-/* $OpenBSD: auth.c,v 1.137 2019/01/19 21:37:48 djm Exp $ */
+/* $OpenBSD: auth.c,v 1.138 2019/01/19 21:41:18 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
#include "compat.h"
#include "channels.h"
-#include "opacket.h" /* XXX */
-extern struct ssh *active_state; /* XXX */
-
/* import */
extern ServerOptions options;
extern int use_privsep;
* Otherwise true is returned.
*/
int
-allowed_user(struct passwd * pw)
+allowed_user(struct ssh *ssh, struct passwd * pw)
{
- struct ssh *ssh = active_state; /* XXX */
struct stat st;
const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL;
u_int i;
}
void
-auth_log(Authctxt *authctxt, int authenticated, int partial,
+auth_log(struct ssh *ssh, int authenticated, int partial,
const char *method, const char *submethod)
{
- struct ssh *ssh = active_state; /* XXX */
+ Authctxt *authctxt = (Authctxt *)ssh->authctxt;
int level = SYSLOG_LEVEL_VERBOSE;
const char *authmsg;
char *extra = NULL;
void
-auth_maxtries_exceeded(Authctxt *authctxt)
+auth_maxtries_exceeded(struct ssh *ssh)
{
- struct ssh *ssh = active_state; /* XXX */
+ Authctxt *authctxt = (Authctxt *)ssh->authctxt;
error("maximum authentication attempts exceeded for "
"%s%.100s from %.200s port %d ssh2",
authctxt->user,
ssh_remote_ipaddr(ssh),
ssh_remote_port(ssh));
- packet_disconnect("Too many authentication failures");
+ ssh_packet_disconnect(ssh, "Too many authentication failures");
/* NOTREACHED */
}
}
struct passwd *
-getpwnamallow(const char *user)
+getpwnamallow(struct ssh *ssh, const char *user)
{
- struct ssh *ssh = active_state; /* XXX */
#ifdef HAVE_LOGIN_CAP
extern login_cap_t *lc;
#ifdef BSD_AUTH
#endif /* SSH_AUDIT_EVENTS */
return (NULL);
}
- if (!allowed_user(pw))
+ if (!allowed_user(ssh, pw))
return (NULL);
#ifdef HAVE_LOGIN_CAP
if ((lc = login_getclass(pw->pw_class)) == NULL) {
}
void
-auth_debug_send(void)
+auth_debug_send(struct ssh *ssh)
{
- struct ssh *ssh = active_state; /* XXX */
char *msg;
int r;
-/* $OpenBSD: auth.h,v 1.97 2019/01/19 21:38:24 djm Exp $ */
+/* $OpenBSD: auth.h,v 1.98 2019/01/19 21:41:18 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
void do_authentication2(struct ssh *);
-void auth_log(Authctxt *, int, int, const char *, const char *);
-void auth_maxtries_exceeded(Authctxt *) __attribute__((noreturn));
+void auth_log(struct ssh *, int, int, const char *, const char *);
+void auth_maxtries_exceeded(struct ssh *) __attribute__((noreturn));
void userauth_finish(struct ssh *, int, const char *, const char *);
int auth_root_allowed(struct ssh *, const char *);
int bsdauth_query(void *, char **, char **, u_int *, char ***, u_int **);
int bsdauth_respond(void *, u_int, char **);
-int allowed_user(struct passwd *);
-struct passwd * getpwnamallow(const char *user);
+int allowed_user(struct ssh *, struct passwd *);
+struct passwd * getpwnamallow(struct ssh *, const char *user);
char *expand_authorized_keys(const char *, struct passwd *pw);
char *authorized_principals_file(struct passwd *);
/* debug messages during authentication */
void auth_debug_add(const char *fmt,...)
__attribute__((format(printf, 1, 2)));
-void auth_debug_send(void);
+void auth_debug_send(struct ssh *);
void auth_debug_reset(void);
struct passwd *fakepw(void);
-/* $OpenBSD: auth2.c,v 1.153 2019/01/19 21:38:24 djm Exp $ */
+/* $OpenBSD: auth2.c,v 1.154 2019/01/19 21:41:18 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
if (authctxt->attempt++ == 0) {
/* setup auth context */
- authctxt->pw = PRIVSEP(getpwnamallow(user));
+ authctxt->pw = PRIVSEP(getpwnamallow(ssh, user));
authctxt->user = xstrdup(user);
if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
authctxt->valid = 1;
}
/* Log before sending the reply */
- auth_log(authctxt, authenticated, partial, method, submethod);
+ auth_log(ssh, authenticated, partial, method, submethod);
/* Update information exposed to session */
if (authenticated || partial)
#ifdef SSH_AUDIT_EVENTS
PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
#endif
- auth_maxtries_exceeded(authctxt);
+ auth_maxtries_exceeded(ssh);
}
methods = authmethods_get(authctxt);
debug3("%s: failure partial=%d next methods=\"%s\"", __func__,
-/* $OpenBSD: monitor.c,v 1.189 2019/01/19 21:31:32 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.190 2019/01/19 21:41:18 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
#endif
}
if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) {
- auth_log(authctxt, authenticated, partial,
+ auth_log(ssh, authenticated, partial,
auth_method, auth_submethod);
if (!partial && !authenticated)
authctxt->failures++;
if ((r = sshbuf_get_cstring(m, &username, NULL)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
- pwent = getpwnamallow(username);
+ pwent = getpwnamallow(ssh, username);
authctxt->user = xstrdup(username);
setproctitle("%s [priv]", pwent ? username : "unknown");
hostbased_chost = chost;
} else {
/* Log failed attempt */
- auth_log(authctxt, 0, 0, auth_method, NULL);
+ auth_log(ssh, 0, 0, auth_method, NULL);
free(cuser);
free(chost);
}
-/* $OpenBSD: monitor_wrap.c,v 1.108 2019/01/19 21:31:32 djm Exp $ */
+/* $OpenBSD: monitor_wrap.c,v 1.109 2019/01/19 21:41:18 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
}
struct passwd *
-mm_getpwnamallow(const char *username)
+mm_getpwnamallow(struct ssh *ssh, const char *username)
{
- struct ssh *ssh = active_state; /* XXX */
struct sshbuf *m;
struct passwd *pw;
size_t len;
-/* $OpenBSD: monitor_wrap.h,v 1.38 2018/07/11 18:53:29 markus Exp $ */
+/* $OpenBSD: monitor_wrap.h,v 1.39 2019/01/19 21:41:18 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
enum mm_keytype { MM_NOKEY, MM_HOSTKEY, MM_USERKEY };
+struct ssh;
struct monitor;
struct Authctxt;
struct sshkey;
int mm_sshkey_sign(struct sshkey *, u_char **, size_t *, const u_char *, size_t,
const char *, u_int compat);
void mm_inform_authserv(char *, char *);
-struct passwd *mm_getpwnamallow(const char *);
+struct passwd *mm_getpwnamallow(struct ssh *, const char *);
char *mm_auth2_read_banner(void);
int mm_auth_password(struct ssh *, char *);
int mm_key_allowed(enum mm_keytype, const char *, const char *, struct sshkey *,
-/* $OpenBSD: session.c,v 1.310 2019/01/19 21:31:32 djm Exp $ */
+/* $OpenBSD: session.c,v 1.311 2019/01/19 21:41:18 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
else
channel_permit_all(ssh, FORWARD_REMOTE);
}
- auth_debug_send();
+ auth_debug_send(ssh);
prepare_auth_info_file(authctxt->pw, authctxt->session_info);
projects / thirdparty / openssh-portable.git / commitdiff
