From d81e19784bddc7fbff95c42cfacf75c84b68dea3 Mon Sep 17 00:00:00 2001
From: djm <djm@openbsd.org>
Date: Wed, 15 Jun 2022 16:08:25 +0000
Subject: [PATCH] make sure that UseDNS hostname lookup happens in the monitor
 and not in the pledge(2)'d unprivileged process; fixes regression caused by
 recent refactoring spotted by henning@

---
 usr.bin/ssh/auth.h         |  6 +++---
 usr.bin/ssh/auth2-pubkey.c | 19 ++++++++-----------
 usr.bin/ssh/monitor.c      |  9 +++------
 usr.bin/ssh/monitor_wrap.c |  7 +++----
 usr.bin/ssh/monitor_wrap.h |  6 +++---
 5 files changed, 20 insertions(+), 27 deletions(-)

diff --git a/usr.bin/ssh/auth.h b/usr.bin/ssh/auth.h
index b347307c233..54c35533ce3 100644
--- a/usr.bin/ssh/auth.h
+++ b/usr.bin/ssh/auth.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.h,v 1.105 2022/06/03 04:47:21 djm Exp $ */
+/* $OpenBSD: auth.h,v 1.106 2022/06/15 16:08:25 djm Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -126,8 +126,8 @@ int      auth_password(struct ssh *, const char *);
 
 int	 hostbased_key_allowed(struct ssh *, struct passwd *,
 	    const char *, char *, struct sshkey *);
-int	 user_key_allowed(struct passwd *, struct sshkey *, int,
-    const char *, const char *, struct sshauthopt **);
+int	 user_key_allowed(struct ssh *ssh, struct passwd *, struct sshkey *,
+    int, struct sshauthopt **);
 int	 auth2_key_already_used(Authctxt *, const struct sshkey *);
 
 /*
diff --git a/usr.bin/ssh/auth2-pubkey.c b/usr.bin/ssh/auth2-pubkey.c
index 0f447321d87..daa756a01f1 100644
--- a/usr.bin/ssh/auth2-pubkey.c
+++ b/usr.bin/ssh/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.115 2022/05/27 05:02:46 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.116 2022/06/15 16:08:25 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2010 Damien Miller.  All rights reserved.
@@ -95,9 +95,6 @@ userauth_pubkey(struct ssh *ssh, const char *method)
 	int req_presence = 0, req_verify = 0, authenticated = 0;
 	struct sshauthopt *authopts = NULL;
 	struct sshkey_sig_details *sig_details = NULL;
-	const char *remote_ip = ssh_remote_ipaddr(ssh);
-	const char *remote_host = auth_get_canonical_hostname(ssh,
-	    options.use_dns);
 
 	hostbound = strcmp(method, "publickey-hostbound-v00@openssh.com") == 0;
 
@@ -220,8 +217,7 @@ userauth_pubkey(struct ssh *ssh, const char *method)
 #endif
 		/* test for correct signature */
 		authenticated = 0;
-		if (PRIVSEP(user_key_allowed(pw, key, 1, remote_ip,
-		    remote_host, &authopts)) &&
+		if (PRIVSEP(user_key_allowed(ssh, pw, key, 1, &authopts)) &&
 		    PRIVSEP(sshkey_verify(key, sig, slen,
 		    sshbuf_ptr(b), sshbuf_len(b),
 		    (ssh->compat & SSH_BUG_SIGTYPE) == 0 ? pkalg : NULL,
@@ -283,8 +279,7 @@ userauth_pubkey(struct ssh *ssh, const char *method)
 		 * if a user is not allowed to login. is this an
 		 * issue? -markus
 		 */
-		if (PRIVSEP(user_key_allowed(pw, key, 0, remote_ip,
-		    remote_host, NULL))) {
+		if (PRIVSEP(user_key_allowed(ssh, pw, key, 0, NULL))) {
 			if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_PK_OK))
 			    != 0 ||
 			    (r = sshpkt_put_cstring(ssh, pkalg)) != 0 ||
@@ -748,13 +743,15 @@ user_key_command_allowed2(struct passwd *user_pw, struct sshkey *key,
  * Check whether key authenticates and authorises the user.
  */
 int
-user_key_allowed(struct passwd *pw, struct sshkey *key,
-    int auth_attempt, const char *remote_ip, const char *remote_host,
-    struct sshauthopt **authoptsp)
+user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
+    int auth_attempt, struct sshauthopt **authoptsp)
 {
 	u_int success = 0, i;
 	char *file;
 	struct sshauthopt *opts = NULL;
+	const char *remote_ip = ssh_remote_ipaddr(ssh);
+	const char *remote_host = auth_get_canonical_hostname(ssh,
+	    options.use_dns);
 
