From 93576d9538f3b6d373248ffd2ed5ab9852a1555c Mon Sep 17 00:00:00 2001
From: Ben Lindstrom <mouring@eviladmin.org>
Date: Mon, 23 Dec 2002 02:06:19 +0000
Subject:    - deraadt@cvs.openbsd.org 2002/11/21 23:03:51      [auth-krb5.c
 auth1.c hostfile.h monitor_wrap.c sftp-client.c sftp-int.c ssh-add.c
 ssh-rsa.c       sshconnect.c]      KNF

---
 monitor_wrap.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'monitor_wrap.c')

diff --git a/monitor_wrap.c b/monitor_wrap.c
index 4c53bfd13..b75f9dfc7 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: monitor_wrap.c,v 1.19 2002/09/26 11:38:43 markus Exp $");
+RCSID("$OpenBSD: monitor_wrap.c,v 1.20 2002/11/21 23:03:51 deraadt Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/dh.h>
@@ -969,7 +969,7 @@ mm_auth_krb4(Authctxt *authctxt, void *_auth, char **client, void *_reply)
 		xfree(p);
 	}
 	buffer_free(&m);
-	return (success); 
+	return (success);
 }
 #endif
 
-- 
cgit v1.2.3


From b7df3af154d035be480b9d9f433f440f1c66e1bd Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Mon, 24 Feb 2003 11:55:46 +1100
Subject:    - markus@cvs.openbsd.org 2003/02/04 09:33:22      [monitor.c
 monitor_wrap.c]      skey/bsdauth: use 0 to indicate failure instead of -1,
 because      the buffer API only supports unsigned ints.

---
 ChangeLog      |  6 +++++-
 monitor.c      | 26 +++++++++++++-------------
 monitor_wrap.c | 15 ++++++++-------
 3 files changed, 26 insertions(+), 21 deletions(-)

(limited to 'monitor_wrap.c')

diff --git a/ChangeLog b/ChangeLog
index e2f4635ea..0ba9fe7a5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -35,6 +35,10 @@
    - markus@cvs.openbsd.org 2003/02/04 09:32:08
      [key.c]
      better debug3 message
+   - markus@cvs.openbsd.org 2003/02/04 09:33:22
+     [monitor.c monitor_wrap.c]
+     skey/bsdauth: use 0 to indicate failure instead of -1, because
+     the buffer API only supports unsigned ints.
 
 20030211
  - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com
@@ -1135,4 +1139,4 @@
      save auth method before monitor_reset_key_state(); bugzilla bug #284;
      ok provos@
 
-$Id: ChangeLog,v 1.2602 2003/02/24 00:54:57 djm Exp $
+$Id: ChangeLog,v 1.2603 2003/02/24 00:55:46 djm Exp $
diff --git a/monitor.c b/monitor.c
index b91cfdeda..07d1728ec 100644
--- a/monitor.c
+++ b/monitor.c
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: monitor.c,v 1.30 2002/11/05 19:45:20 markus Exp $");
+RCSID("$OpenBSD: monitor.c,v 1.31 2003/02/04 09:33:22 markus Exp $");
 
 #include <openssl/dh.h>
 
@@ -634,20 +634,20 @@ mm_answer_bsdauthquery(int socket, Buffer *m)
 	u_int numprompts;
 	u_int *echo_on;
 	char **prompts;
-	int res;
+	u_int success;
 
-	res = bsdauth_query(authctxt, &name, &infotxt, &numprompts,
-	    &prompts, &echo_on);
+	success = bsdauth_query(authctxt, &name, &infotxt, &numprompts,
+	    &prompts, &echo_on) < 0 ? 0 : 1;
 
 	buffer_clear(m);
-	buffer_put_int(m, res);
-	if (res != -1)
+	buffer_put_int(m, success);
+	if (success)
 		buffer_put_cstring(m, prompts[0]);
 
-	debug3("%s: sending challenge res: %d", __func__, res);
+	debug3("%s: sending challenge success: %u", __func__, success);
 	mm_request_send(socket, MONITOR_ANS_BSDAUTHQUERY, m);
 
-	if (res != -1) {
+	if (success) {
 		xfree(name);
 		xfree(infotxt);
 		xfree(prompts);
@@ -691,16 +691,16 @@ mm_answer_skeyquery(int socket, Buffer *m)
 {
 	struct skey skey;
 	char challenge[1024];
-	int res;
+	u_int success;
 
-	res = skeychallenge(&skey, authctxt->user, challenge);
+	success = skeychallenge(&skey, authctxt->user, challenge) < 0 ? 0 : 1;
 
 	buffer_clear(m);
-	buffer_put_int(m, res);
-	if (res != -1)
+	buffer_put_int(m, success);
+	if (success)
 		buffer_put_cstring(m, challenge);
 
-	debug3("%s: sending challenge res: %d", __func__, res);
+	debug3("%s: sending challenge success: %u", __func__, success);
 	mm_request_send(socket, MONITOR_ANS_SKEYQUERY, m);
 
 	return (0);
diff --git a/monitor_wrap.c b/monitor_wrap.c
index b75f9dfc7..551bbc15a 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: monitor_wrap.c,v 1.20 2002/11/21 23:03:51 deraadt Exp $");
+RCSID("$OpenBSD: monitor_wrap.c,v 1.21 2003/02/04 09:33:22 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/dh.h>
@@ -714,7 +714,7 @@ mm_bsdauth_query(void *ctx, char **name, char **infotxt,
    u_int *numprompts, char ***prompts, u_int **echo_on)
 {
 	Buffer m;
-	int res;
+	u_int success;
 	char *challenge;
 
 	debug3("%s: entering", __func__);
@@ -724,8 +724,8 @@ mm_bsdauth_query(void *ctx, char **name, char **infotxt,
 
