summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2003-11-04 08:54:10 +0000
committerDamien Miller <djm@cvs.openbsd.org>2003-11-04 08:54:10 +0000
commit0935421334417c1804a045cc1588986576d8731e (patch)
treed1c52163f410e86df7294af8e451f78cef7194f5
parent066472cf2c608f2134ccab0b677adb9af872c521 (diff)
standardise arguments to auth methods - they should all take authctxt.
check authctxt->valid rather then pw != NULL; ok markus@
-rw-r--r--usr.bin/ssh/auth-krb5.c4
-rw-r--r--usr.bin/ssh/auth-passwd.c5
-rw-r--r--usr.bin/ssh/auth-rh-rsa.c7
-rw-r--r--usr.bin/ssh/auth-rhosts.c6
-rw-r--r--usr.bin/ssh/auth-rsa.c7
-rw-r--r--usr.bin/ssh/auth.h6
-rw-r--r--usr.bin/ssh/auth1.c6
-rw-r--r--usr.bin/ssh/auth2-pubkey.c5
-rw-r--r--usr.bin/ssh/auth2.c3
-rw-r--r--usr.bin/ssh/monitor.c4
-rw-r--r--usr.bin/ssh/serverloop.c6
-rw-r--r--usr.bin/ssh/session.c4
12 files changed, 27 insertions, 36 deletions
diff --git a/usr.bin/ssh/auth-krb5.c b/usr.bin/ssh/auth-krb5.c
index c8131291d54..5d4afd2820f 100644
--- a/usr.bin/ssh/auth-krb5.c
+++ b/usr.bin/ssh/auth-krb5.c
@@ -28,7 +28,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-krb5.c,v 1.13 2003/09/23 20:17:11 markus Exp $");
+RCSID("$OpenBSD: auth-krb5.c,v 1.14 2003/11/04 08:54:09 djm Exp $");
#include "ssh.h"
#include "ssh1.h"
@@ -65,7 +65,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
krb5_error_code problem;
krb5_ccache ccache = NULL;
- if (authctxt->pw == NULL)
+ if (!authctxt->valid)
return (0);
temporarily_use_uid(authctxt->pw);
diff --git a/usr.bin/ssh/auth-passwd.c b/usr.bin/ssh/auth-passwd.c
index 6452660270d..1ef70dee5e6 100644
--- a/usr.bin/ssh/auth-passwd.c
+++ b/usr.bin/ssh/auth-passwd.c
@@ -36,7 +36,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-passwd.c,v 1.29 2003/08/26 09:58:43 markus Exp $");
+RCSID("$OpenBSD: auth-passwd.c,v 1.30 2003/11/04 08:54:09 djm Exp $");
#include "packet.h"
#include "log.h"
@@ -56,9 +56,6 @@ auth_password(Authctxt *authctxt, const char *password)
struct passwd * pw = authctxt->pw;
int ok = authctxt->valid;
- /* deny if no user. */
- if (pw == NULL)
- return 0;
if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
ok = 0;
if (*password == '\0' && options.permit_empty_passwd == 0)
diff --git a/usr.bin/ssh/auth-rh-rsa.c b/usr.bin/ssh/auth-rh-rsa.c
index 2eb7e6e2dbc..29eb538ec92 100644
--- a/usr.bin/ssh/auth-rh-rsa.c
+++ b/usr.bin/ssh/auth-rh-rsa.c
@@ -13,7 +13,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-rh-rsa.c,v 1.36 2003/06/02 09:17:34 markus Exp $");
+RCSID("$OpenBSD: auth-rh-rsa.c,v 1.37 2003/11/04 08:54:09 djm Exp $");
#include "packet.h"
#include "uidswap.h"
@@ -52,14 +52,15 @@ auth_rhosts_rsa_key_allowed(struct passwd *pw, char *cuser, char *chost,
* its host key. Returns true if authentication succeeds.
