- dtucker@cvs.openbsd.org 2005/06/09 13:43:49

[openssh.git] / monitor.c

diff --git a/monitor.c b/monitor.c
index d6df656b0814db839f586bef8f6e82400a3713d9..9dca9c8034c146260017f2e04ef41de10ecc8df9 100644 (file)
--- a/monitor.c
+++ b/monitor.c
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: monitor.c,v 1.61 2004/07/17 05:31:41 dtucker Exp $");
+RCSID("$OpenBSD: monitor.c,v 1.63 2005/03/10 22:01:05 deraadt Exp $");
 
 #include <openssl/dh.h>
 
@@ -192,7 +192,7 @@ struct mon_table mon_dispatch_proto20[] = {
     {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx},
 #endif
 #ifdef SSH_AUDIT_EVENTS
-    {MONITOR_REQ_AUDIT_EVENT, 0, mm_answer_audit_event},
+    {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
 #endif
 #ifdef BSD_AUTH
     {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
@@ -252,7 +252,7 @@ struct mon_table mon_dispatch_proto15[] = {
     {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx},
 #endif
 #ifdef SSH_AUDIT_EVENTS
-    {MONITOR_REQ_AUDIT_EVENT, 0, mm_answer_audit_event},
+    {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
 #endif
     {0, 0, NULL}
 };
@@ -263,7 +263,7 @@ struct mon_table mon_dispatch_postauth15[] = {
     {MONITOR_REQ_TERM, 0, mm_answer_term},
 #ifdef SSH_AUDIT_EVENTS
     {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
-    {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command},
+    {MONITOR_REQ_AUDIT_COMMAND, MON_ONCE, mm_answer_audit_command},
 #endif
     {0, 0, NULL}
 };
@@ -310,6 +310,8 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
        authctxt = _authctxt;
        memset(authctxt, 0, sizeof(*authctxt));
 
+       authctxt->loginmsg = &loginmsg;
+
        if (compat20) {
                mon_dispatch = mon_dispatch_proto20;
 
@@ -629,7 +631,7 @@ mm_answer_pwnamallow(int sock, Buffer *m)
                monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1);
 #endif
 #ifdef SSH_AUDIT_EVENTS
-       monitor_permit(mon_dispatch, MONITOR_REQ_AUDIT_EVENT, 1);
+       monitor_permit(mon_dispatch, MONITOR_REQ_AUDIT_COMMAND, 1);
 #endif
 
        return (0);
@@ -976,7 +978,7 @@ mm_answer_keyallowed(int sock, Buffer *m)
        debug3("%s: key_from_blob: %p", __func__, key);
 
        if (key != NULL && authctxt->valid) {
-               switch(type) {
+               switch (type) {
                case MM_USERKEY:
                        allowed = options.pubkey_authentication &&
                            user_key_allowed(authctxt->pw, key);
@@ -1322,7 +1324,7 @@ mm_answer_sesskey(int sock, Buffer *m)
        int rsafail;
 
        /* Turn off permissions */
-       monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 1);
+       monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 0);
 
        if ((p = BN_new()) == NULL)
                fatal("%s: BN_new", __func__);
@@ -1523,7 +1525,6 @@ mm_answer_audit_event(int socket, Buffer *m)
        debug3("%s entering", __func__);
 
        event = buffer_get_int(m);
-       buffer_free(m);
        switch(event) {
        case SSH_AUTH_FAIL_PUBKEY:
        case SSH_AUTH_FAIL_HOSTBASED:
@@ -1552,7 +1553,6 @@ mm_answer_audit_command(int socket, Buffer *m)
        /* sanity check command, if so how? */
        audit_run_command(cmd);
        xfree(cmd);
-       buffer_free(m);
        return (0);
 }
 #endif /* SSH_AUDIT_EVENTS */