From dbf7a74ee569a9544276db42eb7aee1141072a24 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 8 Mar 2004 23:04:06 +1100 Subject: - (dtucker) [auth-pam.c auth-pam.h auth1.c auth2.c monitor.c monitor_wrap.c monitor_wrap.h] Bug #808: Ensure force_pwchange is correctly initialized even if keyboard-interactive is not used by the client. Prevents segfaults in some cases where the user's password is expired (note this is not considered a security exposure). ok djm@ --- monitor.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) (limited to 'monitor.c') diff --git a/monitor.c b/monitor.c index 009dcf182..30f7258a0 100644 --- a/monitor.c +++ b/monitor.c @@ -782,16 +782,10 @@ mm_answer_skeyrespond(int socket, Buffer *m) int mm_answer_pam_start(int socket, Buffer *m) { - char *user; - if (!options.use_pam) fatal("UsePAM not set, but ended up in %s anyway", __func__); - user = buffer_get_string(m, NULL); - - start_pam(user); - - xfree(user); + start_pam(authctxt); monitor_permit(mon_dispatch, MONITOR_REQ_PAM_ACCOUNT, 1); -- cgit v1.2.3 From a8104b5c92a44774208e6d8b979d583975ba67d4 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Wed, 7 Apr 2004 04:16:11 +0000 Subject: - (bal) [acconfig.h auth-krb5.c configure.ac gss-serv-krb5.c] Check to see if Krb5 library exports krb5_init_etc() since some OSes (like MacOS/X) are starting to restrict it as internal since it is not needed by developers any more. (Patch based on Apple tree) - (bal) [monitor.c monitor_wrap.c] monitor_wrap.c] moved zlib.h higher since krb5 on MacOS/X conflicts. There may be a better solution, but this will work for now. --- ChangeLog | 9 ++++++++- acconfig.h | 5 ++++- auth-krb5.c | 2 ++ configure.ac | 3 ++- gss-serv-krb5.c | 2 ++ monitor.c | 3 ++- monitor_wrap.c | 3 ++- 7 files changed, 22 insertions(+), 5 deletions(-) (limited to 'monitor.c') diff --git a/ChangeLog b/ChangeLog index 47d19f53a..62c16684a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,13 @@ 20040407 - (dtucker) [session.c] Flush stdout after displaying loginmsg. From f_mohr at yahoo.de. + - (bal) [acconfig.h auth-krb5.c configure.ac gss-serv-krb5.c] Check to see + if Krb5 library exports krb5_init_etc() since some OSes (like MacOS/X) + are starting to restrict it as internal since it is not needed by + developers any more. (Patch based on Apple tree) + - (bal) [monitor.c monitor_wrap.c] monitor_wrap.c] moved zlib.h higher since + krb5 on MacOS/X conflicts. There may be a better solution, but this will + work for now. 20040406 - (dtucker) [acconfig.h configure.ac defines.h] Bug #820: don't use @@ -940,4 +947,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3302 2004/04/06 22:04:09 dtucker Exp $ +$Id: ChangeLog,v 1.3303 2004/04/07 04:16:11 mouring Exp $ diff --git a/acconfig.h b/acconfig.h index a1f4556f8..7e788b826 100644 --- a/acconfig.h +++ b/acconfig.h @@ -1,4 +1,4 @@ -/* $Id: acconfig.h,v 1.174 2004/04/06 11:31:13 dtucker Exp $ */ +/* $Id: acconfig.h,v 1.175 2004/04/07 04:16:11 mouring Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -202,6 +202,9 @@ /* Define if you don't want to use lastlog in session.c */ #undef NO_SSH_LASTLOG +/* Definite if have krb5_init_ets */ +#undef KRB5_INIT_ETS + /* Define if you don't want to use utmp */ #undef DISABLE_UTMP diff --git a/auth-krb5.c b/auth-krb5.c index 859492478..baa1a6317 100644 --- a/auth-krb5.c +++ b/auth-krb5.c @@ -54,7 +54,9 @@ krb5_init(void *context) problem = krb5_init_context(&authctxt->krb5_ctx); if (problem) return (problem); +#ifdef KRB5_INIT_ETS krb5_init_ets(authctxt->krb5_ctx); +#endif } return (0); } diff --git a/configure.ac b/configure.ac index a06452bd9..fa5021cfa 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.210 2004/04/06 11:41:51 dtucker Exp $ +# $Id: configure.ac,v 1.211 2004/04/07 04:16:11 mouring Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -2240,6 +2240,7 @@ AC_ARG_WITH(kerberos5, LIBS="$LIBS $K5LIBS" AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS)) + AC_SEARCH_LIBS(krb5_init_ets, $K5LIBS, AC_DEFINE(KRB5_INIT_ETS)) ] ) diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c index 8ba3e7182..4e3598ead 100644 --- a/gss-serv-krb5.c +++ b/gss-serv-krb5.c @@ -65,7 +65,9 @@ ssh_gssapi_krb5_init() logit("Cannot initialize krb5 context"); return 0; } +#ifdef KRB5_INIT_ETS krb5_init_ets(krb_context); +#endif return 1; } diff --git a/monitor.c b/monitor.c index 30f7258a0..d44f92d59 100644 --- a/monitor.c +++ b/monitor.c @@ -33,11 +33,12 @@ RCSID("$OpenBSD: monitor.c,v 1.55 2004/02/05 05:37:17 dtucker Exp $"); #include #endif +#include "zlib.h" /* XXX Moved due to conflict on MacOS/X */ + #include "ssh.h" #include "auth.h" #include "kex.h" #include "dh.h" -#include "zlib.h" #include "packet.h" #include "auth-options.h" #include "sshpty.h" diff --git a/monitor_wrap.c b/monitor_wrap.c index b1b1c3a61..9e0417bdc 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -30,6 +30,8 @@ RCSID("$OpenBSD: monitor_wrap.c,v 1.35 2003/11/17 11:06:07 markus Exp $"); #include #include +#include "zlib.h" /* XXX Moved due to conflict on MacOS/X */ + #include "ssh.h" #include "dh.h" #include "kex.h" @@ -40,7 +42,6 @@ RCSID("$OpenBSD: monitor_wrap.c,v 1.35 2003/11/17 11:06:07 markus Exp $"); #include "packet.h" #include "mac.h" #include "log.h" -#include "zlib.h" #include "monitor.h" #include "monitor_wrap.h" #include "xmalloc.h" -- cgit v1.2.3 From 1b9f2a6b44d09b21304c06e36c3cb4577937c0f9 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Thu, 8 Apr 2004 05:11:03 +0000 Subject: - (bal) [monitor.c monitor_wrap.c] Second try. Put the zlib.h headers back and #undef TARGET_OS_MAC instead. (Bug report pending with Apple) --- ChangeLog | 4 +++- monitor.c | 4 ++-- monitor_wrap.c | 4 ++-- 3 files changed, 7 insertions(+), 5 deletions(-) (limited to 'monitor.c') diff --git a/ChangeLog b/ChangeLog index 66f00c590..7cb438324 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ 20040408 - (dtucker) [loginrec.c] Use UT_LINESIZE if available, prevents truncating pty name on Linux 2.6.x systems. Patch from jpe at eisenmenger.org. + - (bal) [monitor.c monitor_wrap.c] Second try. Put the zlib.h headers + back and #undef TARGET_OS_MAC instead. (Bug report pending with Apple) 20040407 - (dtucker) [session.c] Flush stdout after displaying loginmsg. From @@ -951,4 +953,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3304 