Changeset View
Changeset View
Standalone View
Standalone View
monitor.c
Show First 20 Lines • Show All 119 Lines • ▼ Show 20 Lines | |||||
/* State exported from the child */ | /* State exported from the child */ | ||||
static struct sshbuf *child_state; | static struct sshbuf *child_state; | ||||
/* Functions on the monitor that answer unprivileged requests */ | /* Functions on the monitor that answer unprivileged requests */ | ||||
int mm_answer_moduli(int, Buffer *); | int mm_answer_moduli(int, Buffer *); | ||||
int mm_answer_sign(int, Buffer *); | int mm_answer_sign(int, Buffer *); | ||||
int mm_answer_login_getpwclass(int, Buffer *); | |||||
int mm_answer_pwnamallow(int, Buffer *); | int mm_answer_pwnamallow(int, Buffer *); | ||||
int mm_answer_auth2_read_banner(int, Buffer *); | int mm_answer_auth2_read_banner(int, Buffer *); | ||||
int mm_answer_authserv(int, Buffer *); | int mm_answer_authserv(int, Buffer *); | ||||
int mm_answer_authpassword(int, Buffer *); | int mm_answer_authpassword(int, Buffer *); | ||||
int mm_answer_bsdauthquery(int, Buffer *); | int mm_answer_bsdauthquery(int, Buffer *); | ||||
int mm_answer_bsdauthrespond(int, Buffer *); | int mm_answer_bsdauthrespond(int, Buffer *); | ||||
int mm_answer_skeyquery(int, Buffer *); | int mm_answer_skeyquery(int, Buffer *); | ||||
int mm_answer_skeyrespond(int, Buffer *); | int mm_answer_skeyrespond(int, Buffer *); | ||||
▲ Show 20 Lines • Show All 62 Lines • ▼ Show 20 Lines | |||||
#define MON_PERMIT 0x1000 /* Request is permitted */ | #define MON_PERMIT 0x1000 /* Request is permitted */ | ||||
struct mon_table mon_dispatch_proto20[] = { | struct mon_table mon_dispatch_proto20[] = { | ||||
#ifdef WITH_OPENSSL | #ifdef WITH_OPENSSL | ||||
{MONITOR_REQ_MODULI, MON_ONCE, mm_answer_moduli}, | {MONITOR_REQ_MODULI, MON_ONCE, mm_answer_moduli}, | ||||
#endif | #endif | ||||
{MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, | {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, | ||||
{MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, | {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, | ||||
{MONITOR_REQ_GETPWCLASS, MON_AUTH, mm_answer_login_getpwclass}, | |||||
{MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, | {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, | ||||
{MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, | {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, | ||||
{MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, | {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, | ||||
#ifdef USE_PAM | #ifdef USE_PAM | ||||
{MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start}, | {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start}, | ||||
{MONITOR_REQ_PAM_ACCOUNT, 0, mm_answer_pam_account}, | {MONITOR_REQ_PAM_ACCOUNT, 0, mm_answer_pam_account}, | ||||
{MONITOR_REQ_PAM_INIT_CTX, MON_ONCE, mm_answer_pam_init_ctx}, | {MONITOR_REQ_PAM_INIT_CTX, MON_ONCE, mm_answer_pam_init_ctx}, | ||||
{MONITOR_REQ_PAM_QUERY, 0, mm_answer_pam_query}, | {MONITOR_REQ_PAM_QUERY, 0, mm_answer_pam_query}, | ||||
▲ Show 20 Lines • Show All 488 Lines • ▼ Show 20 Lines | mm_answer_sign(int sock, Buffer *m) | ||||
mm_request_send(sock, MONITOR_ANS_SIGN, m); | mm_request_send(sock, MONITOR_ANS_SIGN, m); | ||||
/* Turn on permissions for getpwnam */ | /* Turn on permissions for getpwnam */ | ||||
monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1); | monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1); | ||||
return (0); | return (0); | ||||
} | } | ||||
int | |||||
mm_answer_login_getpwclass(int sock, Buffer *m) | |||||
{ | |||||
login_cap_t *lc; | |||||
struct passwd *pw; | |||||
u_int len; | |||||
debug3("%s", __func__); | |||||
pw = buffer_get_passwd(m); | |||||
if (pw == NULL) | |||||
cem: Can be `sizeof(*pw)` | |||||
