Commit f02e3998 authored by Ed Maste's avatar Ed Maste
Browse files

Vendor import of OpenSSH 8.0p1.

parent dc9e8d9c
This diff is collapsed.
......@@ -26,3 +26,4 @@ ssh-keysign
ssh-pkcs11-helper
sshd
!regress/misc/fuzz-harness/Makefile
tags
......@@ -5,6 +5,7 @@ fa728823ba21c4b45212750e1d3a4b2086fd1a62 more Makefile refactoring
1de0e85522051eb2ffa00437e1885e9d7b3e0c2e moduli update
814b2f670df75759e1581ecef530980b2b3d7e0f remove redundant make defs
04431e8e7872f49a2129bf080a6b73c19d576d40 moduli update
c07772f58028fda683ee6abd41c73da3ff70d403 moduli update
Old upstream tree:
......
This diff is collapsed.
......@@ -13,15 +13,15 @@ OpenSSL)
Zlib 1.1.4 or 1.2.1.2 or greater (earlier 1.2.x versions have problems):
http://www.gzip.org/zlib/
libcrypto (LibreSSL or OpenSSL >= 1.0.1 < 1.1.0)
LibreSSL http://www.libressl.org/ ; or
OpenSSL http://www.openssl.org/
libcrypto from either of:
- LibreSSL (http://www.libressl.org/)
- OpenSSL 1.0.x >= 1.0.1 or 1.1.0 >= 1.1.0g (http://www.openssl.org/)
LibreSSL/OpenSSL should be compiled as a position-independent library
(i.e. with -fPIC) otherwise OpenSSH will not be able to link with it.
If you must use a non-position-independent libcrypto, then you may need
to configure OpenSSH --without-pie. Note that because of API changes,
OpenSSL 1.1.x is not currently supported.
to configure OpenSSH --without-pie. Note that due to a bug in EVP_CipherInit
OpenSSL 1.1 versions prior to 1.1.0g can't be used.
The remaining items are optional.
......
......@@ -88,7 +88,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
canohost.o channels.o cipher.o cipher-aes.o cipher-aesctr.o \
cipher-ctr.o cleanup.o \
compat.o crc32.o fatal.o hostfile.o \
log.o match.o moduli.o nchan.o packet.o opacket.o \
log.o match.o moduli.o nchan.o packet.o \
readpass.o ttymodes.o xmalloc.o addrmatch.o \
atomicio.o dispatch.o mac.o uuencode.o misc.o utf8.o \
monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
......@@ -98,10 +98,11 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
ssh-ed25519.o digest-openssl.o digest-libc.o hmac.o \
sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o \
kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \
kexdhc.o kexgexc.o kexecdhc.o kexc25519c.o \
kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o \
kexgexc.o kexgexs.o \
sntrup4591761.o kexsntrup4591761x25519.o kexgen.o \
platform-pledge.o platform-tracing.o platform-misc.o
SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
sshconnect.o sshconnect2.o mux.o
......@@ -186,7 +187,7 @@ ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o ssh-pkcs11-client.o
ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o
$(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o readconf.o uidswap.o
ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o readconf.o uidswap.o compat.o
$(LD) -o $@ ssh-keysign.o readconf.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o
......@@ -598,6 +599,7 @@ tests interop-tests t-exec unit: regress-prep regress-binaries $(TARGETS)
TEST_SSH_SSHKEYSCAN="$${BUILDDIR}/ssh-keyscan"; \
TEST_SSH_SFTP="$${BUILDDIR}/sftp"; \
TEST_SSH_SFTPSERVER="$${BUILDDIR}/sftp-server"; \
TEST_SSH_SSHPKCS11HELPER="$${BUILDDIR}/ssh-pkcs11-helper"; \
TEST_SSH_PLINK="plink"; \
TEST_SSH_PUTTYGEN="puttygen"; \
TEST_SSH_CONCH="conch"; \
......
......@@ -34,11 +34,12 @@ these programs.
- Ssh contains several encryption algorithms. These are all
accessed through the cipher.h interface. The interface code is
in cipher.c, and the implementations are in libc.
in cipher.c, and the implementations are either in libc or
LibreSSL.
Multiple Precision Integer Library
- Uses the SSLeay BIGNUM sublibrary.
- Uses the LibreSSL BIGNUM sublibrary.