*/
int
-auth_rhosts_rsa(struct passwd *pw, char *cuser, Key *client_host_key)
+auth_rhosts_rsa(Authctxt *authctxt, char *cuser, Key *client_host_key)
{
char *chost;
+ struct passwd *pw = authctxt->pw;
debug("Trying rhosts with RSA host authentication for client user %.100s",
cuser);
- if (pw == NULL || client_host_key == NULL ||
+ if (!authctxt->valid || client_host_key == NULL ||
client_host_key->rsa == NULL)
return 0;
diff --git a/usr.bin/ssh/auth-rhosts.c b/usr.bin/ssh/auth-rhosts.c
index b42a64c90ac..585246e822f 100644
--- a/usr.bin/ssh/auth-rhosts.c
+++ b/usr.bin/ssh/auth-rhosts.c
@@ -14,7 +14,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-rhosts.c,v 1.31 2003/06/02 09:17:34 markus Exp $");
+RCSID("$OpenBSD: auth-rhosts.c,v 1.32 2003/11/04 08:54:09 djm Exp $");
#include "packet.h"
#include "uidswap.h"
@@ -173,10 +173,6 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam
debug2("auth_rhosts2: clientuser %s hostname %s ipaddr %s",
client_user, hostname, ipaddr);
- /* no user given */
- if (pw == NULL)
- return 0;
-
/* Switch to the user's uid. */
temporarily_use_uid(pw);
/*
diff --git a/usr.bin/ssh/auth-rsa.c b/usr.bin/ssh/auth-rsa.c
index 5631d238c16..2f0746b3056 100644
--- a/usr.bin/ssh/auth-rsa.c
+++ b/usr.bin/ssh/auth-rsa.c
@@ -14,7 +14,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-rsa.c,v 1.57 2003/04/08 20:21:28 itojun Exp $");
+RCSID("$OpenBSD: auth-rsa.c,v 1.58 2003/11/04 08:54:09 djm Exp $");
#include <openssl/rsa.h>
#include <openssl/md5.h>
@@ -284,13 +284,14 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
* successful. This may exit if there is a serious protocol violation.
*/
int
-auth_rsa(struct passwd *pw, BIGNUM *client_n)
+auth_rsa(Authctxt *authctxt, BIGNUM *client_n)
{
Key *key;
char *fp;
+ struct passwd *pw = authctxt->pw;
/* no user given */
- if (pw == NULL)
+ if (!authctxt->valid)
return 0;
if (!PRIVSEP(auth_rsa_key_allowed(pw, client_n, &key))) {
diff --git a/usr.bin/ssh/auth.h b/usr.bin/ssh/auth.h
index e5424356199..360e9c3c5d7 100644
--- a/usr.bin/ssh/auth.h
+++ b/usr.bin/ssh/auth.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.h,v 1.47 2003/09/23 20:17:11 markus Exp $ */
+/* $OpenBSD: auth.h,v 1.48 2003/11/04 08:54:09 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -102,9 +102,9 @@ int auth_rhosts(struct passwd *, const char *);
int
auth_rhosts2(struct passwd *, const char *, const char *, const char *);
-int auth_rhosts_rsa(struct passwd *, char *, Key *);
+int auth_rhosts_rsa(Authctxt *, char *, Key *);
int auth_password(Authctxt *, const char *);
-int auth_rsa(struct passwd *, BIGNUM *);
+int auth_rsa(Authctxt *, BIGNUM *);
int auth_rsa_challenge_dialog(Key *);
BIGNUM *auth_rsa_generate_challenge(Key *);
int auth_rsa_verify_response(Key *, BIGNUM *, u_char[]);
diff --git a/usr.bin/ssh/auth1.c b/usr.bin/ssh/auth1.c
index 63b1609496d..9862d3b88d6 100644
--- a/usr.bin/ssh/auth1.c
+++ b/usr.bin/ssh/auth1.c
@@ -10,7 +10,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.53 2003/09/23 20:17:11 markus Exp $");
+RCSID("$OpenBSD: auth1.c,v 1.54 2003/11/04 08:54:09 djm Exp $");
#include "xmalloc.h"
#include "rsa.h"
@@ -125,7 +125,7 @@ do_authloop(Authctxt *authctxt)
BN_num_bits(client_host_key->rsa->n), bits);
packet_check_eom();
- authenticated = auth_rhosts_rsa(pw, client_user,
+ authenticated = auth_rhosts_rsa(authctxt, client_user,
client_host_key);
key_free(client_host_key);
@@ -143,7 +143,7 @@ do_authloop(Authctxt *authctxt)
fatal("do_authloop: BN_new failed");
packet_get_bignum(n);
packet_check_eom();
