diff options
| author | Damien Miller <djm@mindrot.org> | 2003-02-24 02:03:38 +0100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2003-02-24 02:03:38 +0100 |
| commit | 06ebedf3656bbe603d0a0d8db9eeeb35ff702643 (patch) | |
| tree | 755e626188c06e427106aeb475b7a479c36d88f8 | |
| parent | - markus@cvs.openbsd.org 2003/02/16 17:09:57 (diff) | |
| download | openssh-06ebedf3656bbe603d0a0d8db9eeeb35ff702643.tar.xz openssh-06ebedf3656bbe603d0a0d8db9eeeb35ff702643.zip | |
- markus@cvs.openbsd.org 2003/02/16 17:30:33
[monitor.c monitor_wrap.c]
fix permitrootlogin forced-commands-only for privsep; bux #387; ok provos@
Diffstat (limited to '')
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | monitor.c | 4 | ||||
| -rw-r--r-- | monitor_wrap.c | 17 |
3 files changed, 22 insertions, 5 deletions
@@ -67,6 +67,10 @@ [kex.c kexdh.c kexgex.c kex.h sshconnect2.c sshd.c ssh-keyscan.c] split kex into client and server code, no need to link server code into the client; ok provos@ + - markus@cvs.openbsd.org 2003/02/16 17:30:33 + [monitor.c monitor_wrap.c] + fix permitrootlogin forced-commands-only for privsep; bux #387; + ok provos@ 20030211 - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com @@ -1167,4 +1171,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2612 2003/02/24 01:03:03 djm Exp $ +$Id: ChangeLog,v 1.2613 2003/02/24 01:03:38 djm Exp $ @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor.c,v 1.31 2003/02/04 09:33:22 markus Exp $"); +RCSID("$OpenBSD: monitor.c,v 1.32 2003/02/16 17:30:33 markus Exp $"); #include <openssl/dh.h> @@ -826,6 +826,7 @@ mm_answer_keyallowed(int socket, Buffer *m) buffer_clear(m); buffer_put_int(m, allowed); + buffer_put_int(m, forced_command != NULL); mm_append_debug(m); @@ -1188,6 +1189,7 @@ mm_answer_rsa_keyallowed(int socket, Buffer *m) } buffer_clear(m); buffer_put_int(m, allowed); + buffer_put_int(m, forced_command != NULL); /* clear temporarily storage (used by generate challenge) */ monitor_reset_key_state(); diff --git a/monitor_wrap.c b/monitor_wrap.c index 551bbc15a..1395a32f4 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor_wrap.c,v 1.21 2003/02/04 09:33:22 markus Exp $"); +RCSID("$OpenBSD: monitor_wrap.c,v 1.22 2003/02/16 17:30:33 markus Exp $"); #include <openssl/bn.h> #include <openssl/dh.h> @@ -34,6 +34,7 @@ RCSID("$OpenBSD: monitor_wrap.c,v 1.21 2003/02/04 09:33:22 markus Exp $"); #include "dh.h" #include "kex.h" #include "auth.h" +#include "auth-options.h" #include "buffer.h" #include "bufaux.h" #include "packet.h" @@ -312,7 +313,7 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key) Buffer m; u_char *blob; u_int len; - int allowed = 0; + int allowed = 0, have_forced = 0; debug3("%s entering", __func__); @@ -334,6 +335,11 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key) allowed = buffer_get_int(&m); + /* fake forced command */ + auth_clear_options(); + have_forced = buffer_get_int(&m); + forced_command = have_forced ? xstrdup("true") : NULL; + /* Send potential debug messages */ mm_send_debug(&m); @@ -853,7 +859,7 @@ mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) Key *key; u_char *blob; u_int blen; - int allowed = 0; + int allowed = 0, have_forced = 0; debug3("%s entering", __func__); @@ -865,6 +871,11 @@ mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) allowed = buffer_get_int(&m); + /* fake forced command */ + auth_clear_options(); + have_forced = buffer_get_int(&m); + forced_command = have_forced ? xstrdup("true") : NULL; + if (allowed && rkey != NULL) { blob = buffer_get_string(&m, &blen); if ((key = key_from_blob(blob, blen)) == NULL) |