Attachment #1184 for bug #1180

Lines 570-575 mm_answer_pwnamallow(int sock, Buffer *m Link Here

(-)monitor.c (+3 lines)
570	buffer_put_cstring(m, pwent->pw_class);	570	buffer_put_cstring(m, pwent->pw_class);
571	buffer_put_cstring(m, pwent->pw_dir);	571	buffer_put_cstring(m, pwent->pw_dir);
572	buffer_put_cstring(m, pwent->pw_shell);	572	buffer_put_cstring(m, pwent->pw_shell);
		573	buffer_put_string(m, &options, sizeof(options));
		574	if (options.banner != NULL)
		575	buffer_put_cstring(m, options.banner);
573		576
574	out:	577	out:
575	debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed);	578	debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed);





#include "channels.h"
#include "session.h"
#include "servconf.h"

/* Imports */
extern int compat20;

extern struct monitor *pmonitor;
extern Buffer input, output;
extern Buffer loginmsg;
extern ServerOptions options;

int
mm_is_monitor(void)

{
	Buffer m;
	struct passwd *pw;
	u_int len;
	ServerOptions *newopts;

	debug3("%s entering", __func__);


		buffer_free(&m);
		return (NULL);
	}
	pw = buffer_get_string(&m, &len);
	if (len != sizeof(struct passwd))
		fatal("%s: struct passwd size mismatch", __func__);
	pw->pw_name = buffer_get_string(&m, NULL);
	pw->pw_passwd = buffer_get_string(&m, NULL);

	pw->pw_class = buffer_get_string(&m, NULL);
	pw->pw_dir = buffer_get_string(&m, NULL);
	pw->pw_shell = buffer_get_string(&m, NULL);

	/* copy options block as a Match directive may have changed some */
	newopts = buffer_get_string(&m, &len);
	if (len != sizeof(*newopts))
		fatal("%s: option block size mismatch", __func__);
	if (newopts->banner != NULL)
		newopts->banner = buffer_get_string(&m, NULL);
	copy_set_server_options(&options, newopts, 1);
	if (newopts->banner != NULL)
		xfree(newopts->banner);
	xfree(newopts);

	buffer_free(&m);

	return (pw);




	{ "gssapiauthentication", sUnsupported, SSHCFG_GLOBAL },
	{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
#endif
	{ "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
	{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_GLOBAL },
	{ "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
	{ "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */

	{ "subsystem", sSubsystem, SSHCFG_GLOBAL },
	{ "maxstartups", sMaxStartups, SSHCFG_GLOBAL },
	{ "maxauthtries", sMaxAuthTries, SSHCFG_GLOBAL },
	{ "banner", sBanner, SSHCFG_ALL },
	{ "usedns", sUseDNS, SSHCFG_GLOBAL },
	{ "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },
	{ "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },


	initialize_server_options(&mo);
	parse_server_config(&mo, "reprocess config", &cfg, user, host, address);
	copy_set_server_options(options, &mo, 0);
}

/*
 * Copy any supported values that are set.
 *
 * If the preauth flag is set, we do not bother copying the the string or
 * array values that are not used pre-authentication, because any that we
 * do use must be explictly sent in mm_getpwnamallow().
 */
void
copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
{
	if (src->password_authentication != -1)
		dst->password_authentication = src->password_authentication;
	if (src->banner != NULL) {
		if (dst->banner != NULL)
			xfree(dst->banner);
		dst->banner = src->banner;
	}
	if (preauth)
		return;
	if (src->allow_tcp_forwarding != -1)
		dst->allow_tcp_forwarding = src->allow_tcp_forwarding;
	if (src->gateway_ports != -1)

Lines 150-155 void parse_server_config(ServerOptions Link Here

(-)servconf.h (-1 / +1 lines)
150	const char , const char , const char *);	150	const char , const char , const char *);
151	void parse_server_match_config(ServerOptions , const char , const char *,	151	void parse_server_match_config(ServerOptions , const char , const char *,
152	const char *);	152	const char *);
153	void copy_set_server_options(ServerOptions , ServerOptions );	153	void copy_set_server_options(ServerOptions , ServerOptions , int);
154		154
155	#endif /* SERVCONF_H */	155	#endif /* SERVCONF_H */