- authenticated = auth_rsa(pw, n);
+ authenticated = auth_rsa(authctxt, n);
BN_clear_free(n);
break;
diff --git a/usr.bin/ssh/auth2-pubkey.c b/usr.bin/ssh/auth2-pubkey.c
index 3f0fab446e7..c0dfb44bca8 100644
--- a/usr.bin/ssh/auth2-pubkey.c
+++ b/usr.bin/ssh/auth2-pubkey.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth2-pubkey.c,v 1.4 2003/06/24 08:23:46 markus Exp $");
+RCSID("$OpenBSD: auth2-pubkey.c,v 1.5 2003/11/04 08:54:09 djm Exp $");
#include "ssh2.h"
#include "xmalloc.h"
@@ -171,9 +171,6 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file)
Key *found;
char *fp;
- if (pw == NULL)
- return 0;
-
/* Temporarily use the user's uid. */
temporarily_use_uid(pw);
diff --git a/usr.bin/ssh/auth2.c b/usr.bin/ssh/auth2.c
index dc70cc90040..d1a4a35bef1 100644
--- a/usr.bin/ssh/auth2.c
+++ b/usr.bin/ssh/auth2.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.103 2003/09/23 20:17:11 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.104 2003/11/04 08:54:09 djm Exp $");
#include "ssh2.h"
#include "xmalloc.h"
@@ -77,7 +77,6 @@ static void input_userauth_request(int, u_int32_t, void *);
static Authmethod *authmethod_lookup(const char *);
static char *authmethods_get(void);
int user_key_allowed(struct passwd *, Key *);
-int hostbased_key_allowed(struct passwd *, const char *, char *, Key *);
/*
* loop until authctxt->success == TRUE
diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c
index 269254092b2..7a64ae4d74a 100644
--- a/usr.bin/ssh/monitor.c
+++ b/usr.bin/ssh/monitor.c
@@ -25,7 +25,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: monitor.c,v 1.50 2003/09/23 20:17:11 markus Exp $");
+RCSID("$OpenBSD: monitor.c,v 1.51 2003/11/04 08:54:09 djm Exp $");
#include <openssl/dh.h>
@@ -768,7 +768,7 @@ mm_answer_keyallowed(int socket, Buffer *m)
debug3("%s: key_from_blob: %p", __func__, key);
- if (key != NULL && authctxt->pw != NULL) {
+ if (key != NULL && authctxt->valid) {
switch(type) {
case MM_USERKEY:
allowed = options.pubkey_authentication &&
diff --git a/usr.bin/ssh/serverloop.c b/usr.bin/ssh/serverloop.c
index 9f8b16490d7..faf57ce1f51 100644
--- a/usr.bin/ssh/serverloop.c
+++ b/usr.bin/ssh/serverloop.c
@@ -35,7 +35,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: serverloop.c,v 1.111 2003/09/23 20:17:11 markus Exp $");
+RCSID("$OpenBSD: serverloop.c,v 1.112 2003/11/04 08:54:09 djm Exp $");
#include "xmalloc.h"
#include "packet.h"
@@ -971,8 +971,8 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
u_short listen_port;
pw = the_authctxt->pw;
- if (pw == NULL)
- fatal("server_input_global_request: no user");
+ if (pw == NULL || !the_authctxt->pw)
+ fatal("server_input_global_request: no/invalid user");
listen_address = packet_get_string(NULL);
listen_port = (u_short)packet_get_int();
debug("server_input_global_request: tcpip-forward listen %s port %d",
diff --git a/usr.bin/ssh/session.c b/usr.bin/ssh/session.c
index 8fb453ae37d..ae48b1d237f 100644
--- a/usr.bin/ssh/session.c
+++ b/usr.bin/ssh/session.c
@@ -33,7 +33,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.166 2003/10/14 19:54:39 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.167 2003/11/04 08:54:09 djm Exp $");
#include "ssh.h"
#include "ssh1.h"
@@ -1229,7 +1229,7 @@ session_open(Authctxt *authctxt, int chanid)
}
s->authctxt = authctxt;
s->pw = authctxt->pw;
- if (s->pw == NULL)
+ if (s->pw == NULL || !authctxt->valid)
fatal("no user for session %d", s->self);
debug("session_open: session %d: link with channel %d", s->self, chanid);
s->chanid = chanid;