Author: emaste
Date: Wed Nov 20 16:30:37 2019
New Revision: 354897
URL: https://svnweb.freebsd.org/changeset/base/354897
Log:
sshd: make getpwclass wrapper MON_ISAUTH not MON_AUTH
In r339216 a privsep wrapper was added for login_getpwclass to address
PR 231172. Unfortunately the change used the MON_AUTH flag in the
wrapper, and MON_AUTH includes MON_AUTHDECIDE which triggers an
auth_log() on each invocation. getpwclass() does not participate in the
authentication decision, so should be MON_ISAUTH instead.
PR: 234793
Submitted by: Henry Hu
Reviewed by: Yuichiro NAITO
MFC after: 1 week
Modified:
head/crypto/openssh/monitor.c
Modified: head/crypto/openssh/monitor.c
==============================================================================
--- head/crypto/openssh/monitor.c Wed Nov 20 16:20:49 2019
(r354896)
+++ head/crypto/openssh/monitor.c Wed Nov 20 16:30:37 2019
(r354897)
@@ -193,7 +193,7 @@ struct mon_table mon_dispatch_proto20[] = {
#endif
{MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
#ifdef HAVE_LOGIN_CAP
- {MONITOR_REQ_GETPWCLASS, MON_AUTH, mm_answer_login_getpwclass},
+ {MONITOR_REQ_GETPWCLASS, MON_ISAUTH, mm_answer_login_getpwclass},
#endif
{MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
{MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "[email protected]"