Random Numbers
......@@ -158,4 +159,4 @@ these programs.
uidswap.c uid-swapping
xmalloc.c "safe" malloc routines
$OpenBSD: OVERVIEW,v 1.14 2018/07/27 03:55:22 dtucker Exp $
$OpenBSD: OVERVIEW,v 1.15 2018/10/23 05:56:35 djm Exp $
......@@ -36,6 +36,7 @@ Certified keys are represented using new key types:
ecdsa-sha2-nistp256-cert-v01@openssh.com
ecdsa-sha2-nistp384-cert-v01@openssh.com
ecdsa-sha2-nistp521-cert-v01@openssh.com
ssh-ed25519-cert-v01@openssh.com
Two additional types exist for RSA certificates to force use of
SHA-2 signatures (SHA-256 and SHA-512 respectively):
......@@ -303,4 +304,4 @@ permit-user-rc empty Flag indicating that execution of
of this script will not be permitted if
this option is not present.
$OpenBSD: PROTOCOL.certkeys,v 1.15 2018/07/03 11:39:54 djm Exp $
$OpenBSD: PROTOCOL.certkeys,v 1.16 2018/10/26 01:23:03 djm Exp $
See https://www.openssh.com/releasenotes.html#7.9p1 for the release notes.
See https://www.openssh.com/releasenotes.html#8.0p1 for the release notes.
Please read https://www.openssh.com/report.html for bug reporting
instructions and note that we do not use Github for bug reporting or
......
# Portable OpenSSH
OpenSSH is a complete implementation of the SSH protocol (version 2) for secure remote login, command execution and file transfer. It includes a client ``ssh`` and server ``sshd``, file transfer utilities ``scp`` and ``sftp`` as well as tools for key generation (``ssh-keygen``), run-time key storage (``ssh-agent``) and a number of supporting programs.
This is a port of OpenBSD's [OpenSSH](https://openssh.com) to most Unix-like operating systems, including Linux, OS X and Cygwin. Portable OpenSSH polyfills OpenBSD APIs that are not available elsewhere, adds sshd sandboxing for more operating systems and includes support for OS-native authentication and auditing (e.g. using PAM).
## Documentation
The official documentation for OpenSSH are the man pages for each tool:
* [ssh(1)](https://man.openbsd.org/ssh.1)
* [sshd(8)](https://man.openbsd.org/sshd.8)
* [ssh-keygen(1)](https://man.openbsd.org/ssh-keygen.1)
* [ssh-agent(1)](https://man.openbsd.org/ssh-agent.1)
* [scp(1)](https://man.openbsd.org/scp.1)
* [sftp(1)](https://man.openbsd.org/sftp.1)
* [ssh-keyscan(8)](https://man.openbsd.org/ssh-keyscan.8)
* [sftp-server(8)](https://man.openbsd.org/sftp-server.8)
## Stable Releases
Stable release tarballs are available from a number of [download mirrors](https://www.openssh.com/portable.html#downloads). We recommend the use of a stable release for most users. Please read the [release notes](https://www.openssh.com/releasenotes.html) for details of recent changes and potential incompatibilities.
## Building Portable OpenSSH
### Dependencies
Portable OpenSSH is built using autoconf and make. It requires a working C compiler, standard library and headers, as well as [zlib](https://www.zlib.net/) and ``libcrypto`` from either [LibreSSL](https://www.libressl.org/) or [OpenSSL](https://www.openssl.org) to build. Certain platforms and build-time options may require additional dependencies.
### Building a release
Releases include a pre-built copy of the ``configure`` script and may be built using:
```
tar zxvf openssh-X.Y.tar.gz
cd openssh
./configure # [options]
make && make tests
```
See the [Build-time Customisation](#build-time-customisation) section below for configure options. If you plan on installing OpenSSH to your system, then you will usually want to specify destination paths.
### Building from git
If building from git, you'll need [autoconf](https://www.gnu.org/software/autoconf/) installed to build the ``configure`` script. The following commands will check out and build portable OpenSSH from git:
```
git clone https://github.com/openssh/openssh-portable # or https://anongit.mindrot.org/openssh.git
cd openssh-portable
autoreconf
./configure
make && make tests
```
### Build-time Customisation
There are many build-time customisation options available. All Autoconf destination path flags (e.g. ``--prefix``) are supported (and are usually required if you want to install OpenSSH).
For a full list of available flags, run ``configure --help`` but a few of the more frequently-used ones are described below. Some of these flags will require additional libraries and/or headers be installed.
