upstream: make sure that UseDNS hostname lookup happens in the monitor

and not in the pledge(2)'d unprivileged process; fixes regression caused by
recent refactoring spotted by henning@

OpenBSD-Commit-ID: a089870b95101cd8881a2dff65b2f1627d13e88d

diff --git a/auth.h b/auth.h
index b743406eac847614872f227b31c409610e140f94..6d2d3976234e2a4e88e3a91f3fce00fc791a7676 100644 (file)
--- a/auth.h
+++ b/auth.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.h,v 1.105 2022/06/03 04:47:21 djm Exp $ */
+/* $OpenBSD: auth.h,v 1.106 2022/06/15 16:08:25 djm Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -135,8 +135,8 @@ int      auth_password(struct ssh *, const char *);
 
 int     hostbased_key_allowed(struct ssh *, struct passwd *,
            const char *, char *, struct sshkey *);
-int     user_key_allowed(struct passwd *, struct sshkey *, int,
-    const char *, const char *, struct sshauthopt **);
+int     user_key_allowed(struct ssh *ssh, struct passwd *, struct sshkey *,
+    int, struct sshauthopt **);
 int     auth2_key_already_used(Authctxt *, const struct sshkey *);
 
 /*

diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index 952af119e534599958731ded21b84c48b97e6198..962fd342089f1323aadeadc1f7fab1219fc470b3 100644 (file)
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.115 2022/05/27 05:02:46 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.116 2022/06/15 16:08:25 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2010 Damien Miller.  All rights reserved.
@@ -98,9 +98,6 @@ userauth_pubkey(struct ssh *ssh, const char *method)
        int req_presence = 0, req_verify = 0, authenticated = 0;
        struct sshauthopt *authopts = NULL;
        struct sshkey_sig_details *sig_details = NULL;
-       const char *remote_ip = ssh_remote_ipaddr(ssh);
-       const char *remote_host = auth_get_canonical_hostname(ssh,
-           options.use_dns);
 
        hostbound = strcmp(method, "publickey-hostbound-v00@openssh.com") == 0;
 
@@ -223,8 +220,7 @@ userauth_pubkey(struct ssh *ssh, const char *method)
 #endif
                /* test for correct signature */
                authenticated = 0;
-               if (PRIVSEP(user_key_allowed(pw, key, 1, remote_ip,
-                   remote_host, &authopts)) &&
+               if (PRIVSEP(user_key_allowed(ssh, pw, key, 1, &authopts)) &&
                    PRIVSEP(sshkey_verify(key, sig, slen,
                    sshbuf_ptr(b), sshbuf_len(b),
                    (ssh->compat & SSH_BUG_SIGTYPE) == 0 ? pkalg : NULL,
@@ -286,8 +282,7 @@ userauth_pubkey(struct ssh *ssh, const char *method)
                 * if a user is not allowed to login. is this an
                 * issue? -markus
                 */
-               if (PRIVSEP(user_key_allowed(pw, key, 0, remote_ip,
-                   remote_host, NULL))) {
+               if (PRIVSEP(user_key_allowed(ssh, pw, key, 0, NULL))) {
                        if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_PK_OK))
                            != 0 ||
                            (r = sshpkt_put_cstring(ssh, pkalg)) != 0 ||
@@ -751,13 +746,15 @@ user_key_command_allowed2(struct passwd *user_pw, struct sshkey *key,
  * Check whether key authenticates and authorises the user.
  */
 int
-user_key_allowed(struct passwd *pw, struct sshkey *key,
-    int auth_attempt, const char *remote_ip, const char *remote_host,
-    struct sshauthopt **authoptsp)
+user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
+    int auth_attempt, struct sshauthopt **authoptsp)
 {
        u_int success = 0, i;
        char *file;
        struct sshauthopt *opts = NULL;
+       const char *remote_ip = ssh_remote_ipaddr(ssh);
+       const char *remote_host = auth_get_canonical_hostname(ssh,
+           options.use_dns);
 
        if (authoptsp != NULL)
                *authoptsp = NULL;

diff --git a/monitor.c b/monitor.c
index 0221260945b5800b40b0607175f42e73d7866b9b..91e0e62454b7f6c150f554b6a82b8f21fc5e6b9e 100644 (file)
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.233 2022/05/27 05:01:25 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.234 2022/06/15 16:08:25 djm Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -1151,9 +1151,6 @@ mm_answer_keyallowed(struct ssh *ssh, int sock, struct sshbuf *m)
        u_int type = 0;
        int r, allowed = 0;
        struct sshauthopt *opts = NULL;
-       const char *remote_ip = ssh_remote_ipaddr(ssh);
-       const char *remote_host = auth_get_canonical_hostname(ssh,
-           options.use_dns);
 
        debug3_f("entering");
        if ((r = sshbuf_get_u32(m, &type)) != 0 ||
@@ -1179,8 +1176,8 @@ mm_answer_keyallowed(struct ssh *ssh, int sock, struct sshbuf *m)
                        if (!key_base_type_match(auth_method, key,
                            options.pubkey_accepted_algos))
                                break;
-                       allowed = user_key_allowed(authctxt->pw, key,
-                           pubkey_auth_attempt, remote_ip, remote_host, &opts);
+                       allowed = user_key_allowed(ssh, authctxt->pw, key,
+                           pubkey_auth_attempt, &opts);
                        break;
                case MM_HOSTKEY:
                        auth_method = "hostbased";

diff --git a/monitor_wrap.c b/monitor_wrap.c
index 925985a83c17ee68fd8c510c52703a4d5433860a..b2c85205eb963bc913cb138e14fde195c5ca642f 100644 (file)
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.c,v 1.124 2022/05/27 05:01:25 djm Exp $ */
+/* $OpenBSD: monitor_wrap.c,v 1.125 2022/06/15 16:08:25 djm Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -434,9 +434,8 @@ mm_auth_password(struct ssh *ssh, char *password)
 }
 
 int
-mm_user_key_allowed(struct passwd *pw, struct sshkey *key,
-    int pubkey_auth_attempt, const char *remote_ip, const char *remote_host,
-    struct sshauthopt **authoptp)
+mm_user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
+    int pubkey_auth_attempt, struct sshauthopt **authoptp)
 {
        return (mm_key_allowed(MM_USERKEY, NULL, NULL, key,
            pubkey_auth_attempt, authoptp));

diff --git a/monitor_wrap.h b/monitor_wrap.h
index c5a75b9a3cd19db5e2f0eb57e4d6cd49b81d093a..0df49c25be11f4527a7f1c6677518ee2ec8ef127 100644 (file)
--- a/monitor_wrap.h
+++ b/monitor_wrap.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.h,v 1.48 2022/05/27 05:01:25 djm Exp $ */
+/* $OpenBSD: monitor_wrap.h,v 1.49 2022/06/15 16:08:25 djm Exp $ */
 
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
@@ -54,8 +54,8 @@ char *mm_auth2_read_banner(void);
 int mm_auth_password(struct ssh *, char *);
 int mm_key_allowed(enum mm_keytype, const char *, const char *, struct sshkey *,
     int, struct sshauthopt **);
-int mm_user_key_allowed(struct passwd *, struct sshkey *, int,
-    const char *, const char *, struct sshauthopt **);
+int mm_user_key_allowed(struct ssh *ssh, struct passwd *, struct sshkey *, int,
+    struct sshauthopt **);
 int mm_hostbased_key_allowed(struct ssh *, struct passwd *, const char *,
     const char *, struct sshkey *);
 int mm_sshkey_verify(const struct sshkey *, const u_char *, size_t,