | #include "includes.h" | 37 | #include "includes.h" |
38 | RCSID("$OpenBSD: serverloop.c,v 1.111 2003/09/23 20:17:11 markus Exp $"); | 38 | RCSID("$OpenBSD: serverloop.c,v 1.112 2003/11/04 08:54:09 djm Exp $"); |
39 | 39 | ||
40 | #include "xmalloc.h" | 40 | #include "xmalloc.h" |
41 | #include "packet.h" | 41 | #include "packet.h" |
@@ -973,8 +973,8 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) | |||
973 | u_short listen_port; | 973 | u_short listen_port; |
974 | 974 | ||
975 | pw = the_authctxt->pw; | 975 | pw = the_authctxt->pw; |
976 | if (pw == NULL) | 976 | if (pw == NULL || !the_authctxt->pw) |
977 | fatal("server_input_global_request: no user"); | 977 | fatal("server_input_global_request: no/invalid user"); |
978 | listen_address = packet_get_string(NULL); | 978 | listen_address = packet_get_string(NULL); |
979 | listen_port = (u_short)packet_get_int(); | 979 | listen_port = (u_short)packet_get_int(); |
980 | debug("server_input_global_request: tcpip-forward listen %s port %d", | 980 | debug("server_input_global_request: tcpip-forward listen %s port %d", |
@@ -33,7 +33,7 @@ | |||
33 | */ | 33 | */ |
34 | 34 | ||
35 | #include "includes.h" | 35 | #include "includes.h" |
36 | RCSID("$OpenBSD: session.c,v 1.166 2003/10/14 19:54:39 markus Exp $"); | 36 | RCSID("$OpenBSD: session.c,v 1.167 2003/11/04 08:54:09 djm Exp $"); |
37 | 37 | ||
38 | #include "ssh.h" | 38 | #include "ssh.h" |
39 | #include "ssh1.h" | 39 | #include "ssh1.h" |
@@ -1532,7 +1532,7 @@ session_open(Authctxt *authctxt, int chanid) | |||
1532 | } | 1532 | } |
1533 | s->authctxt = authctxt; | 1533 | s->authctxt = authctxt; |
1534 | s->pw = authctxt->pw; | 1534 | s->pw = authctxt->pw; |
1535 | if (s->pw == NULL) | 1535 | if (s->pw == NULL || !authctxt->valid) |
1536 | fatal("no user for session %d", s->self); | 1536 | fatal("no user for session %d", s->self); |
1537 | debug("session_open: session %d: link with channel %d", s->self, chanid); | 1537 | debug("session_open: session %d: link with channel %d", s->self, chanid); |
1538 | s->chanid = chanid; | 1538 | s->chanid = chanid; |