Flag | Meaning
--- | ---
``--with-pam`` | Enable [PAM](https://en.wikipedia.org/wiki/Pluggable_authentication_module) support. [OpenPAM](https://www.openpam.org/), [Linux PAM](http://www.linux-pam.org/) and Solaris PAM are supported.
``--with-libedit`` | Enable [libedit](https://www.thrysoee.dk/editline/) support for sftp.
``--with-kerberos5`` | Enable Kerberos/GSSAPI support. Both [Heimdal](https://www.h5l.org/) and [MIT](https://web.mit.edu/kerberos/) Kerberos implementations are supported.
``--with-selinux`` | Enable [SELinux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux) support.
## Development
Portable OpenSSH development is discussed on the [openssh-unix-dev mailing list](https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev) ([archive mirror](https://marc.info/?l=openssh-unix-dev)). Bugs and feature requests are tracked on our [Bugzilla](https://bugzilla.mindrot.org/).
## Reporting bugs
_Non-security_ bugs may be reported to the developers via [Bugzilla](https://bugzilla.mindrot.org/) or via the mailing list above. Security bugs should be reported to [openssh@openssh.com](mailto:openssh.openssh.com).
/* $OpenBSD: atomicio.c,v 1.28 2016/07/27 23:18:12 djm Exp $ */
/* $OpenBSD: atomicio.c,v 1.30 2019/01/24 02:42:23 dtucker Exp $ */
/*
* Copyright (c) 2006 Damien Miller. All rights reserved.
* Copyright (c) 2005 Anil Madhavapeddy. All rights reserved.
......@@ -57,20 +57,25 @@ atomicio6(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n,
ssize_t res;
struct pollfd pfd;
#ifndef BROKEN_READ_COMPARISON
pfd.fd = fd;
#ifndef BROKEN_READ_COMPARISON
pfd.events = f == read ? POLLIN : POLLOUT;
#else
pfd.events = POLLIN|POLLOUT;
#endif
while (n > pos) {
res = (f) (fd, s + pos, n - pos);
switch (res) {
case -1:
if (errno == EINTR)
if (errno == EINTR) {
/* possible SIGALARM, update callback */
if (cb != NULL && cb(cb_arg, 0) == -1) {
errno = EINTR;
return pos;
}
continue;
if (errno == EAGAIN || errno == EWOULDBLOCK) {
#ifndef BROKEN_READ_COMPARISON
} else if (errno == EAGAIN || errno == EWOULDBLOCK) {
(void)poll(&pfd, 1, -1);
#endif
continue;
}
return 0;
......@@ -114,20 +119,25 @@ atomiciov6(ssize_t (*f) (int, const struct iovec *, int), int fd,
/* Make a copy of the iov array because we may modify it below */
memcpy(iov, _iov, (size_t)iovcnt * sizeof(*_iov));
#ifndef BROKEN_READV_COMPARISON
pfd.fd = fd;
#ifndef BROKEN_READV_COMPARISON
pfd.events = f == readv ? POLLIN : POLLOUT;
#else
pfd.events = POLLIN|POLLOUT;
#endif
for (; iovcnt > 0 && iov[0].iov_len > 0;) {
res = (f) (fd, iov, iovcnt);
switch (res) {
case -1:
if (errno == EINTR)
if (errno == EINTR) {
/* possible SIGALARM, update callback */
if (cb != NULL && cb(cb_arg, 0) == -1) {
errno = EINTR;
return pos;
}
continue;
if (errno == EAGAIN || errno == EWOULDBLOCK) {
#ifndef BROKEN_READV_COMPARISON
} else if (errno == EAGAIN || errno == EWOULDBLOCK) {
(void)poll(&pfd, 1, -1);
#endif
continue;
}
return 0;
......
/* $OpenBSD: atomicio.h,v 1.11 2010/09/22 22:58:51 djm Exp $ */
/* $OpenBSD: atomicio.h,v 1.12 2018/12/27 03:25:25 djm Exp $ */
/*
* Copyright (c) 2006 Damien Miller. All rights reserved.
......@@ -29,6 +29,8 @@
#ifndef _ATOMICIO_H
#define _ATOMICIO_H
struct iovec;
/*
* Ensure all of data on socket comes through. f==read || f==vwrite
*/
......