2004/04/08 00:57:05 dtucker Exp $ +$Id: ChangeLog,v 1.3305 2004/04/08 05:11:03 mouring Exp $ diff --git a/monitor.c b/monitor.c index d44f92d59..70403f2dd 100644 --- a/monitor.c +++ b/monitor.c @@ -33,12 +33,12 @@ RCSID("$OpenBSD: monitor.c,v 1.55 2004/02/05 05:37:17 dtucker Exp $"); #include #endif -#include "zlib.h" /* XXX Moved due to conflict on MacOS/X */ - #include "ssh.h" #include "auth.h" #include "kex.h" #include "dh.h" +#undef TARGET_OS_MAC /* XXX Broken krb5 headers on Mac */ +#include "zlib.h" #include "packet.h" #include "auth-options.h" #include "sshpty.h" diff --git a/monitor_wrap.c b/monitor_wrap.c index 9e0417bdc..fc506d267 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -30,8 +30,6 @@ RCSID("$OpenBSD: monitor_wrap.c,v 1.35 2003/11/17 11:06:07 markus Exp $"); #include #include -#include "zlib.h" /* XXX Moved due to conflict on MacOS/X */ - #include "ssh.h" #include "dh.h" #include "kex.h" @@ -42,6 +40,8 @@ RCSID("$OpenBSD: monitor_wrap.c,v 1.35 2003/11/17 11:06:07 markus Exp $"); #include "packet.h" #include "mac.h" #include "log.h" +#undef TARGET_OS_MAC /* XXX Broken krb5 headers on Mac */ +#include "zlib.h" #include "monitor.h" #include "monitor_wrap.h" #include "xmalloc.h" -- cgit v1.2.3 From 036768e48c6039b0f784453cbc388078f72c8d53 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Thu, 8 Apr 2004 16:12:30 +0000 Subject: - (bal) [monitor.c monitor_wrap.c] Ok.. Last time. Promise. Tim suggested limiting scope and dtucker@ agreed. --- ChangeLog | 4 +++- monitor.c | 7 ++++++- monitor_wrap.c | 7 ++++++- 3 files changed, 15 insertions(+), 3 deletions(-) (limited to 'monitor.c') diff --git a/ChangeLog b/ChangeLog index 86ca9c789..c497cf8f0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,8 @@ back and #undef TARGET_OS_MAC instead. (Bug report pending with Apple) - (dtucker) [defines.h loginrec.c] Define UT_LINESIZE if not defined and simplify loginrec.c. ok tim@ + - (bal) [monitor.c monitor_wrap.c] Ok.. Last time. Promise. Tim suggested + limiting scope and dtucker@ agreed. 20040407 - (dtucker) [session.c] Flush stdout after displaying loginmsg. From @@ -955,4 +957,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3306 2004/04/08 06:16:06 dtucker Exp $ +$Id: ChangeLog,v 1.3307 2004/04/08 16:12:30 mouring Exp $ diff --git a/monitor.c b/monitor.c index 70403f2dd..37d40fcca 100644 --- a/monitor.c +++ b/monitor.c @@ -37,8 +37,13 @@ RCSID("$OpenBSD: monitor.c,v 1.55 2004/02/05 05:37:17 dtucker Exp $"); #include "auth.h" #include "kex.h" #include "dh.h" -#undef TARGET_OS_MAC /* XXX Broken krb5 headers on Mac */ +#ifdef TARGET_OS_MAC /* XXX Broken krb5 headers on Mac */ +#undef TARGET_OS_MAC #include "zlib.h" +#define TARGET_OS_MAC 1 +#else +#include "zlib.h" +#endif #include "packet.h" #include "auth-options.h" #include "sshpty.h" diff --git a/monitor_wrap.c b/monitor_wrap.c index fc506d267..ee2dc2027 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -40,8 +40,13 @@ RCSID("$OpenBSD: monitor_wrap.c,v 1.35 2003/11/17 11:06:07 markus Exp $"); #include "packet.h" #include "mac.h" #include "log.h" -#undef TARGET_OS_MAC /* XXX Broken krb5 headers on Mac */ +#ifdef TARGET_OS_MAC /* XXX