monitor.c (162856) | monitor.c (164149) |
---|---|
1/* $OpenBSD: monitor.c,v 1.88 2006/08/12 20:46:46 miod Exp $ */ | 1/* $OpenBSD: monitor.c,v 1.89 2006/11/07 10:31:31 markus Exp $ */ |
2/* 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: --- 11 unchanged lines hidden (view full) --- 21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 */ 27 28#include "includes.h" | 2/* 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: --- 11 unchanged lines hidden (view full) --- 21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 */ 27 28#include "includes.h" |
29__RCSID("$FreeBSD: head/crypto/openssh/monitor.c 162856 2006-09-30 13:38:06Z des $"); | 29__RCSID("$FreeBSD: head/crypto/openssh/monitor.c 164149 2006-11-10 16:52:41Z des $"); |
30 31#include <sys/types.h> 32#include <sys/param.h> 33#include <sys/socket.h> 34#include "openbsd-compat/sys-tree.h" 35#include <sys/wait.h> 36 37#include <errno.h> --- 316 unchanged lines hidden (view full) --- 354 mon_dispatch = mon_dispatch_proto15; 355 356 monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 1); 357 } 358 359 /* The first few requests do not require asynchronous access */ 360 while (!authenticated) { 361 auth_method = "unknown"; | 30 31#include <sys/types.h> 32#include <sys/param.h> 33#include <sys/socket.h> 34#include "openbsd-compat/sys-tree.h" 35#include <sys/wait.h> 36 37#include <errno.h> --- 316 unchanged lines hidden (view full) --- 354 mon_dispatch = mon_dispatch_proto15; 355 356 monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 1); 357 } 358 359 /* The first few requests do not require asynchronous access */ 360 while (!authenticated) { 361 auth_method = "unknown"; |
362 authenticated = monitor_read(pmonitor, mon_dispatch, &ent); | 362 authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1); |
363 if (authenticated) { 364 if (!(ent->flags & MON_AUTHDECIDE)) 365 fatal("%s: unexpected authentication from %d", 366 __func__, ent->type); 367 if (authctxt->pw->pw_uid == 0 && 368 !auth_root_allowed(auth_method)) 369 authenticated = 0; 370#ifdef USE_PAM --- 850 unchanged lines hidden (view full) --- 1221 valid_data = 0; 1222 break; 1223 } 1224 if (!valid_data) 1225 fatal("%s: bad signature data blob", __func__); 1226 1227 verified = key_verify(key, signature, signaturelen, data, datalen); 1228 debug3("%s: key %p signature %s", | 363 if (authenticated) { 364 if (!(ent->flags & MON_AUTHDECIDE)) 365 fatal("%s: unexpected authentication from %d", 366 __func__, ent->type); 367 if (authctxt->pw->pw_uid == 0 && 368 !auth_root_allowed(auth_method)) 369 authenticated = 0; 370#ifdef USE_PAM --- 850 unchanged lines hidden (view full) --- 1221 valid_data = 0; 1222 break; 1223 } 1224 if (!valid_data) 1225 fatal("%s: bad signature data blob", __func__); 1226 1227 verified = key_verify(key, signature, signaturelen, data, datalen); 1228 debug3("%s: key %p signature %s", |
1229 __func__, key, verified ? "verified" : "unverified"); | 1229 __func__, key, (verified == 1) ? "verified" : "unverified"); |
1230 1231 key_free(key); 1232 xfree(blob); 1233 xfree(signature); 1234 xfree(data); 1235 1236 auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased"; 1237 1238 monitor_reset_key_state(); 1239 1240 buffer_clear(m); 1241 buffer_put_int(m, verified); 1242 mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m); 1243 | 1230 1231 key_free(key); 1232 xfree(blob); 1233 xfree(signature); 1234 xfree(data); 1235 1236 auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased"; 1237 1238 monitor_reset_key_state(); 1239 1240 buffer_clear(m); 1241 buffer_put_int(m, verified); 1242 mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m); 1243 |
1244 return (verified); | 1244 return (verified == 1); |
1245} 1246 1247static void 1248mm_record_login(Session *s, struct passwd *pw) 1249{ 1250 socklen_t fromlen; 1251 struct sockaddr_storage from; 1252 --- 711 unchanged lines hidden --- | 1245} 1246 1247static void 1248mm_record_login(Session *s, struct passwd *pw) 1249{ 1250 socklen_t fromlen; 1251 struct sockaddr_storage from; 1252 --- 711 unchanged lines hidden --- |