Return to bug 1180

Lines 63-68 Link Here

(-)monitor_wrap.c (-3 / +18 lines)
63		63
64	#include "channels.h"	64	#include "channels.h"
65	#include "session.h"	65	#include "session.h"
		66	#include "servconf.h"
66		67
67	/* Imports */	68	/* Imports */
68	extern int compat20;	69	extern int compat20;
Lines 72-77 extern z_stream outgoing_stream; Link Here
72	extern struct monitor *pmonitor;	73	extern struct monitor *pmonitor;
73	extern Buffer input, output;	74	extern Buffer input, output;
74	extern Buffer loginmsg;	75	extern Buffer loginmsg;
		76	extern ServerOptions options;
75		77
76	int	78	int
77	mm_is_monitor(void)	79	mm_is_monitor(void)
Lines 196-202 mm_getpwnamallow(const char *username) Link Here
196	{	198	{
197	Buffer m;	199	Buffer m;
198	struct passwd *pw;	200	struct passwd *pw;
199	u_int pwlen;	201	u_int len;
		202	ServerOptions *newopts;
200		203
201	debug3("%s entering", __func__);	204	debug3("%s entering", __func__);
202		205
Lines 212-219 mm_getpwnamallow(const char *username) Link Here
212	buffer_free(&m);	215	buffer_free(&m);
213	return (NULL);	216	return (NULL);
214	}	217	}
215	pw = buffer_get_string(&m, &pwlen);	218	pw = buffer_get_string(&m, &len);
216	if (pwlen != sizeof(struct passwd))	219	if (len != sizeof(struct passwd))
217	fatal("%s: struct passwd size mismatch", __func__);	220	fatal("%s: struct passwd size mismatch", __func__);
218	pw->pw_name = buffer_get_string(&m, NULL);	221	pw->pw_name = buffer_get_string(&m, NULL);
219	pw->pw_passwd = buffer_get_string(&m, NULL);	222	pw->pw_passwd = buffer_get_string(&m, NULL);
Lines 221-226 mm_getpwnamallow(const char *username) Link Here
221	pw->pw_class = buffer_get_string(&m, NULL);	224	pw->pw_class = buffer_get_string(&m, NULL);
222	pw->pw_dir = buffer_get_string(&m, NULL);	225	pw->pw_dir = buffer_get_string(&m, NULL);
223	pw->pw_shell = buffer_get_string(&m, NULL);	226	pw->pw_shell = buffer_get_string(&m, NULL);
		227
		228	/* copy options block as a Match directive may have changed some */
		229	newopts = buffer_get_string(&m, &len);
		230	if (len != sizeof(*newopts))
		231	fatal("%s: option block size mismatch", __func__);
		232	if (newopts->banner != NULL)
		233	newopts->banner = buffer_get_string(&m, NULL);
		234	copy_set_server_options(&options, newopts, 1);
		235	if (newopts->banner != NULL)
		236	xfree(newopts->banner);
		237	xfree(newopts);
		238
224	buffer_free(&m);	239	buffer_free(&m);
225		240
226	return (pw);	241	return (pw);

Lines 318-324 static struct { Link Here

(-)servconf.c (-5 / +20 lines)
318	{ "gssapiauthentication", sUnsupported, SSHCFG_GLOBAL },	318	{ "gssapiauthentication", sUnsupported, SSHCFG_GLOBAL },
319	{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },	319	{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
320	#endif	320	#endif
321	{ "passwordauthentication", sPasswordAuthentication, SSHCFG_GLOBAL },	321	{ "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
322	{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_GLOBAL },	322	{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_GLOBAL },
323	{ "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },	323	{ "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
324	{ "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */	324	{ "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */
Lines 352-358 static struct { Link Here
352	{ "subsystem", sSubsystem, SSHCFG_GLOBAL },	352	{ "subsystem", sSubsystem, SSHCFG_GLOBAL },
353	{ "maxstartups", sMaxStartups, SSHCFG_GLOBAL },	353	{ "maxstartups", sMaxStartups, SSHCFG_GLOBAL },
354	{ "maxauthtries", sMaxAuthTries, SSHCFG_GLOBAL },	354	{ "maxauthtries", sMaxAuthTries, SSHCFG_GLOBAL },
355	{ "banner", sBanner, SSHCFG_GLOBAL },	355	{ "banner", sBanner, SSHCFG_ALL },
356	{ "usedns", sUseDNS, SSHCFG_GLOBAL },	356	{ "usedns", sUseDNS, SSHCFG_GLOBAL },
357	{ "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },	357	{ "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },
358	{ "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },	358	{ "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },
Lines 1273-1285 parse_server_match_config(ServerOptions Link Here
1273		1273
1274	initialize_server_options(&mo);	1274	initialize_server_options(&mo);
1275	parse_server_config(&mo, "reprocess config", &cfg, user, host, address);	1275	parse_server_config(&mo, "reprocess config", &cfg, user, host, address);
1276	copy_set_server_options(options, &mo);	1276	copy_set_server_options(options, &mo, 0);
1277	}	1277	}
1278		1278
1279	/* Copy any (supported) values that are set */	1279	/*
		1280	* Copy any supported values that are set.
		1281	*
		1282	* If the preauth flag is set, we do not bother copying the the string or
		1283	* array values that are not used pre-authentication, because any that we
		1284	* do use must be explictly sent in mm_getpwnamallow().
		1285	*/
1280	void	1286	void
1281	copy_set_server_options(ServerOptions dst, ServerOptions src)	1287	copy_set_server_options(ServerOptions dst, ServerOptions src, int preauth)
1282	{	1288	{
		1289	if (src->password_authentication != -1)
		1290	dst->password_authentication = src->password_authentication;
		1291	if (src->banner != NULL) {
		1292	if (dst->banner != NULL)
		1293	xfree(dst->banner);
		1294	dst->banner = src->banner;
		1295	}
		1296	if (preauth)
		1297	return;
1283	if (src->allow_tcp_forwarding != -1)	1298	if (src->allow_tcp_forwarding != -1)
1284	dst->allow_tcp_forwarding = src->allow_tcp_forwarding;	1299	dst->allow_tcp_forwarding = src->allow_tcp_forwarding;
1285	if (src->gateway_ports != -1)	1300	if (src->gateway_ports != -1)