- djm@cvs.openbsd.org 2003/11/04 08:54:09

     [auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c]
     [auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c]
     [session.c]
     standardise arguments to auth methods - they should all take authctxt.
     check authctxt->valid rather then pw != NULL; ok markus@

diff --git a/ChangeLog b/ChangeLog
index 4b60f5c74b192b7d4284d533a2ce33878dc335e1..19ea6d5d5905add4c20d4fce41c183d0bd3386f9 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,12 @@
    - jakob@cvs.openbsd.org 2003/11/03 09:37:32
      [sshconnect.c]
      do not free static type pointer in warn_changed_key()
+   - djm@cvs.openbsd.org 2003/11/04 08:54:09
+     [auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c]
+     [auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c]
+     [session.c]
+     standardise arguments to auth methods - they should all take authctxt.
+     check authctxt->valid rather then pw != NULL; ok markus@
 
 20031115
  - (dtucker) [regress/agent-ptrace.sh] Test for GDB output from Solaris and

diff --git a/auth-krb5.c b/auth-krb5.c
index e31f2eb0e5fc3d8607d2e77c48a5ab0f158a8936..101e53bca3d1128be22410fa87f83509d68e4168 100644 (file)
--- a/auth-krb5.c
+++ b/auth-krb5.c
@@ -28,7 +28,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-krb5.c,v 1.13 2003/09/23 20:17:11 markus Exp $");
+RCSID("$OpenBSD: auth-krb5.c,v 1.14 2003/11/04 08:54:09 djm Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -72,7 +72,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
        krb5_error_code problem;
        krb5_ccache ccache = NULL;
 
-       if (authctxt->pw == NULL)
+       if (!authctxt->valid)
                return (0);
 
        temporarily_use_uid(authctxt->pw);

diff --git a/auth-passwd.c b/auth-passwd.c
index 971c7ba19d9be09cc4efdd1d37f0c9dfc6c13f53..b7e275556214c07d22a402033ef495633b5c3105 100644 (file)
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -36,7 +36,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-passwd.c,v 1.29 2003/08/26 09:58:43 markus Exp $");
+RCSID("$OpenBSD: auth-passwd.c,v 1.30 2003/11/04 08:54:09 djm Exp $");
 
 #include "packet.h"
 #include "log.h"
@@ -60,11 +60,8 @@ auth_password(Authctxt *authctxt, const char *password)
        struct passwd * pw = authctxt->pw;
        int ok = authctxt->valid;
 
-       /* deny if no user. */
-       if (pw == NULL)
-               return 0;
 #ifndef HAVE_CYGWIN
-       if (pw && pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
+       if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
                ok = 0;
 #endif
        if (*password == '\0' && options.permit_empty_passwd == 0)

diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c
index 2eb7e6e2dbc3a24c78a80a77f471f80ef7e71f1e..29eb538ec92cc395323212a07aa10c18256c7a8e 100644 (file)
--- a/auth-rh-rsa.c
+++ b/auth-rh-rsa.c
@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-rh-rsa.c,v 1.36 2003/06/02 09:17:34 markus Exp $");
+RCSID("$OpenBSD: auth-rh-rsa.c,v 1.37 2003/11/04 08:54:09 djm Exp $");
 
 #include "packet.h"
 #include "uidswap.h"
@@ -52,14 +52,15 @@ auth_rhosts_rsa_key_allowed(struct passwd *pw, char *cuser, char *chost,
  * its host key.  Returns true if authentication succeeds.
  */
 int
-auth_rhosts_rsa(struct passwd *pw, char *cuser, Key *client_host_key)
+auth_rhosts_rsa(Authctxt *authctxt, char *cuser, Key *client_host_key)
 {
        char *chost;
+       struct passwd *pw = authctxt->pw;
 
        debug("Trying rhosts with RSA host authentication for client user %.100s",
            cuser);
 
