- /* Process the packet. */
- switch (type) {
- case SSH_CMSG_AUTH_RHOSTS_RSA:
- if (!options.rhosts_rsa_authentication) {
- verbose("Rhosts with RSA authentication disabled.");
- break;
- }
- /*
- * Get client user name. Note that we just have to
- * trust the client; root on the client machine can
- * claim to be any user.
- */
- client_user = packet_get_string(&ulen);
-
- /* Get the client host key. */
- client_host_key = key_new(KEY_RSA1);
- bits = packet_get_int();
- packet_get_bignum(client_host_key->rsa->e);
- packet_get_bignum(client_host_key->rsa->n);
-
- if (bits != BN_num_bits(client_host_key->rsa->n))
- verbose("Warning: keysize mismatch for client_host_key: "
- "actual %d, announced %d",
- BN_num_bits(client_host_key->rsa->n), bits);
- packet_check_eom();
-
- authenticated = auth_rhosts_rsa(authctxt, client_user,
- client_host_key);
- key_free(client_host_key);
-
- snprintf(info, sizeof info, " ruser %.100s", client_user);
- break;
-
- case SSH_CMSG_AUTH_RSA:
- if (!options.rsa_authentication) {
- verbose("RSA authentication disabled.");
- break;
- }
- /* RSA authentication requested. */
- if ((n = BN_new()) == NULL)
- fatal("do_authloop: BN_new failed");
- packet_get_bignum(n);
- packet_check_eom();
- authenticated = auth_rsa(authctxt, n);
- BN_clear_free(n);
- break;
-
- case SSH_CMSG_AUTH_PASSWORD:
- if (!options.password_authentication) {
- verbose("Password authentication disabled.");
- break;
- }
- /*
- * Read user password. It is in plain text, but was
- * transmitted over the encrypted channel so it is
- * not visible to an outside observer.
- */
- password = packet_get_string(&dlen);
- packet_check_eom();
-
- /* Try authentication with the password. */
- authenticated = PRIVSEP(auth_password(authctxt, password));
-
- memset(password, 0, strlen(password));
- xfree(password);
- break;
-
- case SSH_CMSG_AUTH_TIS:
- debug("rcvd SSH_CMSG_AUTH_TIS");
- if (options.challenge_response_authentication == 1) {
- char *challenge = get_challenge(authctxt);
- if (challenge != NULL) {
- debug("sending challenge '%s'", challenge);
- packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE);
- packet_put_cstring(challenge);
- xfree(challenge);
- packet_send();
- packet_write_wait();
- continue;
- }
- }
- break;
- case SSH_CMSG_AUTH_TIS_RESPONSE:
- debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE");
- if (options.challenge_response_authentication == 1) {
- char *response = packet_get_string(&dlen);
- packet_check_eom();
- authenticated = verify_response(authctxt, response);
- memset(response, 'r', dlen);
- xfree(response);
- }
- break;
-
- default:
- /*
- * Any unknown messages will be ignored (and failure
- * returned) during authentication.
- */
- logit("Unknown message during authentication: type %d", type);
- break;