Attachment #1509 for bug #1472

Lines 310-316 auth_rsa(Authctxt authctxt, BIGNUM cli Link Here

(-)auth-rsa.c (-1 / +1 lines)
310	return 0;	310	return 0;
311		311
312	if (!PRIVSEP(auth_rsa_key_allowed(pw, client_n, &key))) {	312	if (!PRIVSEP(auth_rsa_key_allowed(pw, client_n, &key))) {
313	auth_clear_options();	313	PRIVSEP(auth_clear_options());
314	return (0);	314	return (0);
315	}	315	}
316		316

Lines 161-167 userauth_pubkey(Authctxt *authctxt) Link Here

(-)auth2-pubkey.c (-1 / +1 lines)
161	}	161	}
162	}	162	}
163	if (authenticated != 1)	163	if (authenticated != 1)
164	auth_clear_options();	164	PRIVSEP(auth_clear_options());
165	done:	165	done:
166	debug2("userauth_pubkey: authenticated %d pkalg %s", authenticated, pkalg);	166	debug2("userauth_pubkey: authenticated %d pkalg %s", authenticated, pkalg);
167	if (key != NULL)	167	if (key != NULL)




int mm_answer_auth2_read_banner(int, Buffer *);
int mm_answer_authserv(int, Buffer *);
int mm_answer_authpassword(int, Buffer *);
int mm_answer_auth_clear_options(int, Buffer *);
int mm_answer_bsdauthquery(int, Buffer *);
int mm_answer_bsdauthrespond(int, Buffer *);
int mm_answer_skeyquery(int, Buffer *);

    {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
    {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
    {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
    {MONITOR_REQ_AUTH_CLEAR_OPTIONS, MON_ISAUTH, mm_answer_auth_clear_options},
#ifdef USE_PAM
    {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start},
    {MONITOR_REQ_PAM_ACCOUNT, 0, mm_answer_pam_account},

    {MONITOR_REQ_SESSKEY, MON_ONCE, mm_answer_sesskey},
    {MONITOR_REQ_SESSID, MON_ONCE, mm_answer_sessid},
    {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
    {MONITOR_REQ_AUTH_CLEAR_OPTIONS, MON_ISAUTH, mm_answer_auth_clear_options},
    {MONITOR_REQ_RSAKEYALLOWED, MON_ISAUTH|MON_ALOG, mm_answer_rsa_keyallowed},
    {MONITOR_REQ_KEYALLOWED, MON_ISAUTH|MON_ALOG, mm_answer_keyallowed},
    {MONITOR_REQ_RSACHALLENGE, MON_ONCE, mm_answer_rsa_challenge},


	/* Causes monitor loop to terminate if authenticated */
	return (authenticated);
}

int
mm_answer_auth_clear_options(int sock, Buffer *m)
{
	debug3("%s entering", __func__);

	auth_clear_options();
	buffer_clear(m);
	return (0);
}

#ifdef BSD_AUTH

Lines 35-40 enum monitor_reqtype { Link Here

(-)monitor.h (+1 lines)
35	MONITOR_REQ_PWNAM, MONITOR_ANS_PWNAM,	35	MONITOR_REQ_PWNAM, MONITOR_ANS_PWNAM,
36	MONITOR_REQ_AUTH2_READ_BANNER, MONITOR_ANS_AUTH2_READ_BANNER,	36	MONITOR_REQ_AUTH2_READ_BANNER, MONITOR_ANS_AUTH2_READ_BANNER,
37	MONITOR_REQ_AUTHPASSWORD, MONITOR_ANS_AUTHPASSWORD,	37	MONITOR_REQ_AUTHPASSWORD, MONITOR_ANS_AUTHPASSWORD,
		38	MONITOR_REQ_AUTH_CLEAR_OPTIONS,
38	MONITOR_REQ_BSDAUTHQUERY, MONITOR_ANS_BSDAUTHQUERY,	39	MONITOR_REQ_BSDAUTHQUERY, MONITOR_ANS_BSDAUTHQUERY,
39	MONITOR_REQ_BSDAUTHRESPOND, MONITOR_ANS_BSDAUTHRESPOND,	40	MONITOR_REQ_BSDAUTHRESPOND, MONITOR_ANS_BSDAUTHRESPOND,
40	MONITOR_REQ_SKEYQUERY, MONITOR_ANS_SKEYQUERY,	41	MONITOR_REQ_SKEYQUERY, MONITOR_ANS_SKEYQUERY,




	return (authenticated);
}

void
mm_auth_clear_options(void)
{
	Buffer m;

	debug3("%s entering", __func__);

	buffer_init(&m);
	mm_request_send(pmonitor->m_recvfd,
	    MONITOR_REQ_AUTH_CLEAR_OPTIONS, &m);
	buffer_free(&m);

