diff options
Diffstat (limited to 'auth.c')
| -rw-r--r-- | auth.c | 26 |
1 files changed, 14 insertions, 12 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: auth.c,v 1.141 2019/10/02 00:42:30 djm Exp $ */ | 1 | /* $OpenBSD: auth.c,v 1.146 2020/01/31 22:42:45 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -79,6 +79,7 @@ | |||
| 79 | 79 | ||
| 80 | /* import */ | 80 | /* import */ |
| 81 | extern ServerOptions options; | 81 | extern ServerOptions options; |
| 82 | extern struct include_list includes; | ||
| 82 | extern int use_privsep; | 83 | extern int use_privsep; |
| 83 | extern struct sshbuf *loginmsg; | 84 | extern struct sshbuf *loginmsg; |
| 84 | extern struct passwd *privsep_pw; | 85 | extern struct passwd *privsep_pw; |
| @@ -489,7 +490,7 @@ check_key_in_hostfiles(struct passwd *pw, struct sshkey *key, const char *host, | |||
| 489 | host_status = check_key_in_hostkeys(hostkeys, key, &found); | 490 | host_status = check_key_in_hostkeys(hostkeys, key, &found); |
| 490 | if (host_status == HOST_REVOKED) | 491 | if (host_status == HOST_REVOKED) |
| 491 | error("WARNING: revoked key for %s attempted authentication", | 492 | error("WARNING: revoked key for %s attempted authentication", |
| 492 | found->host); | 493 | host); |
| 493 | else if (host_status == HOST_OK) | 494 | else if (host_status == HOST_OK) |
| 494 | debug("%s: key for %s found at %s:%ld", __func__, | 495 | debug("%s: key for %s found at %s:%ld", __func__, |
| 495 | found->host, found->file, found->line); | 496 | found->host, found->file, found->line); |
| @@ -571,7 +572,7 @@ getpwnamallow(struct ssh *ssh, const char *user) | |||
| 571 | 572 | ||
| 572 | ci = get_connection_info(ssh, 1, options.use_dns); | 573 | ci = get_connection_info(ssh, 1, options.use_dns); |
| 573 | ci->user = user; | 574 | ci->user = user; |
| 574 | parse_server_match_config(&options, ci); | 575 | parse_server_match_config(&options, &includes, ci); |
| 575 | log_change_level(options.log_level); | 576 | log_change_level(options.log_level); |
| 576 | process_permitopen(ssh, &options); | 577 | process_permitopen(ssh, &options); |
| 577 | 578 | ||
| @@ -748,7 +749,7 @@ remote_hostname(struct ssh *ssh) | |||
| 748 | if (getpeername(ssh_packet_get_connection_in(ssh), | 749 | if (getpeername(ssh_packet_get_connection_in(ssh), |
| 749 | (struct sockaddr *)&from, &fromlen) == -1) { | 750 | (struct sockaddr *)&from, &fromlen) == -1) { |
| 750 | debug("getpeername failed: %.100s", strerror(errno)); | 751 | debug("getpeername failed: %.100s", strerror(errno)); |
| 751 | return strdup(ntop); | 752 | return xstrdup(ntop); |
| 752 | } | 753 | } |
| 753 | 754 | ||
| 754 | ipv64_normalise_mapped(&from, &fromlen); | 755 | ipv64_normalise_mapped(&from, &fromlen); |
| @@ -760,7 +761,7 @@ remote_hostname(struct ssh *ssh) | |||
| 760 | if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), | 761 | if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), |
| 761 | NULL, 0, NI_NAMEREQD) != 0) { | 762 | NULL, 0, NI_NAMEREQD) != 0) { |
| 762 | /* Host name not found. Use ip address. */ | 763 | /* Host name not found. Use ip address. */ |
| 763 | return strdup(ntop); | 764 | return xstrdup(ntop); |
| 764 | } | 765 | } |
| 765 | 766 | ||
| 766 | /* | 767 | /* |
| @@ -775,7 +776,7 @@ remote_hostname(struct ssh *ssh) | |||
| 775 | logit("Nasty PTR record \"%s\" is set up for %s, ignoring", | 776 | logit("Nasty PTR record \"%s\" is set up for %s, ignoring", |
| 776 | name, ntop); | 777 | name, ntop); |
| 777 | freeaddrinfo(ai); | 778 | freeaddrinfo(ai); |
| 778 | return strdup(ntop); | 779 | return xstrdup(ntop); |
| 779 | } | 780 | } |
| 780 | 781 | ||
