Bugzilla – Attachment 1509 Details for
Bug 1472
Authentication options not cleared in privileged process
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
call auth_clear_options in privileged process
privsep-auth-clear-options.diff (text/plain), 4.97 KB, created by
Colin Watson
on 2008-05-27 02:55:23 AEST
(
hide
)
Description:
call auth_clear_options in privileged process
Filename:
MIME Type:
Creator:
Colin Watson
Created:
2008-05-27 02:55:23 AEST
Size:
4.97 KB
patch
obsolete
>? .scp.c.swp >Index: auth-rsa.c >=================================================================== >RCS file: /cvs/openssh/auth-rsa.c,v >retrieving revision 1.65 >diff -p -u -r1.65 auth-rsa.c >--- auth-rsa.c 7 Nov 2006 12:14:42 -0000 1.65 >+++ auth-rsa.c 26 May 2008 16:46:30 -0000 >@@ -310,7 +310,7 @@ auth_rsa(Authctxt *authctxt, BIGNUM *cli > return 0; > > if (!PRIVSEP(auth_rsa_key_allowed(pw, client_n, &key))) { >- auth_clear_options(); >+ PRIVSEP(auth_clear_options()); > return (0); > } > >Index: auth2-pubkey.c >=================================================================== >RCS file: /cvs/openssh/auth2-pubkey.c,v >retrieving revision 1.16 >diff -p -u -r1.16 auth2-pubkey.c >--- auth2-pubkey.c 5 Aug 2006 02:39:39 -0000 1.16 >+++ auth2-pubkey.c 26 May 2008 16:46:30 -0000 >@@ -161,7 +161,7 @@ userauth_pubkey(Authctxt *authctxt) > } > } > if (authenticated != 1) >- auth_clear_options(); >+ PRIVSEP(auth_clear_options()); > done: > debug2("userauth_pubkey: authenticated %d pkalg %s", authenticated, pkalg); > if (key != NULL) >Index: monitor.c >=================================================================== >RCS file: /cvs/openssh/monitor.c,v >retrieving revision 1.129 >diff -p -u -r1.129 monitor.c >--- monitor.c 19 May 2008 05:34:50 -0000 1.129 >+++ monitor.c 26 May 2008 16:46:30 -0000 >@@ -135,6 +135,7 @@ int mm_answer_pwnamallow(int, Buffer *); > int mm_answer_auth2_read_banner(int, Buffer *); > int mm_answer_authserv(int, Buffer *); > int mm_answer_authpassword(int, Buffer *); >+int mm_answer_auth_clear_options(int, Buffer *); > int mm_answer_bsdauthquery(int, Buffer *); > int mm_answer_bsdauthrespond(int, Buffer *); > int mm_answer_skeyquery(int, Buffer *); >@@ -207,6 +208,7 @@ struct mon_table mon_dispatch_proto20[] > {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, > {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, > {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, >+ {MONITOR_REQ_AUTH_CLEAR_OPTIONS, MON_ISAUTH, mm_answer_auth_clear_options}, > #ifdef USE_PAM > {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start}, > {MONITOR_REQ_PAM_ACCOUNT, 0, mm_answer_pam_account}, >@@ -255,6 +257,7 @@ struct mon_table mon_dispatch_proto15[] > {MONITOR_REQ_SESSKEY, MON_ONCE, mm_answer_sesskey}, > {MONITOR_REQ_SESSID, MON_ONCE, mm_answer_sessid}, > {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, >+ {MONITOR_REQ_AUTH_CLEAR_OPTIONS, MON_ISAUTH, mm_answer_auth_clear_options}, > {MONITOR_REQ_RSAKEYALLOWED, MON_ISAUTH|MON_ALOG, mm_answer_rsa_keyallowed}, > {MONITOR_REQ_KEYALLOWED, MON_ISAUTH|MON_ALOG, mm_answer_keyallowed}, > {MONITOR_REQ_RSACHALLENGE, MON_ONCE, mm_answer_rsa_challenge}, >@@ -731,6 +734,16 @@ mm_answer_authpassword(int sock, Buffer > > /* Causes monitor loop to terminate if authenticated */ > return (authenticated); >+} >+ >+int >+mm_answer_auth_clear_options(int sock, Buffer *m) >+{ >+ debug3("%s entering", __func__); >+ >+ auth_clear_options(); >+ buffer_clear(m); >+ return (0); > } > > #ifdef BSD_AUTH >Index: monitor.h >=================================================================== >RCS file: /cvs/openssh/monitor.h,v >retrieving revision 1.21 >diff -p -u -r1.21 monitor.h >--- monitor.h 26 Mar 2006 03:30:02 -0000 1.21 >+++ monitor.h 26 May 2008 16:46:30 -0000 >@@ -35,6 +35,7 @@ enum monitor_reqtype { > MONITOR_REQ_PWNAM, MONITOR_ANS_PWNAM, > MONITOR_REQ_AUTH2_READ_BANNER, MONITOR_ANS_AUTH2_READ_BANNER, > MONITOR_REQ_AUTHPASSWORD, MONITOR_ANS_AUTHPASSWORD, >+ MONITOR_REQ_AUTH_CLEAR_OPTIONS, > MONITOR_REQ_BSDAUTHQUERY, MONITOR_ANS_BSDAUTHQUERY, > MONITOR_REQ_BSDAUTHRESPOND, MONITOR_ANS_BSDAUTHRESPOND, > MONITOR_REQ_SKEYQUERY, MONITOR_ANS_SKEYQUERY, >Index: monitor_wrap.c >=================================================================== >RCS file: /cvs/openssh/monitor_wrap.c,v >retrieving revision 1.78 >diff -p -u -r1.78 monitor_wrap.c >--- monitor_wrap.c 19 May 2008 05:34:50 -0000 1.78 >+++ monitor_wrap.c 26 May 2008 16:46:30 -0000 >@@ -321,6 +321,22 @@ mm_auth_password(Authctxt *authctxt, cha > return (authenticated); > } > >+void >+mm_auth_clear_options(void) >+{ >+ Buffer m; >+ >+ debug3("%s entering", __func__); >+ >+ buffer_init(&m); >+ mm_request_send(pmonitor->m_recvfd, >+ MONITOR_REQ_AUTH_CLEAR_OPTIONS, &m); >+ buffer_free(&m); >+ >+ /* Clear options on the monitor side too */ >+ auth_clear_options(); >+} >+ > int > mm_user_key_allowed(struct passwd *pw, Key *key) > { >Index: monitor_wrap.h >=================================================================== >RCS file: /cvs/openssh/monitor_wrap.h,v >retrieving revision 1.27 >diff -p -u -r1.27 monitor_wrap.h >--- monitor_wrap.h 5 Aug 2006 02:39:40 -0000 1.27 >+++ monitor_wrap.h 26 May 2008 16:46:30 -0000 >@@ -44,6 +44,7 @@ void mm_inform_authserv(char *, char *); > struct passwd *mm_getpwnamallow(const char *); > char *mm_auth2_read_banner(void); > int mm_auth_password(struct Authctxt *, char *); >+void mm_auth_clear_options(void); > int mm_key_allowed(enum mm_keytype, char *, char *, Key *); > int mm_user_key_allowed(struct passwd *, Key *); > int mm_hostbased_key_allowed(struct passwd *, char *, char *, Key *);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1509">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1472
:
1509
|
1516