forked from rpms/openssh
fix the required authentications patch (#872608)
This commit is contained in:
parent
ab30b92bd6
commit
20d541d728
@ -745,56 +745,77 @@ diff -up openssh-6.1p1/servconf.c.required-authentication openssh-6.1p1/servconf
|
|||||||
{ "ipqos", sIPQoS, SSHCFG_ALL },
|
{ "ipqos", sIPQoS, SSHCFG_ALL },
|
||||||
{ "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },
|
{ "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },
|
||||||
{ NULL, sBadOption, 0 }
|
{ NULL, sBadOption, 0 }
|
||||||
@@ -1298,6 +1305,33 @@ process_server_config_line(ServerOptions
|
@@ -1298,6 +1305,37 @@ process_server_config_line(ServerOptions
|
||||||
options->max_startups = options->max_startups_begin;
|
options->max_startups = options->max_startups_begin;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
+
|
+
|
||||||
+ case sRequiredAuthentications1:
|
+ case sRequiredAuthentications1:
|
||||||
+ charptr = &options->required_auth1;
|
+ if (*activep && options->required_auth1 == NULL) {
|
||||||
+ arg = strdelim(&cp);
|
+ charptr = &options->required_auth1;
|
||||||
+ if (!arg || *arg == '\0')
|
+ arg = strdelim(&cp);
|
||||||
+ fatal("%.200s line %d: Missing argument.",
|
+ if (!arg || *arg == '\0')
|
||||||
+ filename, linenum);
|
+ fatal("%.200s line %d: Missing argument.",
|
||||||
+ if (auth1_check_required(arg) != 0)
|
+ filename, linenum);
|
||||||
+ fatal("%.200s line %d: Invalid required authentication "
|
+ if (auth1_check_required(arg) != 0)
|
||||||
+ "list", filename, linenum);
|
+ fatal("%.200s line %d: Invalid required authentication "
|
||||||
+ if (*charptr == NULL)
|
+ "list", filename, linenum);
|
||||||
+ *charptr = xstrdup(arg);
|
+ if (*charptr == NULL)
|
||||||
+ break;
|
+ *charptr = xstrdup(arg);
|
||||||
|
+ }
|
||||||
|
+ return 0;
|
||||||
+
|
+
|
||||||
+ case sRequiredAuthentications2:
|
+ case sRequiredAuthentications2:
|
||||||
+ charptr = &options->required_auth2;
|
+ if (*activep && options->required_auth2 == NULL) {
|
||||||
+ arg = strdelim(&cp);
|
+ charptr = &options->required_auth2;
|
||||||
+ if (!arg || *arg == '\0')
|
+ arg = strdelim(&cp);
|
||||||
+ fatal("%.200s line %d: Missing argument.",
|
+ if (!arg || *arg == '\0')
|
||||||
+ filename, linenum);
|
+ fatal("%.200s line %d: Missing argument.",
|
||||||
+ if (auth2_check_required(arg) != 0)
|
+ filename, linenum);
|
||||||
+ fatal("%.200s line %d: Invalid required authentication "
|
+ if (auth2_check_required(arg) != 0)
|
||||||
+ "list", filename, linenum);
|
+ fatal("%.200s line %d: Invalid required authentication "
|
||||||
+ if (*charptr == NULL)
|
+ "list", filename, linenum);
|
||||||
+ *charptr = xstrdup(arg);
|
+ if (*charptr == NULL)
|
||||||
+ break;
|
+ *charptr = xstrdup(arg);
|
||||||
|
+ }
|
||||||
|
+ return 0;
|
||||||
+
|
+
|
||||||
case sMaxAuthTries:
|
case sMaxAuthTries:
|
||||||
intptr = &options->max_authtries;
|
intptr = &options->max_authtries;
