Bugzilla – Attachment 2620 Details for
Bug 2398
AuthenticationMethods doesn't have default value (inconsistency) and it accept empty value
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
proposed patch
authentication_methods_v1.patch (text/plain), 3.83 KB, created by
Jakub Jelen
on 2015-05-14 00:20:11 AEST
(
hide
)
Description:
proposed patch
Filename:
MIME Type:
Creator:
Jakub Jelen
Created:
2015-05-14 00:20:11 AEST
Size:
3.83 KB
patch
obsolete
>diff --git a/auth.h b/auth.h >index 8b27575..c7ff210 100644 >--- a/auth.h >+++ b/auth.h >@@ -226,4 +226,6 @@ int sys_auth_passwd(Authctxt *, const char *); > #include <krb5.h> > krb5_error_code ssh_krb5_cc_gen(krb5_context, krb5_ccache *); > #endif >+ >+#define METHOD_ANY "any" > #endif >diff --git a/auth1.c b/auth1.c >index 5073c49..76c0556 100644 >--- a/auth1.c >+++ b/auth1.c >@@ -407,7 +407,7 @@ do_authentication(Authctxt *authctxt) > } > > /* Configuration may have changed as a result of Match */ >- if (options.num_auth_methods != 0) >+ if (strcmp(options.auth_methods[0], METHOD_ANY) != 0) > fatal("AuthenticationMethods is not supported with SSH " > "protocol 1"); > >diff --git a/auth2.c b/auth2.c >index 7177962..9e3d7fd 100644 >--- a/auth2.c >+++ b/auth2.c >@@ -310,7 +310,7 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method, > #endif > } > >- if (authenticated && options.num_auth_methods != 0) { >+ if (authenticated && strcmp(options.auth_methods[0], METHOD_ANY) != 0) { > if (!auth2_update_methods_lists(authctxt, method, submethod)) { > authenticated = 0; > partial = 1; >@@ -392,7 +392,7 @@ auth2_method_allowed(Authctxt *authctxt, const char *method, > * NB. authctxt->num_auth_methods might be zero as a result of > * auth2_setup_methods_lists(), so check the configuration. > */ >- if (options.num_auth_methods == 0) >+ if (strcmp(options.auth_methods[0], METHOD_ANY) == 0) > return 1; > for (i = 0; i < authctxt->num_auth_methods; i++) { > if (list_starts_with(authctxt->auth_methods[i], method, >@@ -507,7 +507,7 @@ auth2_setup_methods_lists(Authctxt *authctxt) > { > u_int i; > >- if (options.num_auth_methods == 0) >+ if (strcmp(options.auth_methods[0], METHOD_ANY) == 0) > return 0; > debug3("%s: checking methods", __func__); > authctxt->auth_methods = xcalloc(options.num_auth_methods, >diff --git a/monitor.c b/monitor.c >index f520c97..1bb063d 100644 >--- a/monitor.c >+++ b/monitor.c >@@ -367,7 +367,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) > authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1); > > /* Special handling for multiple required authentications */ >- if (options.num_auth_methods != 0) { >+ if (strcmp(options.auth_methods[0], METHOD_ANY) != 0) { > if (!compat20) > fatal("AuthenticationMethods is not supported" > "with SSH protocol 1"); >diff --git a/servconf.c b/servconf.c >index 9257a17..9d7bade 100644 >--- a/servconf.c >+++ b/servconf.c >@@ -336,6 +336,8 @@ fill_default_server_options(ServerOptions *options) > options->fwd_opts.streamlocal_bind_unlink = 0; > if (options->fingerprint_hash == -1) > options->fingerprint_hash = SSH_FP_HASH_DEFAULT; >+ if (options->num_auth_methods == 0) >+ options->auth_methods[options->num_auth_methods++] = strdup(METHOD_ANY); > /* Turn privilege separation on by default */ > if (use_privsep == -1) > use_privsep = PRIVSEP_NOSANDBOX; >@@ -1735,7 +1737,14 @@ process_server_config_line(ServerOptions *options, char *line, > break; > > case sAuthenticationMethods: >+ if (cp == NULL || *cp == '\0') >+ fatal("%.200s line %d: Missing argument.", filename, linenum); > if (options->num_auth_methods == 0) { >+ if (strcmp(cp, METHOD_ANY) == 0) { >+ options->auth_methods[ >+ options->num_auth_methods++] = xstrdup(strdelim(&cp)); >+ break; >+ } > while ((arg = strdelim(&cp)) && *arg != '\0') { > if (options->num_auth_methods >= > MAX_AUTH_METHODS) >diff --git a/sshd.c b/sshd.c >index 78729dd..39662f0 100644 >--- a/sshd.c >+++ b/sshd.c >@@ -1705,7 +1705,7 @@ main(int ac, char **av) > * daemonisation in the presence of Match block, but this catches > * and warns for trivial misconfigurations that could break login. > */ >- if (options.num_auth_methods != 0) { >+ if (strcmp(options.auth_methods[0], METHOD_ANY) != 0) { > if ((options.protocol & SSH_PROTO_1)) > fatal("AuthenticationMethods is not supported with " > "SSH protocol 1");
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2398
:
2620
|
2836
|
2837
|
2838