*/
#include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.72 2001/11/07 22:41:51 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.79 2001/12/28 12:14:27 markus Exp $");
#include <openssl/evp.h>
/* protocol */
-static void input_service_request(int, int, void *);
-static void input_userauth_request(int, int, void *);
-static void protocol_error(int, int, void *);
+static void input_service_request(int, int, u_int32_t, void *);
+static void input_userauth_request(int, int, u_int32_t, void *);
+static void protocol_error(int, int, u_int32_t, void *);
/* helper */
static Authmethod *authmethod_lookup(const char *);
*/
void
-do_authentication2()
+do_authentication2(void)
{
Authctxt *authctxt = authctxt_new();
}
static void
-protocol_error(int type, int plen, void *ctxt)
+protocol_error(int type, int plen, u_int32_t seq, void *ctxt)
{
log("auth: protocol error: type %d plen %d", type, plen);
packet_start(SSH2_MSG_UNIMPLEMENTED);
- packet_put_int(0);
+ packet_put_int(seq);
packet_send();
packet_write_wait();
}
static void
-input_service_request(int type, int plen, void *ctxt)
+input_service_request(int type, int plen, u_int32_t seq, void *ctxt)
{
Authctxt *authctxt = ctxt;
u_int len;
int accept = 0;
char *service = packet_get_string(&len);
- packet_done();
+ packet_check_eom();
if (authctxt == NULL)
fatal("input_service_request: no authctxt");
}
static void
-input_userauth_request(int type, int plen, void *ctxt)
+input_userauth_request(int type, int plen, u_int32_t seq, void *ctxt)
{
Authctxt *authctxt = ctxt;
Authmethod *m = NULL;
authctxt->user, authctxt->service, user, service);
}
/* reset state */
- dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, &protocol_error);
+ auth2_challenge_stop(authctxt);
authctxt->postponed = 0;
-#ifdef BSD_AUTH
- if (authctxt->as) {
- auth_close(authctxt->as);
- authctxt->as = NULL;
- }
-#endif
/* try to authenticate user */
m = authmethod_lookup(method);
Authmethod *m = authmethod_lookup("none");
if (m != NULL)
m->enabled = NULL;
- packet_done();
+ packet_check_eom();
userauth_banner();
if (authctxt->valid == 0)
return(0);
#ifdef HAVE_CYGWIN
- if (check_nt_auth(1, authctxt->pw->pw_uid) == 0)
+ if (check_nt_auth(1, authctxt->pw) == 0)
return(0);
#endif
#ifdef USE_PAM
if (change)
log("password change not supported");
password = packet_get_string(&len);
- packet_done();
+ packet_check_eom();
if (authctxt->valid &&
#ifdef HAVE_CYGWIN
- check_nt_auth(1, authctxt->pw->pw_uid) &&
+ check_nt_auth(1, authctxt->pw) &&
#endif
#ifdef USE_PAM
auth_pam_password(authctxt->pw, password) == 1)
lang = packet_get_string(NULL);
devs = packet_get_string(NULL);
- packet_done();
+ packet_check_eom();
debug("keyboard-interactive devs %s", devs);
xfree(devs);
xfree(lang);
#ifdef HAVE_CYGWIN
- if (check_nt_auth(0, authctxt->pw->pw_uid) == 0)
+ if (check_nt_auth(0, authctxt->pw) == 0)
return(0);
#endif
return authenticated;
if (key != NULL) {
if (have_sig) {
sig = packet_get_string(&slen);
- packet_done();
+ packet_check_eom();
buffer_init(&b);
if (datafellows & SSH_OLD_SESSIONID) {
buffer_append(&b, session_id2, session_id2_len);
xfree(sig);
} else {
debug("test whether pkalg/pkblob are acceptable");
- packet_done();
+ packet_check_eom();
/* XXX fake reply and always send PK_OK ? */
/*
xfree(pkalg);
xfree(pkblob);
#ifdef HAVE_CYGWIN
- if (check_nt_auth(0, authctxt->pw->pw_uid) == 0)
+ if (check_nt_auth(0, authctxt->pw) == 0)
return(0);
#endif
return authenticated;
u_long linenum = 0;
struct stat st;
Key *found;
+ char *fp;
if (pw == NULL)
return 0;
found_key = 1;
debug("matching key found: file %s, line %lu",
file, linenum);
+ fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX);
+ verbose("Found matching %s key: %s",
+ key_type(found), fp);
+ xfree(fp);
break;
}
}
Key *key)
{
const char *resolvedname, *ipaddr, *lookup;
- int host_status, len;
+ HostStatus host_status;
+ int len;
resolvedname = get_canonical_hostname(options.reverse_mapping_check);
ipaddr = get_remote_ipaddr();