Bugzilla – Attachment 91 Details for
Bug 230
UsePrivilegeSeparation turns off Banner.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Make Banner work with privsep as expected
openssh-banner-privsep.diff (text/plain), 5.36 KB, created by
Damien Miller
on 2002-04-30 11:46:42 AEST
(
hide
)
Description:
Make Banner work with privsep as expected
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2002-04-30 11:46:42 AEST
Size:
5.36 KB
patch
obsolete
>Index: auth.h >=================================================================== >RCS file: /var/cvs/openssh/auth.h,v >retrieving revision 1.38 >diff -u -r1.38 auth.h >--- auth.h 22 Mar 2002 02:50:08 -0000 1.38 >+++ auth.h 30 Apr 2002 01:45:03 -0000 >@@ -136,6 +136,8 @@ > void userauth_finish(Authctxt *, int, char *); > int auth_root_allowed(char *); > >+char *auth2_read_banner(void); >+ > void privsep_challenge_enable(void); > > int auth2_challenge(Authctxt *, char *); >Index: auth2.c >=================================================================== >RCS file: /var/cvs/openssh/auth2.c,v >retrieving revision 1.100 >diff -u -r1.100 auth2.c >--- auth2.c 23 Apr 2002 10:28:49 -0000 1.100 >+++ auth2.c 30 Apr 2002 01:45:03 -0000 >@@ -281,25 +281,45 @@ > } > } > >-static void >-userauth_banner(void) >+char * >+auth2_read_banner(void) > { > struct stat st; > char *banner = NULL; > off_t len, n; > int fd; > >- if (options.banner == NULL || (datafellows & SSH_BUG_BANNER)) >- return; > if ((fd = open(options.banner, O_RDONLY)) < 0) >- return; >- if (fstat(fd, &st) < 0) >- goto done; >+ return (NULL); >+ if (fstat(fd, &st) < 0) { >+ close(fd); >+ return (NULL); >+ } > len = st.st_size; > banner = xmalloc(len + 1); >- if ((n = read(fd, banner, len)) < 0) >- goto done; >+ n = read(fd, banner, len); >+ close(fd); >+ >+ if (n < 0) { >+ free(banner); >+ return(NULL); >+ } > banner[n] = '\0'; >+ >+ return (banner); >+} >+ >+static void >+userauth_banner(void) >+{ >+ char *banner = NULL; >+ >+ if (options.banner == NULL || (datafellows & SSH_BUG_BANNER)) >+ return; >+ >+ if ((banner = PRIVSEP(auth2_read_banner())) == NULL) >+ goto done; >+ > packet_start(SSH2_MSG_USERAUTH_BANNER); > packet_put_cstring(banner); > packet_put_cstring(""); /* language, unused */ >@@ -308,7 +328,6 @@ > done: > if (banner) > xfree(banner); >- close(fd); > return; > } > >Index: monitor.c >=================================================================== >RCS file: /var/cvs/openssh/monitor.c,v >retrieving revision 1.10 >diff -u -r1.10 monitor.c >--- monitor.c 23 Apr 2002 10:28:49 -0000 1.10 >+++ monitor.c 30 Apr 2002 01:45:03 -0000 >@@ -96,6 +96,7 @@ > int mm_answer_moduli(int, Buffer *); > int mm_answer_sign(int, Buffer *); > int mm_answer_pwnamallow(int, Buffer *); >+int mm_answer_auth2_read_banner(int, Buffer *); > int mm_answer_authserv(int, Buffer *); > int mm_answer_authpassword(int, Buffer *); > int mm_answer_bsdauthquery(int, Buffer *); >@@ -147,6 +148,7 @@ > {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, > {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, > {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, >+ {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, > {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, > #ifdef USE_PAM > {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start}, >@@ -521,11 +523,28 @@ > /* For SSHv1 allow authentication now */ > if (!compat20) > monitor_permit_authentications(1); >- else >+ else { > /* Allow service/style information on the auth context */ > monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); >+ monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); >+ } >+ >+ >+ return (0); >+} >+ >+int mm_answer_auth2_read_banner(int socket, Buffer *m) >+{ >+ char *banner; > >+ buffer_clear(m); > >+ banner = auth2_read_banner(); >+ >+ buffer_put_cstring(m, banner != NULL ? banner : ""); >+ >+ mm_request_send(socket, MONITOR_ANS_AUTH2_READ_BANNER, m); >+ > return (0); > } > >Index: monitor.h >=================================================================== >RCS file: /var/cvs/openssh/monitor.h,v >retrieving revision 1.5 >diff -u -r1.5 monitor.h >--- monitor.h 23 Apr 2002 10:28:49 -0000 1.5 >+++ monitor.h 30 Apr 2002 01:45:03 -0000 >@@ -33,6 +33,7 @@ > MONITOR_REQ_FREE, MONITOR_REQ_AUTHSERV, > MONITOR_REQ_SIGN, MONITOR_ANS_SIGN, > MONITOR_REQ_PWNAM, MONITOR_ANS_PWNAM, >+ MONITOR_REQ_AUTH2_READ_BANNER, MONITOR_ANS_AUTH2_READ_BANNER, > MONITOR_REQ_AUTHPASSWORD, MONITOR_ANS_AUTHPASSWORD, > MONITOR_REQ_BSDAUTHQUERY, MONITOR_ANS_BSDAUTHQUERY, > MONITOR_REQ_BSDAUTHRESPOND, MONITOR_ANS_BSDAUTHRESPOND, >Index: monitor_wrap.c >=================================================================== >RCS file: /var/cvs/openssh/monitor_wrap.c,v >retrieving revision 1.6 >diff -u -r1.6 monitor_wrap.c >--- monitor_wrap.c 23 Apr 2002 10:28:49 -0000 1.6 >+++ monitor_wrap.c 30 Apr 2002 01:45:03 -0000 >@@ -207,6 +207,28 @@ > return (pw); > } > >+char* mm_auth2_read_banner(void) >+{ >+ Buffer m; >+ char *banner; >+ >+ debug3("%s entering", __FUNCTION__); >+ >+ buffer_init(&m); >+ >+ mm_request_send(monitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, &m); >+ >+ buffer_clear(&m); >+ >+ mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_AUTH2_READ_BANNER, &m); >+ >+ banner = buffer_get_string(&m, NULL); >+ >+ buffer_free(&m); >+ >+ return (banner); >+} >+ > /* Inform the privileged process about service and style */ > > void >Index: monitor_wrap.h >=================================================================== >RCS file: /var/cvs/openssh/monitor_wrap.h,v >retrieving revision 1.5 >diff -u -r1.5 monitor_wrap.h >--- monitor_wrap.h 23 Apr 2002 10:28:49 -0000 1.5 >+++ monitor_wrap.h 30 Apr 2002 01:45:03 -0000 >@@ -44,6 +44,7 @@ > int mm_key_sign(Key *, u_char **, u_int *, u_char *, u_int); > void mm_inform_authserv(char *, char *); > struct passwd *mm_getpwnamallow(const char *); >+char* mm_auth2_read_banner(void); > int mm_auth_password(struct Authctxt *, char *); > int mm_key_allowed(enum mm_keytype, char *, char *, Key *); > int mm_user_key_allowed(struct passwd *, Key *);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=91">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 230
: 91