 	if (authoptsp != NULL)
 		*authoptsp = NULL;
diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c
index 5f812f8f219..93d122e98f0 100644
--- a/usr.bin/ssh/monitor.c
+++ b/usr.bin/ssh/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.233 2022/05/27 05:01:25 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.234 2022/06/15 16:08:25 djm Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -902,9 +902,6 @@ mm_answer_keyallowed(struct ssh *ssh, int sock, struct sshbuf *m)
 	u_int type = 0;
 	int r, allowed = 0;
 	struct sshauthopt *opts = NULL;
-	const char *remote_ip = ssh_remote_ipaddr(ssh);
-	const char *remote_host = auth_get_canonical_hostname(ssh,
-	    options.use_dns);
 
 	debug3_f("entering");
 	if ((r = sshbuf_get_u32(m, &type)) != 0 ||
@@ -930,8 +927,8 @@ mm_answer_keyallowed(struct ssh *ssh, int sock, struct sshbuf *m)
 			if (!key_base_type_match(auth_method, key,
 			    options.pubkey_accepted_algos))
 				break;
-			allowed = user_key_allowed(authctxt->pw, key,
-			    pubkey_auth_attempt, remote_ip, remote_host, &opts);
+			allowed = user_key_allowed(ssh, authctxt->pw, key,
+			    pubkey_auth_attempt, &opts);
 			break;
 		case MM_HOSTKEY:
 			auth_method = "hostbased";
diff --git a/usr.bin/ssh/monitor_wrap.c b/usr.bin/ssh/monitor_wrap.c
index b61ea1301ef..812c72ec5b0 100644
--- a/usr.bin/ssh/monitor_wrap.c
+++ b/usr.bin/ssh/monitor_wrap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.c,v 1.124 2022/05/27 05:01:25 djm Exp $ */
+/* $OpenBSD: monitor_wrap.c,v 1.125 2022/06/15 16:08:25 djm Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -411,9 +411,8 @@ mm_auth_password(struct ssh *ssh, char *password)
 }
 
 int
-mm_user_key_allowed(struct passwd *pw, struct sshkey *key,
-    int pubkey_auth_attempt, const char *remote_ip, const char *remote_host,
-    struct sshauthopt **authoptp)
+mm_user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
+    int pubkey_auth_attempt, struct sshauthopt **authoptp)
 {
 	return (mm_key_allowed(MM_USERKEY, NULL, NULL, key,
 	    pubkey_auth_attempt, authoptp));
diff --git a/usr.bin/ssh/monitor_wrap.h b/usr.bin/ssh/monitor_wrap.h
index 912dfef0ad5..c020c2c8c59 100644
--- a/usr.bin/ssh/monitor_wrap.h
+++ b/usr.bin/ssh/monitor_wrap.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.h,v 1.48 2022/05/27 05:01:25 djm Exp $ */
+/* $OpenBSD: monitor_wrap.h,v 1.49 2022/06/15 16:08:25 djm Exp $ */
 
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
@@ -54,8 +54,8 @@ char *mm_auth2_read_banner(void);
 int mm_auth_password(struct ssh *, char *);
 int mm_key_allowed(enum mm_keytype, const char *, const char *, struct sshkey *,
     int, struct sshauthopt **);
-int mm_user_key_allowed(struct passwd *, struct sshkey *, int,
-    const char *, const char *, struct sshauthopt **);
+int mm_user_key_allowed(struct ssh *ssh, struct passwd *, struct sshkey *, int,
+    struct sshauthopt **);
 int mm_hostbased_key_allowed(struct ssh *, struct passwd *, const char *,
     const char *, struct sshkey *);
 int mm_sshkey_verify(const struct sshkey *, const u_char *, size_t,
-- 
2.20.1