diff options
| -rw-r--r-- | usr.bin/ssh/auth-krb5.c | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/auth-passwd.c | 5 | ||||
| -rw-r--r-- | usr.bin/ssh/auth-rh-rsa.c | 7 | ||||
| -rw-r--r-- | usr.bin/ssh/auth-rhosts.c | 6 | ||||
| -rw-r--r-- | usr.bin/ssh/auth-rsa.c | 7 | ||||
| -rw-r--r-- | usr.bin/ssh/auth.h | 6 | ||||
| -rw-r--r-- | usr.bin/ssh/auth1.c | 6 | ||||
| -rw-r--r-- | usr.bin/ssh/auth2-pubkey.c | 5 | ||||
| -rw-r--r-- | usr.bin/ssh/auth2.c | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/monitor.c | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/serverloop.c | 6 | ||||
| -rw-r--r-- | usr.bin/ssh/session.c | 4 |
12 files changed, 27 insertions, 36 deletions
diff --git a/usr.bin/ssh/auth-krb5.c b/usr.bin/ssh/auth-krb5.c index c8131291d54..5d4afd2820f 100644 --- a/usr.bin/ssh/auth-krb5.c +++ b/usr.bin/ssh/auth-krb5.c @@ -28,7 +28,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-krb5.c,v 1.13 2003/09/23 20:17:11 markus Exp $"); +RCSID("$OpenBSD: auth-krb5.c,v 1.14 2003/11/04 08:54:09 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -65,7 +65,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password) krb5_error_code problem; krb5_ccache ccache = NULL; - if (authctxt->pw == NULL) + if (!authctxt->valid) return (0); temporarily_use_uid(authctxt->pw); diff --git a/usr.bin/ssh/auth-passwd.c b/usr.bin/ssh/auth-passwd.c index 6452660270d..1ef70dee5e6 100644 --- a/usr.bin/ssh/auth-passwd.c +++ b/usr.bin/ssh/auth-passwd.c @@ -36,7 +36,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-passwd.c,v 1.29 2003/08/26 09:58:43 markus Exp $"); +RCSID("$OpenBSD: auth-passwd.c,v 1.30 2003/11/04 08:54:09 djm Exp $"); #include "packet.h" #include "log.h" @@ -56,9 +56,6 @@ auth_password(Authctxt *authctxt, const char *password) struct passwd * pw = authctxt->pw; int ok = authctxt->valid; - /* deny if no user. */ - if (pw == NULL) - return 0; if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) ok = 0; if (*password == '\0' && options.permit_empty_passwd == 0) diff --git a/usr.bin/ssh/auth-rh-rsa.c b/usr.bin/ssh/auth-rh-rsa.c index 2eb7e6e2dbc..29eb538ec92 100644 --- a/usr.bin/ssh/auth-rh-rsa.c +++ b/usr.bin/ssh/auth-rh-rsa.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rh-rsa.c,v 1.36 2003/06/02 09:17:34 markus Exp $"); +RCSID("$OpenBSD: auth-rh-rsa.c,v 1.37 2003/11/04 08:54:09 djm Exp $"); #include "packet.h" #include "uidswap.h" @@ -52,14 +52,15 @@ auth_rhosts_rsa_key_allowed(struct passwd *pw, char *cuser, char *chost, * its host key. Returns true if authentication succeeds. */ int -auth_rhosts_rsa(struct passwd *pw, char *cuser, Key *client_host_key) +auth_rhosts_rsa(Authctxt *authctxt, char *cuser, Key *client_host_key) { char *chost; + struct passwd *pw = authctxt->pw; debug("Trying rhosts with RSA host authentication for client user %.100s", cuser); - if (pw == NULL || client_host_key == NULL || + if (!authctxt->valid || client_host_key == NULL || client_host_key->rsa == NULL) return 0; diff --git a/usr.bin/ssh/auth-rhosts.c b/usr.bin/ssh/auth-rhosts.c index b42a64c90ac..585246e822f 100644 --- a/usr.bin/ssh/auth-rhosts.c +++ b/usr.bin/ssh/auth-rhosts.