| 781 | /* Names are stored in lowercase. */ | 782 | /* Names are stored in lowercase. */ |
| @@ -796,7 +797,7 @@ remote_hostname(struct ssh *ssh) | |||
| 796 | if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { | 797 | if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { |
| 797 | logit("reverse mapping checking getaddrinfo for %.700s " | 798 | logit("reverse mapping checking getaddrinfo for %.700s " |
| 798 | "[%s] failed.", name, ntop); | 799 | "[%s] failed.", name, ntop); |
| 799 | return strdup(ntop); | 800 | return xstrdup(ntop); |
| 800 | } | 801 | } |
| 801 | /* Look for the address from the list of addresses. */ | 802 | /* Look for the address from the list of addresses. */ |
| 802 | for (ai = aitop; ai; ai = ai->ai_next) { | 803 | for (ai = aitop; ai; ai = ai->ai_next) { |
| @@ -811,9 +812,9 @@ remote_hostname(struct ssh *ssh) | |||
| 811 | /* Address not found for the host name. */ | 812 | /* Address not found for the host name. */ |
| 812 | logit("Address %.100s maps to %.600s, but this does not " | 813 | logit("Address %.100s maps to %.600s, but this does not " |
| 813 | "map back to the address.", ntop, name); | 814 | "map back to the address.", ntop, name); |
| 814 | return strdup(ntop); | 815 | return xstrdup(ntop); |
| 815 | } | 816 | } |
| 816 | return strdup(name); | 817 | return xstrdup(name); |
| 817 | } | 818 | } |
| 818 | 819 | ||
| 819 | /* | 820 | /* |
| @@ -921,7 +922,7 @@ subprocess(const char *tag, struct passwd *pw, const char *command, | |||
| 921 | child_set_env(&child_env, &envsize, "LANG", cp); | 922 | child_set_env(&child_env, &envsize, "LANG", cp); |
| 922 | 923 | ||
| 923 | for (i = 0; i < NSIG; i++) | 924 | for (i = 0; i < NSIG; i++) |
| 924 | signal(i, SIG_DFL); | 925 | ssh_signal(i, SIG_DFL); |
| 925 | 926 | ||
| 926 | if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) { | 927 | if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) { |
| 927 | error("%s: open %s: %s", tag, _PATH_DEVNULL, | 928 | error("%s: open %s: %s", tag, _PATH_DEVNULL, |
| @@ -1005,7 +1006,7 @@ auth_log_authopts(const char *loc, const struct sshauthopt *opts, int do_remote) | |||
| 1005 | 1006 | ||
| 1006 | snprintf(buf, sizeof(buf), "%d", opts->force_tun_device); | 1007 | snprintf(buf, sizeof(buf), "%d", opts->force_tun_device); |
| 1007 | /* Try to keep this alphabetically sorted */ | 1008 | /* Try to keep this alphabetically sorted */ |
| 1008 | snprintf(msg, sizeof(msg), "key options:%s%s%s%s%s%s%s%s%s%s%s%s%s", | 1009 | snprintf(msg, sizeof(msg), "key options:%s%s%s%s%s%s%s%s%s%s%s%s%s%s", |
| 1009 | opts->permit_agent_forwarding_flag ? " agent-forwarding" : "", | 1010 | opts->permit_agent_forwarding_flag ? " agent-forwarding" : "", |
| 1010 | opts->force_command == NULL ? "" : " command", | 1011 | opts->force_command == NULL ? "" : " command", |
| 1011 | do_env ? " environment" : "", | 1012 | do_env ? " environment" : "", |
| @@ -1018,7 +1019,8 @@ auth_log_authopts(const char *loc, const struct sshauthopt *opts, int do_remote) | |||
| 1018 | opts->force_tun_device == -1 ? "" : " tun=", | 1019 | opts->force_tun_device == -1 ? "" : " tun=", |
| 1019 | opts->force_tun_device == -1 ? "" : buf, | 1020 | opts->force_tun_device == -1 ? "" : buf, |
| 1020 | opts->permit_user_rc ? " user-rc" : "", | 1021 | opts->permit_user_rc ? " user-rc" : "", |
| 1021 | opts->permit_x11_forwarding_flag ? " x11-forwarding" : ""); | 1022 | opts->permit_x11_forwarding_flag ? " x11-forwarding" : "", |
| 1023 | opts->no_require_user_presence ? " no-touch-required" : ""); | ||
| 1022 | 1024 | ||
| 1023 | debug("%s: %s", loc, msg); | 1025 | debug("%s: %s", loc, msg); |
| 1024 | if (do_remote) | 1026 | if (do_remote) |