Not Done Inline ActionsI'll fix this. naito.yuichiro_gmail.com: I'll fix this. | |||||
fatal("%s: receive get struct passwd failed", __func__); | |||||
Not Done Inline ActionsThis message is maybe too specific now, because we may also just be out of memory :-) cem: This message is maybe too specific now, because we may also just be out of memory :-) | |||||
Not Done Inline ActionsAh, yes. I will fix log message. naito.yuichiro_gmail.com: Ah, yes. I will fix log message. | |||||
lc = login_getpwclass(pw); | |||||
if (lc == NULL) { | |||||
buffer_put_char(m, 0); | |||||
goto out; | |||||
} | |||||
buffer_put_char(m, 1); | |||||
buffer_put_cstring(m, lc->lc_class); | |||||
buffer_put_cstring(m, lc->lc_cap); | |||||
buffer_put_cstring(m, lc->lc_style); | |||||
login_close(lc); | |||||
out: | |||||
debug3("%s: sending MONITOR_ANS_GETPWCLASS", __func__); | |||||
mm_request_send(sock, MONITOR_ANS_GETPWCLASS, m); | |||||
buffer_free_passwd(pw); | |||||
Not Done Inline ActionsCan be sizeof(*lc) But also I don't think we need to send the struct. See below. cem: Can be `sizeof(*lc)`
But also I don't think we need to send the struct. See below. | |||||
Not Done Inline ActionsI'll fix this and comment blow. naito.yuichiro_gmail.com: I'll fix this and comment blow. | |||||
return (0); | |||||
} | |||||
/* Retrieves the password entry and also checks if the user is permitted */ | /* Retrieves the password entry and also checks if the user is permitted */ | ||||
Not Done Inline ActionsHm. I think it should be after out:, except for lc_class will only be valid here. Is that string critical to the log message? cem: Hm. I think it should be after `out:`, except for `lc_class` will only be valid here. Is that… | |||||
Not Done Inline ActionsNo, lc_class is not critical. I think log the message is more important even if log_getpwsclass(3) failed. I will move the debug3() function after out: and remove lc_class from the message. naito.yuichiro_gmail.com: No, `lc_class` is not critical. I think log the message is more important even if… | |||||
int | int | ||||
mm_answer_pwnamallow(int sock, Buffer *m) | mm_answer_pwnamallow(int sock, Buffer *m) | ||||
{ | { | ||||
struct ssh *ssh = active_state; /* XXX */ | struct ssh *ssh = active_state; /* XXX */ | ||||
char *username; | char *username; | ||||
struct passwd *pwent; | struct passwd *pwent; | ||||
int allowed = 0; | int allowed = 0; | ||||
u_int i; | u_int i; | ||||
Show All 19 Lines | if (pwent == NULL) { | ||||
goto out; | goto out; | ||||
} | } | ||||
allowed = 1; | allowed = 1; | ||||
authctxt->pw = pwent; | authctxt->pw = pwent; | ||||
authctxt->valid = 1; | authctxt->valid = 1; | ||||
buffer_put_char(m, 1); | buffer_put_char(m, 1); | ||||
buffer_put_string(m, pwent, sizeof(struct passwd)); | buffer_put_passwd(m, pwent); | ||||
buffer_put_cstring(m, pwent->pw_name); | |||||
buffer_put_cstring(m, "*"); | |||||
#ifdef HAVE_STRUCT_PASSWD_PW_GECOS | |||||
buffer_put_cstring(m, pwent->pw_gecos); | |||||
#endif | |||||
#ifdef HAVE_STRUCT_PASSWD_PW_CLASS | |||||
buffer_put_cstring(m, pwent->pw_class); | |||||
#endif | |||||
buffer_put_cstring(m, pwent->pw_dir); | |||||
buffer_put_cstring(m, pwent->pw_shell); | |||||
out: | out: | ||||
ssh_packet_set_log_preamble(ssh, "%suser %s", | ssh_packet_set_log_preamble(ssh, "%suser %s", | ||||
authctxt->valid ? "authenticating" : "invalid ", authctxt->user); | authctxt->valid ? "authenticating" : "invalid ", authctxt->user); | ||||
buffer_put_string(m, &options, sizeof(options)); | buffer_put_string(m, &options, sizeof(options)); | ||||
#define M_CP_STROPT(x) do { \ | #define M_CP_STROPT(x) do { \ | ||||
if (options.x != NULL) \ | if (options.x != NULL) \ | ||||
▲ Show 20 Lines • Show All 1,089 Lines • Show Last 20 Lines |
Can be sizeof(*pw)