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rhosts.c,v 1.31 2003/06/02 09:17:34 markus Exp $"); +RCSID("$OpenBSD: auth-rhosts.c,v 1.32 2003/11/04 08:54:09 djm Exp $"); #include "packet.h" #include "uidswap.h" @@ -173,10 +173,6 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam debug2("auth_rhosts2: clientuser %s hostname %s ipaddr %s", client_user, hostname, ipaddr); - /* no user given */ - if (pw == NULL) - return 0; - /* Switch to the user's uid. */ temporarily_use_uid(pw); /* diff --git a/usr.bin/ssh/auth-rsa.c b/usr.bin/ssh/auth-rsa.c index 5631d238c16..2f0746b3056 100644 --- a/usr.bin/ssh/auth-rsa.c +++ b/usr.bin/ssh/auth-rsa.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rsa.c,v 1.57 2003/04/08 20:21:28 itojun Exp $"); +RCSID("$OpenBSD: auth-rsa.c,v 1.58 2003/11/04 08:54:09 djm Exp $"); #include <openssl/rsa.h> #include <openssl/md5.h> @@ -284,13 +284,14 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) * successful. This may exit if there is a serious protocol violation. */ int -auth_rsa(struct passwd *pw, BIGNUM *client_n) +auth_rsa(Authctxt *authctxt, BIGNUM *client_n) { Key *key; char *fp; + struct passwd *pw = authctxt->pw; /* no user given */ - if (pw == NULL) + if (!authctxt->valid) return 0; if (!PRIVSEP(auth_rsa_key_allowed(pw, client_n, &key))) { diff --git a/usr.bin/ssh/auth.h b/usr.bin/ssh/auth.h index e5424356199..360e9c3c5d7 100644 --- a/usr.bin/ssh/auth.h +++ b/usr.bin/ssh/auth.h @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.h,v 1.47 2003/09/23 20:17:11 markus Exp $ */ +/* $OpenBSD: auth.h,v 1.48 2003/11/04 08:54:09 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -102,9 +102,9 @@ int auth_rhosts(struct passwd *, const char *); int auth_rhosts2(struct passwd *, const char *, const char *, const char *); -int auth_rhosts_rsa(struct passwd *, char *, Key *); +int auth_rhosts_rsa(Authctxt *, char *, Key *); int auth_password(Authctxt *, const char *); -int auth_rsa(struct passwd *, BIGNUM *); +int auth_rsa(Authctxt *, BIGNUM *); int auth_rsa_challenge_dialog(Key *); BIGNUM *auth_rsa_generate_challenge(Key *); int auth_rsa_verify_response(Key *, BIGNUM *, u_char[]); diff --git a/usr.bin/ssh/auth1.c b/usr.bin/ssh/auth1.c index 63b1609496d..9862d3b88d6 100644 --- a/usr.bin/ssh/auth1.c +++ b/usr.bin/ssh/auth1.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth1.c,v 1.53 2003/09/23 20:17:11 markus Exp $"); +RCSID("$OpenBSD: auth1.c,v 1.54 2003/11/04 08:54:09 djm Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -125,7 +125,7 @@ do_authloop(Authctxt *authctxt) BN_num_bits(client_host_key->rsa->n), bits); packet_check_eom(); - authenticated = auth_rhosts_rsa(pw, client_user, + authenticated = auth_rhosts_rsa(authctxt, client_user, client_host_key); key_free(client_host_key); @@ -143,7 +143,7 @@ do_authloop(Authctxt *authctxt) fatal("do_authloop: BN_new failed"); packet_get_bignum(n); packet_check_eom(); - authenticated = auth_rsa(pw, n); + authenticated = auth_rsa(authctxt, n); BN_clear_free(n); break; diff --git a/usr.bin/ssh/auth2-pubkey.c b/usr.bin/ssh/auth2-pubkey.c index 3f0fab446e7..c0dfb44bca8 100644 --- a/usr.bin/ssh/auth2-pubkey.c +++ b/usr.bin/ssh/auth2-pubkey.