RepoMirrors
/
openssh
mirror of git://anongit.mindrot.org/openssh.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- markus@cvs.openbsd.org 2003/02/16 17:30:33 

[monitor.c monitor_wrap.c]
     fix permitrootlogin forced-commands-only for privsep; bux #387; ok provos@
This commit is contained in:
Damien Miller 2003-02-24 12:03:38 +11:00
parent 8e7fb33523
commit 06ebedf365
3 changed files with 22 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -67,6 +67,10 @@
[kex.c kexdh.c kexgex.c kex.h sshconnect2.c sshd.c ssh-keyscan.c]
split kex into client and server code, no need to link
server code into the client; ok provos@
- markus@cvs.openbsd.org 2003/02/16 17:30:33
[monitor.c monitor_wrap.c]
fix permitrootlogin forced-commands-only for privsep; bux #387;
ok provos@
20030211
- (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com
@ -1167,4 +1171,4 @@
save auth method before monitor_reset_key_state(); bugzilla bug #284;
ok provos@
$Id: ChangeLog,v 1.2612 2003/02/24 01:03:03 djm Exp $
$Id: ChangeLog,v 1.2613 2003/02/24 01:03:38 djm Exp $

4
monitor.c
View File

@ -25,7 +25,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: monitor.c,v 1.31 2003/02/04 09:33:22 markus Exp $");
RCSID("$OpenBSD: monitor.c,v 1.32 2003/02/16 17:30:33 markus Exp $");
#include <openssl/dh.h>
@ -826,6 +826,7 @@ mm_answer_keyallowed(int socket, Buffer *m)
buffer_clear(m);
buffer_put_int(m, allowed);
buffer_put_int(m, forced_command != NULL);
mm_append_debug(m);
@ -1188,6 +1189,7 @@ mm_answer_rsa_keyallowed(int socket, Buffer *m)
}
buffer_clear(m);
buffer_put_int(m, allowed);
buffer_put_int(m, forced_command != NULL);
/* clear temporarily storage (used by generate challenge) */
monitor_reset_key_state();

17
monitor_wrap.c
View File

@ -25,7 +25,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: monitor_wrap.c,v 1.21 2003/02/04 09:33:22 markus Exp $");
RCSID("$OpenBSD: monitor_wrap.c,v 1.22 2003/02/16 17:30:33 markus Exp $");
#include <openssl/bn.h>
#include <openssl/dh.h>
@ -34,6 +34,7 @@ RCSID("$OpenBSD: monitor_wrap.c,v 1.21 2003/02/04 09:33:22 markus Exp $");
#include "dh.h"
#include "kex.h"
#include "auth.h"
#include "auth-options.h"
#include "buffer.h"
#include "bufaux.h"
#include "packet.h"
@ -312,7 +313,7 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key)
Buffer m;
u_char *blob;
u_int len;
int allowed = 0;
int allowed = 0, have_forced = 0;
debug3("%s entering", __func__);
@ -334,6 +335,11 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key)
allowed = buffer_get_int(&m);
/* fake forced command */
auth_clear_options();
have_forced = buffer_get_int(&m);
forced_command = have_forced ? xstrdup("true") : NULL;
/* Send potential debug messages */
mm_send_debug(&m);
@ -853,7 +859,7 @@ mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
Key *key;
u_char *blob;
u_int blen;
int allowed = 0;
int allowed = 0, have_forced = 0;
debug3("%s entering", __func__);
@ -865,6 +871,11 @@ mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
allowed = buffer_get_int(&m);
/* fake forced command */
auth_clear_options();
have_forced = buffer_get_int(&m);
forced_command = have_forced ? xstrdup("true") : NULL;
if (allowed && rkey != NULL) {
blob = buffer_get_string(&m, &blen);
if ((key = key_from_blob(blob, blen)) == NULL)