-       if (pw == NULL || client_host_key == NULL ||
+       if (!authctxt->valid || client_host_key == NULL ||
            client_host_key->rsa == NULL)
                return 0;
 

diff --git a/auth-rhosts.c b/auth-rhosts.c
index b42a64c90acbb9aef44f025cd4aba6101c519a14..585246e822f6646e739a92e6d11afc5c47cab8b8 100644 (file)
--- a/auth-rhosts.c
+++ b/auth-rhosts.c
@@ -14,7 +14,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-rhosts.c,v 1.31 2003/06/02 09:17:34 markus Exp $");
+RCSID("$OpenBSD: auth-rhosts.c,v 1.32 2003/11/04 08:54:09 djm Exp $");
 
 #include "packet.h"
 #include "uidswap.h"
@@ -173,10 +173,6 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam
        debug2("auth_rhosts2: clientuser %s hostname %s ipaddr %s",
            client_user, hostname, ipaddr);
 
-       /* no user given */
-       if (pw == NULL)
-               return 0;
-
        /* Switch to the user's uid. */
        temporarily_use_uid(pw);
        /*

diff --git a/auth-rsa.c b/auth-rsa.c
index 5631d238c16ba098a081da5df2583272f6c57203..2f0746b30565c343b5702b18b7e42deda26f4779 100644 (file)
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -14,7 +14,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-rsa.c,v 1.57 2003/04/08 20:21:28 itojun Exp $");
+RCSID("$OpenBSD: auth-rsa.c,v 1.58 2003/11/04 08:54:09 djm Exp $");
 
 #include <openssl/rsa.h>
 #include <openssl/md5.h>
@@ -284,13 +284,14 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
  * successful.  This may exit if there is a serious protocol violation.
  */
 int
-auth_rsa(struct passwd *pw, BIGNUM *client_n)
+auth_rsa(Authctxt *authctxt, BIGNUM *client_n)
 {
        Key *key;
        char *fp;
+       struct passwd *pw = authctxt->pw;
 
        /* no user given */
-       if (pw == NULL)
+       if (!authctxt->valid)
                return 0;
 
        if (!PRIVSEP(auth_rsa_key_allowed(pw, client_n, &key))) {

diff --git a/auth.h b/auth.h
index b081bb5cb71352bff3367eb3a98796e1d393ffc1..34afdb4923118437a37ce966cf76bb0f31dc45a7 100644 (file)
--- a/auth.h
+++ b/auth.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: auth.h,v 1.47 2003/09/23 20:17:11 markus Exp $        */
+/*     $OpenBSD: auth.h,v 1.48 2003/11/04 08:54:09 djm Exp $   */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -102,9 +102,9 @@ int      auth_rhosts(struct passwd *, const char *);
 int
 auth_rhosts2(struct passwd *, const char *, const char *, const char *);
 
-int     auth_rhosts_rsa(struct passwd *, char *, Key *);
+int     auth_rhosts_rsa(Authctxt *, char *, Key *);
 int      auth_password(Authctxt *, const char *);
-int      auth_rsa(struct passwd *, BIGNUM *);
+int      auth_rsa(Authctxt *, BIGNUM *);
 int      auth_rsa_challenge_dialog(Key *);
 BIGNUM *auth_rsa_generate_challenge(Key *);
 int     auth_rsa_verify_response(Key *, BIGNUM *, u_char[]);

diff --git a/auth1.c b/auth1.c
index 38c0bf93cfc896279084e5e7809fda4b54a5ae25..ea81524f10835cf91b653b1a8972d1bc006dad9b 100644 (file)
--- a/auth1.c
+++ b/auth1.c
@@ -10,7 +10,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.53 2003/09/23 20:17:11 markus Exp $");
+RCSID("$OpenBSD: auth1.c,v 1.54 2003/11/04 08:54:09 djm Exp $");
 
 #include "xmalloc.h"
 #include "rsa.h"
@@ -139,7 +139,7 @@ do_authloop(Authctxt *authctxt)
                                    BN_num_bits(client_host_key->rsa->n), bits);
                        packet_check_eom();
 
-                       authenticated = auth_rhosts_rsa(pw, client_user,
+                       authenticated = auth_rhosts_rsa(authctxt, client_user,
                            client_host_key);
                        key_free(client_host_key);
 
