From d4f04ae2476dded8c3743b0b9152cfe023758236 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 30 Sep 2005 10:23:21 +1000 Subject: - (dtucker) [monitor.c] Bug #1087: Send loginmsg to preauth privsep child during PAM account check without clearing it. This restores the post-login warnings such as LDAP password expiry. Patch from Tomas Mraz with help from several others. --- monitor.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'monitor.c') diff --git a/monitor.c b/monitor.c index ef613cd3c..24ad0b794 100644 --- a/monitor.c +++ b/monitor.c @@ -834,9 +834,7 @@ mm_answer_pam_account(int sock, Buffer *m) ret = do_pam_account(); buffer_put_int(m, ret); - buffer_append(&loginmsg, "\0", 1); - buffer_put_cstring(m, buffer_ptr(&loginmsg)); - buffer_clear(&loginmsg); + buffer_put_string(m, buffer_ptr(&loginmsg), buffer_len(&loginmsg)); mm_request_send(sock, MONITOR_ANS_PAM_ACCOUNT, m); -- cgit v1.2.3 From 6fd6defbce4c03820b8070b106bfe52bf2bed60a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Nov 2005 15:07:05 +1100 Subject: - stevesk@cvs.openbsd.org 2005/10/13 22:24:31 [auth2-gss.c gss-genr.c gss-serv.c monitor.c] KNF; ok djm@ --- ChangeLog | 5 ++++- auth2-gss.c | 6 +++--- gss-genr.c | 5 +++-- gss-serv.c | 13 ++++++------- monitor.c | 10 +++++----- 5 files changed, 21 insertions(+), 18 deletions(-) (limited to 'monitor.c') diff --git a/ChangeLog b/ChangeLog index 3c7577fb2..2479962b3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -30,6 +30,9 @@ - stevesk@cvs.openbsd.org 2005/10/13 19:13:41 [dns.c] unneeded #include, unused declaration, little knf; ok deraadt@ + - stevesk@cvs.openbsd.org 2005/10/13 22:24:31 + [auth2-gss.c gss-genr.c gss-serv.c monitor.c] + KNF; ok djm@ 20051102 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). @@ -3163,4 +3166,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3933 2005/11/05 04:06:38 djm Exp $ +$Id: ChangeLog,v 1.3934 2005/11/05 04:07:05 djm Exp $ diff --git a/auth2-gss.c b/auth2-gss.c index 533649e7e..95844a05e 100644 --- a/auth2-gss.c +++ b/auth2-gss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-gss.c,v 1.11 2005/10/13 14:03:01 stevesk Exp $ */ +/* $OpenBSD: auth2-gss.c,v 1.12 2005/10/13 22:24:31 stevesk Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -48,7 +48,7 @@ static void input_gssapi_errtok(int, u_int32_t, void *); /* * We only support those mechanisms that we know about (ie ones that we know - * how to check local user kuserok and the like + * how to check local user kuserok and the like) */ static int userauth_gssapi(Authctxt *authctxt) @@ -104,7 +104,7 @@ userauth_gssapi(Authctxt *authctxt) return (0); } - authctxt->methoddata=(void *)ctxt; + authctxt->methoddata = (void *)ctxt; packet_start(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE); diff --git a/gss-genr.c b/gss-genr.c index 2450a370c..c2b4f2dd8 100644 --- a/gss-genr.c +++ b/gss-genr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-genr.c,v 1.5 2005/10/13 14:03:01 stevesk Exp $ */ +/* $OpenBSD: gss-genr.c,v 1.6 2005/10/13 22:24:31 stevesk Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -268,7 +268,8 @@ ssh_gssapi_buildmic(Buffer *b, const char *user, const char *service, } OM_uint32 -ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) { +ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) +{ if (*ctx) ssh_gssapi_delete_ctx(ctx); ssh_gssapi_build_ctx(ctx); diff --git a/gss-serv.c b/gss-serv.c index 56ff9f612..26eec25bd 100644 --- a/gss-serv.c +++ b/gss-serv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-serv.c,v 1.12 2005/10/13 19:08:08 stevesk Exp $ */ +/* $OpenBSD: gss-serv.c,v 1.13 2005/10/13 22:24:31 stevesk Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -134,14 +134,14 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name) OM_uint32 offset; OM_uint32 oidl; - tok=ename->value; + tok = ename->value; /* * Check that ename is long enough for all of the fixed length * header, and that the initial ID bytes are correct */ - if (ename->length<6 || memcmp(tok,"\x04\x01", 2)!=0) + if (ename->length < 6 || memcmp(tok, "\x04\x01", 2) != 0) return GSS_S_FAILURE; /* @@ -160,7 +160,7 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name) */ if (tok[4] != 0x06 || tok[5] != oidl || ename->length < oidl+6 || - !ssh_gssapi_check_oid(ctx,tok+6,oidl)) + !ssh_gssapi_check_oid(ctx, tok+6, oidl)) return GSS_S_FAILURE; offset = oidl+6; @@ -175,7 +175,7 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name) return GSS_S_FAILURE; name->value = xmalloc(name->length+1); - memcpy(name->value,tok+offset,name->length); + memcpy(name->value, tok+offset,name->length); ((char *)name->value)[name->length] = 0; return GSS_S_COMPLETE; @@ -259,9 +259,8 @@ ssh_gssapi_do_child(char ***envp, u_int *envsizep) if (gssapi_client.store.envvar != NULL && gssapi_client.store.envval != NULL) { - debug("Setting %s to %s", gssapi_client.store.envvar, - gssapi_client.store.envval); + gssapi_client.store.envval); child_set_env(envp, envsizep, gssapi_client.store.envvar, gssapi_client.store.envval); } diff --git a/monitor.c b/monitor.c index 24ad0b794..e6f648b0b 100644 --- a/monitor.c +++ b/monitor.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor.c,v 1.63 2005/03/10 22:01:05 deraadt Exp $"); +RCSID("$OpenBSD: monitor.c,v 1.64 2005/10/13 22:24:31 stevesk Exp $"); #include @@ -1829,7 +1829,7 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m) buffer_clear(m); buffer_put_int(m, major); - mm_request_send(sock,MONITOR_ANS_GSSSETUP, m); + mm_request_send(sock, MONITOR_ANS_GSSSETUP, m); /* Now we have a context, enable the step */ monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 1); @@ -1842,7 +1842,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m) { gss_buffer_desc in; gss_buffer_desc out = GSS_C_EMPTY_BUFFER; - OM_uint32 major,minor; + OM_uint32 major, minor; OM_uint32 flags = 0; /* GSI needs this */ u_int len; @@ -1859,7 +1859,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m) gss_release_buffer(&minor, &out); - if (major==GSS_S_COMPLETE) { + if (major == GSS_S_COMPLETE) { monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); @@ -1908,7 +1908,7 @@ mm_answer_gss_userok(int sock, Buffer *m) debug3("%s: sending result %d", __func__, authenticated); mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m); - auth_method="gssapi-with-mic"; + auth_method = "gssapi-with-mic"; /* Monitor loop will terminate if authenticated */ return (authenticated); -- cgit v1.2.3