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2-pubkey.c,v 1.4 2003/06/24 08:23:46 markus Exp $"); +RCSID("$OpenBSD: auth2-pubkey.c,v 1.5 2003/11/04 08:54:09 djm Exp $"); #include "ssh2.h" #include "xmalloc.h" @@ -171,9 +171,6 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file) Key *found; char *fp; - if (pw == NULL) - return 0; - /* Temporarily use the user's uid. */ temporarily_use_uid(pw); diff --git a/usr.bin/ssh/auth2.c b/usr.bin/ssh/auth2.c index dc70cc90040..d1a4a35bef1 100644 --- a/usr.bin/ssh/auth2.c +++ b/usr.bin/ssh/auth2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2.c,v 1.103 2003/09/23 20:17:11 markus Exp $"); +RCSID("$OpenBSD: auth2.c,v 1.104 2003/11/04 08:54:09 djm Exp $"); #include "ssh2.h" #include "xmalloc.h" @@ -77,7 +77,6 @@ static void input_userauth_request(int, u_int32_t, void *); static Authmethod *authmethod_lookup(const char *); static char *authmethods_get(void); int user_key_allowed(struct passwd *, Key *); -int hostbased_key_allowed(struct passwd *, const char *, char *, Key *); /* * loop until authctxt->success == TRUE diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c index 269254092b2..7a64ae4d74a 100644 --- a/usr.bin/ssh/monitor.c +++ b/usr.bin/ssh/monitor.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor.c,v 1.50 2003/09/23 20:17:11 markus Exp $"); +RCSID("$OpenBSD: monitor.c,v 1.51 2003/11/04 08:54:09 djm Exp $"); #include <openssl/dh.h> @@ -768,7 +768,7 @@ mm_answer_keyallowed(int socket, Buffer *m) debug3("%s: key_from_blob: %p", __func__, key); - if (key != NULL && authctxt->pw != NULL) { + if (key != NULL && authctxt->valid) { switch(type) { case MM_USERKEY: allowed = options.pubkey_authentication && diff --git a/usr.bin/ssh/serverloop.c b/usr.bin/ssh/serverloop.c index 9f8b16490d7..faf57ce1f51 100644 --- a/usr.bin/ssh/serverloop.c +++ b/usr.bin/ssh/serverloop.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: serverloop.c,v 1.111 2003/09/23 20:17:11 markus Exp $"); +RCSID("$OpenBSD: serverloop.c,v 1.112 2003/11/04 08:54:09 djm Exp $"); #include "xmalloc.h" #include "packet.h" @@ -971,8 +971,8 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) u_short listen_port; pw = the_authctxt->pw; - if (pw == NULL) - fatal("server_input_global_request: no user"); + if (pw == NULL || !the_authctxt->pw) + fatal("server_input_global_request: no/invalid user"); listen_address = packet_get_string(NULL); listen_port = (u_short)packet_get_int(); debug("server_input_global_request: tcpip-forward listen %s port %d", diff --git a/usr.bin/ssh/session.c b/usr.bin/ssh/session.c index 8fb453ae37d..ae48b1d237f 100644 --- a/usr.bin/ssh/session.c +++ b/usr.bin/ssh/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.166 2003/10/14 19:54:39 markus Exp $"); +RCSID("$OpenBSD: session.c,v 1.167 2003/11/04 08:54:09 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -1229,7 +1229,7 @@ session_open(Authctxt *authctxt, int chanid) } s->authctxt = authctxt; s->pw = authctxt->pw; - if (s->pw == NULL) + if (s->pw == NULL || !authctxt->valid) fatal("no user for session %d", s->self); debug("session_open: session %d: link with channel %d", s->self, chanid); s->chanid = chanid; |