|
||||||
goto parse_int;
|
goto parse_int;
|
||||||
|
@@ -1925,6 +1963,7 @@ dump_config(ServerOptions *o)
|
||||||
|
dump_cfg_strarray(sAllowGroups, o->num_allow_groups, o->allow_groups);
|
||||||
|
dump_cfg_strarray(sDenyGroups, o->num_deny_groups, o->deny_groups);
|
||||||
|
dump_cfg_strarray(sAcceptEnv, o->num_accept_env, o->accept_env);
|
||||||
|
+ dump_cfg_string(sRequiredAuthentications2, o->required_auth2);
|
||||||
|
|
||||||
|
/* other arguments */
|
||||||
|
for (i = 0; i < o->num_subsystems; i++)
|
||||||
diff -up openssh-6.1p1/servconf.h.required-authentication openssh-6.1p1/servconf.h
|
diff -up openssh-6.1p1/servconf.h.required-authentication openssh-6.1p1/servconf.h
|
||||||
--- openssh-6.1p1/servconf.h.required-authentication 2012-07-31 04:21:34.000000000 +0200
|
--- openssh-6.1p1/servconf.h.required-authentication 2012-07-31 04:21:34.000000000 +0200
|
||||||
+++ openssh-6.1p1/servconf.h 2012-09-14 20:17:56.810488571 +0200
|
+++ openssh-6.1p1/servconf.h 2012-11-08 13:37:33.135918526 +0100
|
||||||
@@ -154,6 +154,9 @@ typedef struct {
|
@@ -154,6 +154,9 @@ typedef struct {
|
||||||
u_int num_authkeys_files; /* Files containing public keys */
|
u_int num_authkeys_files; /* Files containing public keys */
|
||||||
char *authorized_keys_files[MAX_AUTHKEYS_FILES];
|
char *authorized_keys_files[MAX_AUTHKEYS_FILES];
|
||||||
|
|
||||||
+ char *required_auth1; /* Required, but not sufficient */
|
+ char *required_auth1;
|
||||||
+ char *required_auth2;
|
+ char *required_auth2;
|
||||||
+
|
+
|
||||||
char *adm_forced_command;
|
char *adm_forced_command;
|
||||||
|
|
||||||
int use_pam; /* Enable auth via PAM */
|
int use_pam; /* Enable auth via PAM */
|
||||||
|
@@ -197,6 +200,8 @@ struct connection_info {
|
||||||
|
M_CP_STRARRAYOPT(allow_groups, num_allow_groups); \
|
||||||
|
M_CP_STRARRAYOPT(deny_groups, num_deny_groups); \
|
||||||
|
M_CP_STRARRAYOPT(accept_env, num_accept_env); \
|
||||||
|
+ M_CP_STROPT(required_auth1); \
|
||||||
|
+ M_CP_STROPT(required_auth2); \
|
||||||
|
} while (0)
|
||||||
|
|
||||||
|
struct connection_info *get_connection_info(int, int);
|
||||||
diff -up openssh-6.1p1/sshd_config.5.required-authentication openssh-6.1p1/sshd_config.5
|
diff -up openssh-6.1p1/sshd_config.5.required-authentication openssh-6.1p1/sshd_config.5
|
||||||
--- openssh-6.1p1/sshd_config.5.required-authentication 2012-07-02 10:53:38.000000000 +0200
|
--- openssh-6.1p1/sshd_config.5.required-authentication 2012-07-02 10:53:38.000000000 +0200
|
||||||
+++ openssh-6.1p1/sshd_config.5 2012-09-14 20:17:56.812488582 +0200
|
+++ openssh-6.1p1/sshd_config.5 2012-11-08 13:28:34.669017468 +0100
|
||||||
@@ -731,6 +731,8 @@ Available keywords are
|
@@ -731,6 +731,8 @@ Available keywords are
|
||||||
.Cm PermitOpen ,
|
.Cm PermitOpen ,
|
||||||
.Cm PermitRootLogin ,
|
.Cm PermitRootLogin ,
|
||||||
|
Loading…
Reference in New Issue
Block a user