......@@ -391,7 +391,7 @@ audit_session_close(struct logininfo *li)
}
void
audit_event(ssh_audit_event_t event)
audit_event(struct ssh *ssh, ssh_audit_event_t event)
{
char textbuf[BSM_TEXTBUFSZ];
static int logged_in = 0;
......
......@@ -97,10 +97,8 @@ audit_session_close(struct logininfo *li)
}
void
audit_event(ssh_audit_event_t event)
audit_event(struct ssh *ssh, ssh_audit_event_t event)
{
struct ssh *ssh = active_state; /* XXX */
switch(event) {
case SSH_AUTH_SUCCESS:
case SSH_CONNECTION_CLOSE:
......
......@@ -131,7 +131,7 @@ audit_connection_from(const char *host, int port)
* events and what they mean).
*/
void
audit_event(ssh_audit_event_t event)
audit_event(struct ssh *ssh, ssh_audit_event_t event)
{
debug("audit event euid %d user %s event %d (%s)", geteuid(),
audit_username(), event, audit_event_lookup(event));
......
......@@ -27,6 +27,8 @@
#include "loginrec.h"
struct ssh;
enum ssh_audit_event_type {
SSH_LOGIN_EXCEED_MAXTRIES,
SSH_LOGIN_ROOT_DENIED,
......@@ -46,7 +48,7 @@ enum ssh_audit_event_type {
typedef enum ssh_audit_event_type ssh_audit_event_t;
void audit_connection_from(const char *, int);
void audit_event(ssh_audit_event_t);
void audit_event(struct ssh *, ssh_audit_event_t);
void audit_session_open(struct logininfo *);
void audit_session_close(struct logininfo *);
void audit_run_command(const char *);
......
......@@ -248,6 +248,9 @@ static int sshpam_maxtries_reached = 0;
static char **sshpam_env = NULL;
static Authctxt *sshpam_authctxt = NULL;
static const char *sshpam_password = NULL;
static char *sshpam_rhost = NULL;
static char *sshpam_laddr = NULL;
static char *sshpam_conninfo = NULL;
/* Some PAM implementations don't implement this */
#ifndef HAVE_PAM_GETENVLIST
......@@ -669,13 +672,17 @@ sshpam_cleanup(void)
}
static int
sshpam_init(Authctxt *authctxt)
sshpam_init(struct ssh *ssh, Authctxt *authctxt)
{
const char *pam_rhost, *pam_user, *user = authctxt->user;
const char *pam_user, *user = authctxt->user;
const char **ptr_pam_user = &pam_user;
struct ssh *ssh = active_state; /* XXX */
if (sshpam_handle != NULL) {
if (sshpam_handle == NULL) {
if (ssh == NULL) {
fatal("%s: called initially with no "
"packet context", __func__);
}
} if (sshpam_handle != NULL) {
/* We already have a PAM context; check if the user matches */
sshpam_err = pam_get_item(sshpam_handle,
PAM_USER, (sshpam_const void **)ptr_pam_user);
......@@ -694,14 +701,33 @@ sshpam_init(Authctxt *authctxt)
sshpam_handle = NULL;
return (-1);
}
pam_rhost = auth_get_canonical_hostname(ssh, options.use_dns);
debug("PAM: setting PAM_RHOST to \"%s\"", pam_rhost);
sshpam_err = pam_set_item(sshpam_handle, PAM_RHOST, pam_rhost);
if (sshpam_err != PAM_SUCCESS) {
pam_end(sshpam_handle, sshpam_err);
sshpam_handle = NULL;
return (-1);
if (ssh != NULL && sshpam_rhost == NULL) {
/*
* We need to cache these as we don't have packet context
* during the kbdint flow.
*/
sshpam_rhost = xstrdup(auth_get_canonical_hostname(ssh,
options.use_dns));
sshpam_laddr = get_local_ipaddr(
ssh_packet_get_connection_in(ssh));
xasprintf(&sshpam_conninfo, "SSH_CONNECTION=%.50s %d %.50s %d",
ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
sshpam_laddr, ssh_local_port(ssh));
}
if (sshpam_rhost != NULL) {
debug("PAM: setting PAM_RHOST to \"%s\"", sshpam_rhost);
sshpam_err = pam_set_item(sshpam_handle, PAM_RHOST,
sshpam_rhost);
if (sshpam_err != PAM_SUCCESS) {
pam_end(sshpam_handle, sshpam_err);
sshpam_handle = NULL;
return (-1);
}
/* Put SSH_CONNECTION in the PAM environment too */
pam_putenv(sshpam_handle, sshpam_conninfo);
}
#ifdef PAM_TTY_KLUDGE
/*
* Some silly PAM modules (e.g. pam_time) require a TTY to operate.