@@ -156,7 +156,7 @@ do_authloop(Authctxt *authctxt)
                                fatal("do_authloop: BN_new failed");
                        packet_get_bignum(n);
                        packet_check_eom();
-                       authenticated = auth_rsa(pw, n);
+                       authenticated = auth_rsa(authctxt, n);
                        BN_clear_free(n);
                        break;
 

diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index d51e939f19d42ba087b0b56ff8860d085e6afe90..c28571ab6c774fd50c6d215b8beecb661bb3d2d7 100644 (file)
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth2-pubkey.c,v 1.4 2003/06/24 08:23:46 markus Exp $");
+RCSID("$OpenBSD: auth2-pubkey.c,v 1.5 2003/11/04 08:54:09 djm Exp $");
 
 #include "ssh2.h"
 #include "xmalloc.h"
@@ -175,9 +175,6 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file)
        Key *found;
        char *fp;
 
-       if (pw == NULL)
-               return 0;
-
        /* Temporarily use the user's uid. */
        temporarily_use_uid(pw);
 

diff --git a/auth2.c b/auth2.c
index ef1173fe67f07d9038725c825d5005b3799ccb2a..a9490ccfd1f7aefbb8ed7dd5eafa29387e175233 100644 (file)
--- a/auth2.c
+++ b/auth2.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.103 2003/09/23 20:17:11 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.104 2003/11/04 08:54:09 djm Exp $");
 
 #include "ssh2.h"
 #include "xmalloc.h"
@@ -77,7 +77,6 @@ static void input_userauth_request(int, u_int32_t, void *);
 static Authmethod *authmethod_lookup(const char *);
 static char *authmethods_get(void);
 int user_key_allowed(struct passwd *, Key *);
-int hostbased_key_allowed(struct passwd *, const char *, char *, Key *);
 
 /*
  * loop until authctxt->success == TRUE

diff --git a/monitor.c b/monitor.c
index eaf66f7c88b57dcb1b1a61de3a9d55f2029a3516..e83fb45a7c27ad2d1f0f7f543a47ecd6ddd22fc6 100644 (file)
--- a/monitor.c
+++ b/monitor.c
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: monitor.c,v 1.50 2003/09/23 20:17:11 markus Exp $");
+RCSID("$OpenBSD: monitor.c,v 1.51 2003/11/04 08:54:09 djm Exp $");
 
 #include <openssl/dh.h>
 
@@ -946,7 +946,7 @@ mm_answer_keyallowed(int socket, Buffer *m)
 
        debug3("%s: key_from_blob: %p", __func__, key);
 
-       if (key != NULL && authctxt->pw != NULL) {
+       if (key != NULL && authctxt->valid) {
                switch(type) {
                case MM_USERKEY:
                        allowed = options.pubkey_authentication &&

diff --git a/serverloop.c b/serverloop.c
index 21656cf8746d0ac39b43a93ac40d11cd95f47227..98793b7564455d27fc745fb14597ae86953fb20a 100644 (file)
--- a/serverloop.c
+++ b/serverloop.c
@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: serverloop.c,v 1.111 2003/09/23 20:17:11 markus Exp $");
+RCSID("$OpenBSD: serverloop.c,v 1.112 2003/11/04 08:54:09 djm Exp $");
 
 #include "xmalloc.h"
 #include "packet.h"
@@ -973,8 +973,8 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
                u_short listen_port;
 
                pw = the_authctxt->pw;
-               if (pw == NULL)
-                       fatal("server_input_global_request: no user");
+               if (pw == NULL || !the_authctxt->pw)
+                       fatal("server_input_global_request: no/invalid user");
                listen_address = packet_get_string(NULL);
                listen_port = (u_short)packet_get_int();
                debug("server_input_global_request: tcpip-forward listen %s port %d",

diff --git a/session.c b/session.c
index 2b228906d20a10121ebeaca8a7b24c4be4b29e2f..0f8032430d3894f0685414e25ad6ee907f4782a5 100644 (file)
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.166 2003/10/14 19:54:39 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.167 2003/11/04 08:54:09 djm Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -1532,7 +1532,7 @@ session_open(Authctxt *authctxt, int chanid)
        }
        s->authctxt = authctxt;
        s->pw = authctxt->pw;
-       if (s->pw == NULL)
+       if (s->pw == NULL || !authctxt->valid)
                fatal("no user for session %d", s->self);
        debug("session_open: session %d: link with channel %d", s->self, chanid);
        s->chanid = chanid;