Attachment 1184 Details for Bug 1180 – Add support for pre-authentication options to OpenSSH 4.4.

[patch] Add support for pre-authentication options to OpenSSH 4.4.

openbsd-ssh-match-preauth.patch (text/plain), 5.33 KB, created by Darren Tucker on 2006-09-21 15:43:26 AEST

(hide)

Description:

Filename:

MIME Type:

Creator: Darren Tucker

Created: 2006-09-21 15:43:26 AEST

Size: 5.33 KB

patch

obsolete

>Index: monitor.c
>===================================================================
>RCS file: /cvs/src/usr.bin/ssh/monitor.c,v
>retrieving revision 1.88
>diff -u -p -r1.88 monitor.c
>--- monitor.c	2006/08/12 20:46:46	1.88
>+++ monitor.c	2006/09/21 03:26:23
>@@ -570,6 +570,9 @@ mm_answer_pwnamallow(int sock, Buffer *m
> 	buffer_put_cstring(m, pwent->pw_class);
> 	buffer_put_cstring(m, pwent->pw_dir);
> 	buffer_put_cstring(m, pwent->pw_shell);
>+	buffer_put_string(m, &options, sizeof(options));
>+	if (options.banner != NULL)
>+		buffer_put_cstring(m, options.banner);
> 
>  out:
> 	debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed);
>Index: monitor_wrap.c
>===================================================================
>RCS file: /cvs/src/usr.bin/ssh/monitor_wrap.c,v
>retrieving revision 1.54
>diff -u -p -r1.54 monitor_wrap.c
>--- monitor_wrap.c	2006/08/12 20:46:46	1.54
>+++ monitor_wrap.c	2006/09/21 03:26:23
>@@ -63,6 +63,7 @@
> 
> #include "channels.h"
> #include "session.h"
>+#include "servconf.h"
> 
> /* Imports */
> extern int compat20;
>@@ -72,6 +73,7 @@ extern z_stream outgoing_stream;
> extern struct monitor *pmonitor;
> extern Buffer input, output;
> extern Buffer loginmsg;
>+extern ServerOptions options;
> 
> int
> mm_is_monitor(void)
>@@ -196,7 +198,8 @@ mm_getpwnamallow(const char *username)
> {
> 	Buffer m;
> 	struct passwd *pw;
>-	u_int pwlen;
>+	u_int len;
>+	ServerOptions *newopts;
> 
> 	debug3("%s entering", __func__);
> 
>@@ -212,8 +215,8 @@ mm_getpwnamallow(const char *username)
> 		buffer_free(&m);
> 		return (NULL);
> 	}
>-	pw = buffer_get_string(&m, &pwlen);
>-	if (pwlen != sizeof(struct passwd))
>+	pw = buffer_get_string(&m, &len);
>+	if (len != sizeof(struct passwd))
> 		fatal("%s: struct passwd size mismatch", __func__);
> 	pw->pw_name = buffer_get_string(&m, NULL);
> 	pw->pw_passwd = buffer_get_string(&m, NULL);
>@@ -221,6 +224,18 @@ mm_getpwnamallow(const char *username)
> 	pw->pw_class = buffer_get_string(&m, NULL);
> 	pw->pw_dir = buffer_get_string(&m, NULL);
> 	pw->pw_shell = buffer_get_string(&m, NULL);
>+
>+	/* copy options block as a Match directive may have changed some */
>+	newopts = buffer_get_string(&m, &len);
>+	if (len != sizeof(*newopts))
>+		fatal("%s: option block size mismatch", __func__);
>+	if (newopts->banner != NULL)
>+		newopts->banner = buffer_get_string(&m, NULL);
>+	copy_set_server_options(&options, newopts, 1);
>+	if (newopts->banner != NULL)
>+		xfree(newopts->banner);
>+	xfree(newopts);
>+
> 	buffer_free(&m);
> 
> 	return (pw);
>Index: servconf.c
>===================================================================
>RCS file: /cvs/src/usr.bin/ssh/servconf.c,v
>retrieving revision 1.165
>diff -u -p -r1.165 servconf.c
>--- servconf.c	2006/08/14 12:40:25	1.165
>+++ servconf.c	2006/09/21 03:26:23
>@@ -318,7 +318,7 @@ static struct {
> 	{ "gssapiauthentication", sUnsupported, SSHCFG_GLOBAL },
> 	{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
> #endif
>-	{ "passwordauthentication", sPasswordAuthentication, SSHCFG_GLOBAL },
>+	{ "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
> 	{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_GLOBAL },
> 	{ "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
> 	{ "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */
>@@ -352,7 +352,7 @@ static struct {
> 	{ "subsystem", sSubsystem, SSHCFG_GLOBAL },
> 	{ "maxstartups", sMaxStartups, SSHCFG_GLOBAL },
> 	{ "maxauthtries", sMaxAuthTries, SSHCFG_GLOBAL },
>-	{ "banner", sBanner, SSHCFG_GLOBAL },
>+	{ "banner", sBanner, SSHCFG_ALL },
> 	{ "usedns", sUseDNS, SSHCFG_GLOBAL },
> 	{ "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },
> 	{ "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },
>@@ -1273,13 +1273,28 @@ parse_server_match_config(ServerOptions 
> 
> 	initialize_server_options(&mo);
> 	parse_server_config(&mo, "reprocess config", &cfg, user, host, address);
>-	copy_set_server_options(options, &mo);
>+	copy_set_server_options(options, &mo, 0);
> }
> 
>-/* Copy any (supported) values that are set */
>+/*
>+ * Copy any supported values that are set.
>+ *
>+ * If the preauth flag is set, we do not bother copying the the string or
>+ * array values that are not used pre-authentication, because any that we
>+ * do use must be explictly sent in mm_getpwnamallow().
>+ */
> void
>-copy_set_server_options(ServerOptions *dst, ServerOptions *src)
>+copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
> {
>+	if (src->password_authentication != -1)
>+		dst->password_authentication = src->password_authentication;
>+	if (src->banner != NULL) {
>+		if (dst->banner != NULL)
>+			xfree(dst->banner);
>+		dst->banner = src->banner;
>+	}
>+	if (preauth)
>+		return;
> 	if (src->allow_tcp_forwarding != -1)
> 		dst->allow_tcp_forwarding = src->allow_tcp_forwarding;
> 	if (src->gateway_ports != -1)
>Index: servconf.h
>===================================================================
>RCS file: /cvs/src/usr.bin/ssh/servconf.h,v
>retrieving revision 1.79
>diff -u -p -r1.79 servconf.h
>--- servconf.h	2006/08/14 12:40:25	1.79
>+++ servconf.h	2006/09/21 03:26:23
>@@ -150,6 +150,6 @@ void	 parse_server_config(ServerOptions 
> 	     const char *, const char *, const char *);
> void	 parse_server_match_config(ServerOptions *, const char *, const char *,
> 	     const char *);
>-void	 copy_set_server_options(ServerOptions *, ServerOptions *);
>+void	 copy_set_server_options(ServerOptions *, ServerOptions *, int);
> 
> #endif				/* SERVCONF_H */

Actions: View | Diff

Attachments on bug 1180: 1118 | 1127 | 1184 | 1185 | 1240