GSSAPI monitor hardening

Damien Miller djm at mindrot.org
Mon Sep 5 10:46:24 AEST 2016


Hi,

Could someone who uses GSSAPI user authentication help test the
following patch? This improves the restrictions in the privilege
separation monitor to be a bit more stict. There should be no
change in behaviour.

If the patch breaks something then it should be immediately apparent -
the server will drop connections during user-authentication.

-d

diff --git a/monitor.c b/monitor.c
index fc006eb..ee76516 100644
--- a/monitor.c
+++ b/monitor.c
@@ -228,9 +228,9 @@ struct mon_table mon_dispatch_proto20[] = {
     {MONITOR_REQ_KEYVERIFY, MON_AUTH, mm_answer_keyverify},
 #ifdef GSSAPI
     {MONITOR_REQ_GSSSETUP, MON_ISAUTH, mm_answer_gss_setup_ctx},
-    {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx},
-    {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},
-    {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic},
+    {MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx},
+    {MONITOR_REQ_GSSUSEROK, MON_ONCE|MON_AUTHDECIDE, mm_answer_gss_userok},
+    {MONITOR_REQ_GSSCHECKMIC, MON_ONCE, mm_answer_gss_checkmic},
 #endif
     {0, 0, NULL}
 };


More information about the openssh-unix-dev mailing list