Bugzilla – Attachment 2081 Details for
Bug 937
ssh2 pubkey auth broken by user:style syntax
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Support Pubkeys with :style loginname
stylesupport_cvs.patch (text/plain), 5.51 KB, created by
Patric Stout
on 2011-09-10 20:07:50 AEST
(
hide
)
Description:
Support Pubkeys with :style loginname
Filename:
MIME Type:
Creator:
Patric Stout
Created:
2011-09-10 20:07:50 AEST
Size:
5.51 KB
patch
obsolete
>Index: auth-pam.c >=================================================================== >RCS file: /cvs/openssh/auth-pam.c,v >retrieving revision 1.146 >diff -u -r1.146 auth-pam.c >--- auth-pam.c 12 Jul 2009 12:07:21 -0000 1.146 >+++ auth-pam.c 10 Sep 2011 09:58:18 -0000 >@@ -621,7 +621,7 @@ > sshpam_init(Authctxt *authctxt) > { > extern char *__progname; >- const char *pam_rhost, *pam_user, *user = authctxt->user; >+ const char *pam_rhost, *pam_user, *user = authctxt->pw->pw_name; > const char **ptr_pam_user = &pam_user; > > if (sshpam_handle != NULL) { >@@ -795,7 +795,7 @@ > } > error("PAM: %s for %s%.100s from %.100s", msg, > sshpam_authctxt->valid ? "" : "illegal user ", >- sshpam_authctxt->user, >+ sshpam_authctxt->pw->pw_name, > get_remote_name_or_ip(utmp_len, options.use_dns)); > /* FALLTHROUGH */ > default: >@@ -1209,11 +1209,11 @@ > sshpam_password = NULL; > if (sshpam_err == PAM_SUCCESS && authctxt->valid) { > debug("PAM: password authentication accepted for %.100s", >- authctxt->user); >+ authctxt->pw->pw_name); > return 1; > } else { > debug("PAM: password authentication failed for %.100s: %s", >- authctxt->valid ? authctxt->user : "an illegal user", >+ authctxt->valid ? authctxt->pw->pw_name : "an illegal user", > pam_strerror(sshpam_handle, sshpam_err)); > return 0; > } >Index: auth2.c >=================================================================== >RCS file: /cvs/openssh/auth2.c,v >retrieving revision 1.153 >diff -u -r1.153 auth2.c >--- auth2.c 5 May 2011 04:04:11 -0000 1.153 >+++ auth2.c 10 Sep 2011 09:58:18 -0000 >@@ -227,13 +227,14 @@ > debug("userauth-request for user %s service %s method %s", user, service, method); > debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); > >+ if (authctxt->attempt == 0) authctxt->user = xstrdup(user); >+ > if ((style = strchr(user, ':')) != NULL) > *style++ = 0; > > if (authctxt->attempt++ == 0) { > /* setup auth context */ > authctxt->pw = PRIVSEP(getpwnamallow(user)); >- authctxt->user = xstrdup(user); > if (authctxt->pw && strcmp(service, "ssh-connection")==0) { > authctxt->valid = 1; > debug2("input_userauth_request: setting up authctxt for %s", user); >@@ -253,13 +254,13 @@ > authctxt->service = xstrdup(service); > authctxt->style = style ? xstrdup(style) : NULL; > if (use_privsep) >- mm_inform_authserv(service, style); >+ mm_inform_authserv(authctxt->user, service, style); > userauth_banner(); >- } else if (strcmp(user, authctxt->user) != 0 || >+ } else if (strcmp(user, authctxt->pw->pw_name) != 0 || > strcmp(service, authctxt->service) != 0) { > packet_disconnect("Change of username or service not allowed: " > "(%s,%s) -> (%s,%s)", >- authctxt->user, authctxt->service, user, service); >+ authctxt->pw->pw_name, authctxt->service, user, service); > } > /* reset state */ > auth2_challenge_stop(authctxt); >Index: monitor.c >=================================================================== >RCS file: /cvs/openssh/monitor.c,v >retrieving revision 1.150 >diff -u -r1.150 monitor.c >--- monitor.c 5 Aug 2011 20:15:18 -0000 1.150 >+++ monitor.c 10 Sep 2011 09:58:19 -0000 >@@ -741,7 +741,6 @@ > > pwent = getpwnamallow(username); > >- authctxt->user = xstrdup(username); > setproctitle("%s [priv]", pwent ? username : "unknown"); > xfree(username); > >@@ -823,10 +822,11 @@ > { > monitor_permit_authentications(1); > >+ authctxt->user = buffer_get_string(m, NULL); > authctxt->service = buffer_get_string(m, NULL); > authctxt->style = buffer_get_string(m, NULL); >- debug3("%s: service=%s, style=%s", >- __func__, authctxt->service, authctxt->style); >+ debug3("%s: user=%s, service=%s, style=%s", >+ __func__, authctxt->user, authctxt->service, authctxt->style); > > if (strlen(authctxt->style) == 0) { > xfree(authctxt->style); >@@ -1015,7 +1015,6 @@ > { > > debug3("%s", __func__); >- authctxt->user = buffer_get_string(m, NULL); > sshpam_ctxt = (sshpam_device.init_ctx)(authctxt); > sshpam_authok = NULL; > buffer_clear(m); >Index: monitor_wrap.c >=================================================================== >RCS file: /cvs/openssh/monitor_wrap.c,v >retrieving revision 1.89 >diff -u -r1.89 monitor_wrap.c >--- monitor_wrap.c 20 Jun 2011 04:42:23 -0000 1.89 >+++ monitor_wrap.c 10 Sep 2011 09:58:19 -0000 >@@ -321,13 +321,14 @@ > /* Inform the privileged process about service and style */ > > void >-mm_inform_authserv(char *service, char *style) >+mm_inform_authserv(char *user, char *service, char *style) > { > Buffer m; > > debug3("%s entering", __func__); > > buffer_init(&m); >+ buffer_put_cstring(&m, user); > buffer_put_cstring(&m, service); > buffer_put_cstring(&m, style ? style : ""); > >@@ -819,7 +820,6 @@ > > debug3("%s", __func__); > buffer_init(&m); >- buffer_put_cstring(&m, authctxt->user); > mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, &m); > debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__); > mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_INIT_CTX, &m); >Index: monitor_wrap.h >=================================================================== >RCS file: /cvs/openssh/monitor_wrap.h,v >retrieving revision 1.30 >diff -u -r1.30 monitor_wrap.h >--- monitor_wrap.h 20 Jun 2011 04:42:23 -0000 1.30 >+++ monitor_wrap.h 10 Sep 2011 09:58:19 -0000 >@@ -41,7 +41,7 @@ > int mm_is_monitor(void); > DH *mm_choose_dh(int, int, int); > int mm_key_sign(Key *, u_char **, u_int *, u_char *, u_int); >-void mm_inform_authserv(char *, char *); >+void mm_inform_authserv(char *, char *, char *); > struct passwd *mm_getpwnamallow(const char *); > char *mm_auth2_read_banner(void); > int mm_auth_password(struct Authctxt *, char *);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2081">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 937
:
2080
| 2081