	/* Clear options on the monitor side too */
	auth_clear_options();
}

int
mm_user_key_allowed(struct passwd *pw, Key *key)
{

Lines 44-49 void mm_inform_authserv(char , char ); Link Here

(-)monitor_wrap.h (+1 lines)
44	struct passwd mm_getpwnamallow(const char );	44	struct passwd mm_getpwnamallow(const char );
45	char *mm_auth2_read_banner(void);	45	char *mm_auth2_read_banner(void);
46	int mm_auth_password(struct Authctxt , char );	46	int mm_auth_password(struct Authctxt , char );
		47	void mm_auth_clear_options(void);
47	int mm_key_allowed(enum mm_keytype, char , char , Key *);	48	int mm_key_allowed(enum mm_keytype, char , char , Key *);
48	int mm_user_key_allowed(struct passwd , Key );	49	int mm_user_key_allowed(struct passwd , Key );
49	int mm_hostbased_key_allowed(struct passwd , char , char , Key );	50	int mm_hostbased_key_allowed(struct passwd , char , char , Key );

Return to bug 1472

Lines 135-140 int mm_answer_pwnamallow(int, Buffer *); Link Here

(-)monitor.c (+13 lines)
135	int mm_answer_auth2_read_banner(int, Buffer *);	135	int mm_answer_auth2_read_banner(int, Buffer *);
136	int mm_answer_authserv(int, Buffer *);	136	int mm_answer_authserv(int, Buffer *);
137	int mm_answer_authpassword(int, Buffer *);	137	int mm_answer_authpassword(int, Buffer *);
		138	int mm_answer_auth_clear_options(int, Buffer *);
138	int mm_answer_bsdauthquery(int, Buffer *);	139	int mm_answer_bsdauthquery(int, Buffer *);
139	int mm_answer_bsdauthrespond(int, Buffer *);	140	int mm_answer_bsdauthrespond(int, Buffer *);
140	int mm_answer_skeyquery(int, Buffer *);	141	int mm_answer_skeyquery(int, Buffer *);
Lines 207-212 struct mon_table mon_dispatch_proto20[] Link Here
207	{MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},	208	{MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
208	{MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},	209	{MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
209	{MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},	210	{MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
		211	{MONITOR_REQ_AUTH_CLEAR_OPTIONS, MON_ISAUTH, mm_answer_auth_clear_options},
210	#ifdef USE_PAM	212	#ifdef USE_PAM
211	{MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start},	213	{MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start},
212	{MONITOR_REQ_PAM_ACCOUNT, 0, mm_answer_pam_account},	214	{MONITOR_REQ_PAM_ACCOUNT, 0, mm_answer_pam_account},
Lines 255-260 struct mon_table mon_dispatch_proto15[] Link Here
255	{MONITOR_REQ_SESSKEY, MON_ONCE, mm_answer_sesskey},	257	{MONITOR_REQ_SESSKEY, MON_ONCE, mm_answer_sesskey},
256	{MONITOR_REQ_SESSID, MON_ONCE, mm_answer_sessid},	258	{MONITOR_REQ_SESSID, MON_ONCE, mm_answer_sessid},
257	{MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},	259	{MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
		260	{MONITOR_REQ_AUTH_CLEAR_OPTIONS, MON_ISAUTH, mm_answer_auth_clear_options},
258	{MONITOR_REQ_RSAKEYALLOWED, MON_ISAUTH\|MON_ALOG, mm_answer_rsa_keyallowed},	261	{MONITOR_REQ_RSAKEYALLOWED, MON_ISAUTH\|MON_ALOG, mm_answer_rsa_keyallowed},
259	{MONITOR_REQ_KEYALLOWED, MON_ISAUTH\|MON_ALOG, mm_answer_keyallowed},	262	{MONITOR_REQ_KEYALLOWED, MON_ISAUTH\|MON_ALOG, mm_answer_keyallowed},
260	{MONITOR_REQ_RSACHALLENGE, MON_ONCE, mm_answer_rsa_challenge},	263	{MONITOR_REQ_RSACHALLENGE, MON_ONCE, mm_answer_rsa_challenge},
Lines 731-736 mm_answer_authpassword(int sock, Buffer Link Here
731		734
732	/* Causes monitor loop to terminate if authenticated */	735	/* Causes monitor loop to terminate if authenticated */
733	return (authenticated);	736	return (authenticated);
		737	}
		738
		739	int
		740	mm_answer_auth_clear_options(int sock, Buffer *m)
		741	{
		742	debug3("%s entering", __func__);
		743
		744	auth_clear_options();
		745	buffer_clear(m);
		746	return (0);
734	}	747	}
735		748
736	#ifdef BSD_AUTH	749	#ifdef BSD_AUTH

Lines 321-326 mm_auth_password(Authctxt *authctxt, cha Link Here

(-)monitor_wrap.c (+16 lines)
321	return (authenticated);	321	return (authenticated);
322	}	322	}
323		323
		324	void
		325	mm_auth_clear_options(void)
		326	{
		327	Buffer m;
		328
		329	debug3("%s entering", __func__);
		330
		331	buffer_init(&m);
		332	mm_request_send(pmonitor->m_recvfd,
		333	MONITOR_REQ_AUTH_CLEAR_OPTIONS, &m);
		334	buffer_free(&m);
		335
		336	/* Clear options on the monitor side too */
		337	auth_clear_options();
		338	}
		339
324	int	340	int
325	mm_user_key_allowed(struct passwd pw, Key key)	341	mm_user_key_allowed(struct passwd pw, Key key)
326	{	342	{