Broken krb5 headers on Mac */ +#undef TARGET_OS_MAC #include "zlib.h" +#define TARGET_OS_MAC 1 +#else +#include "zlib.h" +#endif #include "monitor.h" #include "monitor_wrap.h" #include "xmalloc.h" -- cgit v1.2.3 From 06a8cfe796bc9afb8bdd9127f348139ec68809fd Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 14 Apr 2004 17:24:30 +1000 Subject: - (dtucker) [auth-skey.c defines.h monitor.c] Make skeychallenge explicitly 4-arg, with compatibility for 3-arg versions. From djm@, ok me. --- ChangeLog | 4 +++- auth-skey.c | 3 ++- defines.h | 13 +++++++------ monitor.c | 3 ++- 4 files changed, 14 insertions(+), 9 deletions(-) (limited to 'monitor.c') diff --git a/ChangeLog b/ChangeLog index 409c9bae5..d8cab5caa 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,8 @@ from bug #701 (text from jfh at cise.ufl.edu). - (dtucker) [acconfig.h configure.ac defines.h] Bug #673: check for 4-arg skeychallenge(), eg on NetBSD. ok mouring@ + - (dtucker) [auth-skey.c defines.h monitor.c] Make skeychallenge explicitly + 4-arg, with compatibility for 3-arg versions. From djm@, ok me. 20040408 - (dtucker) [loginrec.c] Use UT_LINESIZE if available, prevents truncating @@ -963,4 +965,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3309 2004/04/14 05:26:39 dtucker Exp $ +$Id: ChangeLog,v 1.3310 2004/04/14 07:24:30 dtucker Exp $ diff --git a/auth-skey.c b/auth-skey.c index f9ea03fd1..ac1af69ed 100644 --- a/auth-skey.c +++ b/auth-skey.c @@ -47,7 +47,8 @@ skey_query(void *ctx, char **name, char **infotxt, int len; struct skey skey; - if (skeychallenge(&skey, authctxt->user, challenge) == -1) + if (_compat_skeychallenge(&skey, authctxt->user, challenge, + sizeof(challenge)) == -1) return -1; *name = xstrdup(""); diff --git a/defines.h b/defines.h index f52dfd256..9b72afecb 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.114 2004/04/14 05:26:39 dtucker Exp $ */ +/* $Id: defines.h,v 1.115 2004/04/14 07:24:30 dtucker Exp $ */ /* Constants */ @@ -538,6 +538,12 @@ struct winsize { # define krb5_get_err_text(context,code) error_message(code) #endif +#if defined(SKEYCHALLENGE_4ARG) +# define _compat_skeychallenge(a,b,c,d) skeychallenge(a,b,c,d) +#else +# define _compat_skeychallenge(a,b,c,d) skeychallenge(a,b,c) +#endif + /* Maximum number of file descriptors available */ #ifdef HAVE_SYSCONF # define SSH_SYSFDMAX sysconf(_SC_OPEN_MAX) @@ -546,11 +552,6 @@ struct winsize { #endif -/* Some platforms, eg NetBSD, have a 4th argument for skeychallenge() */ -#ifdef SKEYCHALLENGE_4ARG -# define skeychallenge(a,b,c) skeychallenge((a), (b), (c), (sizeof(c))) -#endif - /* * Define this to use pipes instead of socketpairs for communicating with the * client program. Socketpairs do not seem to work on all systems. diff --git a/monitor.c b/monitor.c index 37d40fcca..9c30c1c39 100644 --- a/monitor.c +++ b/monitor.c @@ -744,7 +744,8 @@ mm_answer_skeyquery(int socket, Buffer *m) char challenge[1024]; u_int success; - success = skeychallenge(&skey, authctxt->user, challenge) < 0 ? 0 : 1; + success = _compat_skeychallenge(&skey, authctxt->user, challenge, + sizeof(challenge)) < 0 ? 0 : 1; buffer_clear(m); buffer_put_int(m, success); -- cgit v1.2.3