......@@ -755,7 +781,7 @@ sshpam_init_ctx(Authctxt *authctxt)
return NULL;
/* Initialize PAM */
if (sshpam_init(authctxt) == -1) {
if (sshpam_init(NULL, authctxt) == -1) {
error("PAM: initialization failed");
return (NULL);
}
......@@ -787,7 +813,6 @@ static int
sshpam_query(void *ctx, char **name, char **info,
u_int *num, char ***prompts, u_int **echo_on)
{
struct ssh *ssh = active_state; /* XXX */
struct sshbuf *buffer;
struct pam_ctxt *ctxt = ctx;
size_t plen;
......@@ -877,8 +902,7 @@ sshpam_query(void *ctx, char **name, char **info,
}
error("PAM: %s for %s%.100s from %.100s", msg,
sshpam_authctxt->valid ? "" : "illegal user ",
sshpam_authctxt->user,
auth_get_canonical_hostname(ssh, options.use_dns));
sshpam_authctxt->user, sshpam_rhost);
/* FALLTHROUGH */
default:
*num = 0;
......@@ -995,12 +1019,14 @@ KbdintDevice mm_sshpam_device = {
* This replaces auth-pam.c
*/
void
start_pam(Authctxt *authctxt)
start_pam(struct ssh *ssh)
{
Authctxt *authctxt = (Authctxt *)ssh->authctxt;
if (!options.use_pam)
fatal("PAM: initialisation requested when UsePAM=no");
if (sshpam_init(authctxt) == -1)
if (sshpam_init(ssh, authctxt) == -1)
fatal("PAM: initialisation failed");
}
......
......@@ -27,7 +27,7 @@
struct ssh;
void start_pam(Authctxt *);
void start_pam(struct ssh *);
void finish_pam(void);
u_int do_pam_account(void);
void do_pam_session(struct ssh *);
......
/* $OpenBSD: auth.c,v 1.133 2018/09/12 01:19:12 djm Exp $ */
/* $OpenBSD: auth.c,v 1.138 2019/01/19 21:41:18 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
......@@ -50,6 +50,7 @@
#include <unistd.h>
#include <limits.h>
#include <netdb.h>
#include <time.h>
#include "xmalloc.h"
#include "match.h"
......@@ -96,9 +97,8 @@ static struct sshbuf *auth_debug;
* Otherwise true is returned.
*/
int
allowed_user(struct passwd * pw)
allowed_user(struct ssh *ssh, struct passwd * pw)
{
struct ssh *ssh = active_state; /* XXX */
struct stat st;
const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL;
u_int i;
......@@ -258,7 +258,7 @@ allowed_user(struct passwd * pw)
}
#ifdef CUSTOM_SYS_AUTH_ALLOWED_USER
if (!sys_auth_allowed_user(pw, &loginmsg))
if (!sys_auth_allowed_user(pw, loginmsg))
return 0;
#endif
......@@ -308,10 +308,10 @@ format_method_key(Authctxt *authctxt)
}
void
auth_log(Authctxt *authctxt, int authenticated, int partial,
auth_log(struct ssh *ssh, int authenticated, int partial,
const char *method, const char *submethod)
{
struct ssh *ssh = active_state; /* XXX */
Authctxt *authctxt = (Authctxt *)ssh->authctxt;
int level = SYSLOG_LEVEL_VERBOSE;
const char *authmsg;
char *extra = NULL;
......@@ -356,26 +356,26 @@ auth_log(Authctxt *authctxt, int authenticated, int partial,
(strcmp(method, "password") == 0 ||
strncmp(method, "keyboard-interactive", 20) == 0 ||
strcmp(method, "challenge-response") == 0))
record_failed_login(authctxt->user,
record_failed_login(ssh, authctxt->user,
auth_get_canonical_hostname(ssh, options.use_dns), "ssh");
# ifdef WITH_AIXAUTHENTICATE
if (authenticated)
sys_auth_record_login(authctxt->user,
auth_get_canonical_hostname(ssh, options.use_dns), "ssh",
&loginmsg);
loginmsg);
# endif
#endif
#ifdef SSH_AUDIT_EVENTS
if (authenticated == 0 && !authctxt->postponed)
audit_event(audit_classify_auth(method));
audit_event(ssh, audit_classify_auth(method));
#endif
}
void