 	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_BSDAUTHQUERY,
 	    &m);
-	res = buffer_get_int(&m);
-	if (res == -1) {
+	success = buffer_get_int(&m);
+	if (success == 0) {
 		debug3("%s: no challenge", __func__);
 		buffer_free(&m);
 		return (-1);
@@ -771,7 +771,8 @@ mm_skey_query(void *ctx, char **name, char **infotxt,
    u_int *numprompts, char ***prompts, u_int **echo_on)
 {
 	Buffer m;
-	int len, res;
+	int len;
+	u_int success;
 	char *p, *challenge;
 
 	debug3("%s: entering", __func__);
@@ -781,8 +782,8 @@ mm_skey_query(void *ctx, char **name, char **infotxt,
 
 	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYQUERY,
 	    &m);
-	res = buffer_get_int(&m);
-	if (res == -1) {
+	success = buffer_get_int(&m);
+	if (success == 0) {
 		debug3("%s: no challenge", __func__);
 		buffer_free(&m);
 		return (-1);
-- 
cgit v1.2.3


From 06ebedf3656bbe603d0a0d8db9eeeb35ff702643 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Mon, 24 Feb 2003 12:03:38 +1100
Subject:    - markus@cvs.openbsd.org 2003/02/16 17:30:33      [monitor.c
 monitor_wrap.c]      fix permitrootlogin forced-commands-only for privsep;
 bux #387; ok provos@

---
 ChangeLog      |  6 +++++-
 monitor.c      |  4 +++-
 monitor_wrap.c | 17 ++++++++++++++---
 3 files changed, 22 insertions(+), 5 deletions(-)

(limited to 'monitor_wrap.c')

diff --git a/ChangeLog b/ChangeLog
index 2fdcb2782..79594ab20 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -67,6 +67,10 @@
      [kex.c kexdh.c kexgex.c kex.h sshconnect2.c sshd.c ssh-keyscan.c]
      split kex into client and server code, no need to link
      server code into the client; ok provos@
+   - markus@cvs.openbsd.org 2003/02/16 17:30:33
+     [monitor.c monitor_wrap.c]
+     fix permitrootlogin forced-commands-only for privsep; bux #387; 
+     ok provos@
 
 20030211
  - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com
@@ -1167,4 +1171,4 @@
      save auth method before monitor_reset_key_state(); bugzilla bug #284;
      ok provos@
 
-$Id: ChangeLog,v 1.2612 2003/02/24 01:03:03 djm Exp $
+$Id: ChangeLog,v 1.2613 2003/02/24 01:03:38 djm Exp $
diff --git a/monitor.c b/monitor.c
index 07d1728ec..694cd630a 100644
--- a/monitor.c
+++ b/monitor.c
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: monitor.c,v 1.31 2003/02/04 09:33:22 markus Exp $");
+RCSID("$OpenBSD: monitor.c,v 1.32 2003/02/16 17:30:33 markus Exp $");
 
 #include <openssl/dh.h>
 
@@ -826,6 +826,7 @@ mm_answer_keyallowed(int socket, Buffer *m)
 
 	buffer_clear(m);
 	buffer_put_int(m, allowed);
+	buffer_put_int(m, forced_command != NULL);
 
 	mm_append_debug(m);
 
@@ -1188,6 +1189,7 @@ mm_answer_rsa_keyallowed(int socket, Buffer *m)
 	}
 	buffer_clear(m);
 	buffer_put_int(m, allowed);
+	buffer_put_int(m, forced_command != NULL);
 
 	/* clear temporarily storage (used by generate challenge) */
 	monitor_reset_key_state();
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 551bbc15a..1395a32f4 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: monitor_wrap.c,v 1.21 2003/02/04 09:33:22 markus Exp $");
+RCSID("$OpenBSD: monitor_wrap.c,v 1.22 2003/02/16 17:30:33 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/dh.h>
@@ -34,6 +34,7 @@ RCSID("$OpenBSD: monitor_wrap.c,v 1.21 2003/02/04 09:33:22 markus Exp $");
 #include "dh.h"
 #include "kex.h"
 #include "auth.h"
+#include "auth-options.h"
 #include "buffer.h"
 #include "bufaux.h"
 #include "packet.h"
@@ -312,7 +313,7 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key)
 	Buffer m;
 	u_char *blob;
 	u_int len;
-	int allowed = 0;
+	int allowed = 0, have_forced = 0;
 
 	debug3("%s entering", __func__);
 
@@ -334,6 +335,11 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key)
 
 	allowed = buffer_get_int(&m);
 
+	/* fake forced command */
+	auth_clear_options();
+	have_forced = buffer_get_int(&m);
+	forced_command = have_forced ? xstrdup("true") : NULL;
+
 	/* Send potential debug messages */
 	mm_send_debug(&m);
 
@@ -853,7 +859,7 @@ mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
 	Key *key;
 	u_char *blob;
 	u_int blen;
-	int allowed = 0;
+	int allowed = 0, have_forced = 0;
 
 	debug3("%s entering", __func__);
 
@@ -865,6 +871,11 @@ mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
 
 	allowed = buffer_get_int(&m);
 
+	/* fake forced command */
+	auth_clear_options();
+	have_forced = buffer_get_int(&m);
+	forced_command = have_forced ? xstrdup("true") : NULL;
+
 	if (allowed && rkey != NULL) {
 		blob = buffer_get_string(&m, &blen);
 		if ((key = key_from_blob(blob, blen)) == NULL)
-- 
cgit v1.2.3