[openssh-commits] [openssh] 01/01: Tighten monitor state-machine flow for PAM calls
git+noreply at mindrot.org
git+noreply at mindrot.org
Mon Aug 29 11:49:22 AEST 2016
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit b38b95f5bcc52278feb839afda2987933f68ff96
Author: Damien Miller <djm at mindrot.org>
Date: Mon Aug 29 11:47:07 2016 +1000
Tighten monitor state-machine flow for PAM calls
(attack surface reduction)
---
monitor.c | 21 +++++++++++++++++----
1 file changed, 17 insertions(+), 4 deletions(-)
diff --git a/monitor.c b/monitor.c
index a86b779..b255f27 100644
--- a/monitor.c
+++ b/monitor.c
@@ -208,9 +208,9 @@ struct mon_table mon_dispatch_proto20[] = {
#ifdef USE_PAM
{MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start},
{MONITOR_REQ_PAM_ACCOUNT, 0, mm_answer_pam_account},
- {MONITOR_REQ_PAM_INIT_CTX, MON_ISAUTH, mm_answer_pam_init_ctx},
- {MONITOR_REQ_PAM_QUERY, MON_ISAUTH, mm_answer_pam_query},
- {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond},
+ {MONITOR_REQ_PAM_INIT_CTX, MON_ONCE, mm_answer_pam_init_ctx},
+ {MONITOR_REQ_PAM_QUERY, 0, mm_answer_pam_query},
+ {MONITOR_REQ_PAM_RESPOND, MON_ONCE, mm_answer_pam_respond},
{MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx},
#endif
#ifdef SSH_AUDIT_EVENTS
@@ -990,6 +990,7 @@ mm_answer_pam_start(int sock, Buffer *m)
start_pam(authctxt);
monitor_permit(mon_dispatch, MONITOR_REQ_PAM_ACCOUNT, 1);
+ monitor_permit(mon_dispatch, MONITOR_REQ_PAM_INIT_CTX, 1);
return (0);
}
@@ -1019,11 +1020,14 @@ int
mm_answer_pam_init_ctx(int sock, Buffer *m)
{
debug3("%s", __func__);
+ if (sshpam_ctxt != NULL)
+ fatal("%s: already called", __func__);
sshpam_ctxt = (sshpam_device.init_ctx)(authctxt);
sshpam_authok = NULL;
buffer_clear(m);
if (sshpam_ctxt != NULL) {
monitor_permit(mon_dispatch, MONITOR_REQ_PAM_FREE_CTX, 1);
+ monitor_permit(mon_dispatch, MONITOR_REQ_PAM_QUERY, 1);
buffer_put_int(m, 1);
} else {
buffer_put_int(m, 0);
@@ -1041,11 +1045,14 @@ mm_answer_pam_query(int sock, Buffer *m)
debug3("%s", __func__);
sshpam_authok = NULL;
+ if (sshpam_ctxt == NULL)
+ fatal("%s: no context", __func__);
ret = (sshpam_device.query)(sshpam_ctxt, &name, &info, &num, &prompts, &echo_on);
if (ret == 0 && num == 0)
sshpam_authok = sshpam_ctxt;
if (num > 1 || name == NULL || info == NULL)
- ret = -1;
+ fatal("sshpam_device.query failed");
+ monitor_permit(mon_dispatch, MONITOR_REQ_PAM_RESPOND, 1);
buffer_clear(m);
buffer_put_int(m, ret);
buffer_put_cstring(m, name);
@@ -1075,6 +1082,8 @@ mm_answer_pam_respond(int sock, Buffer *m)
int ret;
debug3("%s", __func__);
+ if (sshpam_ctxt == NULL)
+ fatal("%s: no context", __func__);
sshpam_authok = NULL;
num = buffer_get_int(m);
if (num > 0) {
@@ -1104,10 +1113,14 @@ mm_answer_pam_free_ctx(int sock, Buffer *m)
int r = sshpam_authok != NULL && sshpam_authok == sshpam_ctxt;
debug3("%s", __func__);
+ if (sshpam_ctxt == NULL)
+ fatal("%s: no context", __func__);
(sshpam_device.free_ctx)(sshpam_ctxt);
sshpam_ctxt = sshpam_authok = NULL;
buffer_clear(m);
mm_request_send(sock, MONITOR_ANS_PAM_FREE_CTX, m);
+ /* Allow another attempt */
+ monitor_permit(mon_dispatch, MONITOR_REQ_PAM_INIT_CTX, 1);
auth_method = "keyboard-interactive";
auth_submethod = "pam";
return r;
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list