auth_maxtries_exceeded(Authctxt *authctxt)
auth_maxtries_exceeded(struct ssh *ssh)
{
struct ssh *ssh = active_state; /* XXX */
Authctxt *authctxt = (Authctxt *)ssh->authctxt;
error("maximum authentication attempts exceeded for "
"%s%.100s from %.200s port %d ssh2",
......@@ -383,7 +383,7 @@ auth_maxtries_exceeded(Authctxt *authctxt)
authctxt->user,
ssh_remote_ipaddr(ssh),
ssh_remote_port(ssh));
packet_disconnect("Too many authentication failures");
ssh_packet_disconnect(ssh, "Too many authentication failures");
/* NOTREACHED */
}
......@@ -437,7 +437,7 @@ expand_authorized_keys(const char *filename, struct passwd *pw)
* Ensure that filename starts anchored. If not, be backward
* compatible and prepend the '%h/'
*/
if (*file == '/')
if (path_absolute(file))
return (file);
i = snprintf(ret, sizeof(ret), "%s/%s", pw->pw_dir, file);
......@@ -558,9 +558,8 @@ auth_openprincipals(const char *file, struct passwd *pw, int strict_modes)
}
struct passwd *
getpwnamallow(const char *user)
getpwnamallow(struct ssh *ssh, const char *user)
{
struct ssh *ssh = active_state; /* XXX */
#ifdef HAVE_LOGIN_CAP
extern login_cap_t *lc;
#ifdef BSD_AUTH
......@@ -568,8 +567,9 @@ getpwnamallow(const char *user)
#endif
#endif
struct passwd *pw;
struct connection_info *ci = get_connection_info(1, options.use_dns);
struct connection_info *ci;
ci = get_connection_info(ssh, 1, options.use_dns);
ci->user = user;
parse_server_match_config(&options, ci);
log_change_level(options.log_level);
......@@ -583,33 +583,20 @@ getpwnamallow(const char *user)
#if defined(_AIX) && defined(HAVE_SETAUTHDB)
aix_restoreauthdb();
#endif
#ifdef HAVE_CYGWIN
/*
* Windows usernames are case-insensitive. To avoid later problems
* when trying to match the username, the user is only allowed to
* login if the username is given in the same case as stored in the
* user database.
*/
if (pw != NULL && strcmp(user, pw->pw_name) != 0) {
logit("Login name %.100s does not match stored username %.100s",
user, pw->pw_name);
pw = NULL;
}
#endif
if (pw == NULL) {
logit("Invalid user %.100s from %.100s port %d",
user, ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
#ifdef CUSTOM_FAILED_LOGIN
record_failed_login(user,
record_failed_login(ssh, user,
auth_get_canonical_hostname(ssh, options.use_dns), "ssh");
#endif
#ifdef SSH_AUDIT_EVENTS
audit_event(SSH_INVALID_USER);
audit_event(ssh, SSH_INVALID_USER);
#endif /* SSH_AUDIT_EVENTS */
return (NULL);
}
if (!allowed_user(pw))
if (!allowed_user(ssh, pw))
return (NULL);
#ifdef HAVE_LOGIN_CAP
if ((lc = login_getclass(pw->pw_class)) == NULL) {
......@@ -688,9 +675,8 @@ auth_debug_add(const char *fmt,...)
}
void
auth_debug_send(void)
auth_debug_send(struct ssh *ssh)
{
struct ssh *ssh = active_state; /* XXX */
char *msg;
int r;
......@@ -893,7 +879,7 @@ subprocess(const char *tag, struct passwd *pw, const char *command,
* If executing an explicit binary, then verify the it exists
* and appears safe-ish to execute
*/
if (*av[0] != '/') {
if (!path_absolute(av[0])) {
error("%s path is not absolute", tag);
return 0;
}
......
/* $OpenBSD: auth.h,v 1.96 2018/04/10 00:10:49 djm Exp $ */
/* $OpenBSD: auth.h,v 1.99 2019/01/19 21:43:56 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
......@@ -132,8 +132,8 @@ auth_rhosts2(struct passwd *, const char *, const char *, const char *);