-int
-userauth_none(Authctxt *authctxt)
-{
- /* disable method "none", only allowed one time */
- Authmethod *m = authmethod_lookup("none");
- if (m != NULL)
- m->enabled = NULL;
- packet_done();
-
- if (authctxt->valid == 0)
- return(0);
-
-#ifdef HAVE_CYGWIN
- if (check_nt_auth(1, authctxt->pw->pw_uid) == 0)
- return(0);
-#endif
-#ifdef USE_PAM
- return auth_pam_password(authctxt->pw, "");
-#elif defined(HAVE_OSF_SIA)
- return (sia_validate_user(NULL, saved_argc, saved_argv,
- get_canonical_hostname(), authctxt->pw->pw_name, NULL,
- 0, NULL, "") == SIASUCCESS);
-#else /* !HAVE_OSF_SIA && !USE_PAM */
- return auth_password(authctxt->pw, "");
-#endif /* USE_PAM */
-}
-
-int
-userauth_passwd(Authctxt *authctxt)
-{
- char *password;
- int authenticated = 0;
- int change;
- unsigned int len;
- change = packet_get_char();
- if (change)
- log("password change not supported");
- password = packet_get_string(&len);
- packet_done();
- if (authctxt->valid &&
-#ifdef HAVE_CYGWIN
- check_nt_auth(1, authctxt->pw->pw_uid) &&
-#endif
-#ifdef USE_PAM
- auth_pam_password(authctxt->pw, password) == 1)
-#elif defined(HAVE_OSF_SIA)
- sia_validate_user(NULL, saved_argc, saved_argv,
- get_canonical_hostname(), authctxt->pw->pw_name, NULL, 0,
- NULL, password) == SIASUCCESS)
-#else /* !USE_PAM && !HAVE_OSF_SIA */
- auth_password(authctxt->pw, password) == 1)
-#endif /* USE_PAM */
- authenticated = 1;
- memset(password, 0, len);
- xfree(password);
- return authenticated;
-}
-
-int
-userauth_kbdint(Authctxt *authctxt)
-{
- int authenticated = 0;
- char *lang = NULL;
- char *devs = NULL;
-
- lang = packet_get_string(NULL);
- devs = packet_get_string(NULL);
- packet_done();
-
- debug("keyboard-interactive language %s devs %s", lang, devs);
-#ifdef SKEY
- /* XXX hardcoded, we should look at devs */
- if (options.skey_authentication != 0)
- authenticated = auth2_skey(authctxt);
-#endif
- xfree(lang);
- xfree(devs);
-#ifdef HAVE_CYGWIN
- if (check_nt_auth(0, authctxt->pw->pw_uid) == 0)
- return(0);
-#endif
- return authenticated;
-}
-
-int
-userauth_pubkey(Authctxt *authctxt)
-{
- Buffer b;
- Key *key;
- char *pkalg, *pkblob, *sig;
- unsigned int alen, blen, slen;
- int have_sig;
- int authenticated = 0;
-
- if (!authctxt->valid) {
- debug2("userauth_pubkey: disabled because of invalid user");
- return 0;
- }
- have_sig = packet_get_char();
- pkalg = packet_get_string(&alen);
- if (strcmp(pkalg, KEX_DSS) != 0) {
- log("bad pkalg %s", pkalg); /*XXX*/
- xfree(pkalg);
- return 0;
- }
- pkblob = packet_get_string(&blen);
- key = dsa_key_from_blob(pkblob, blen);
- if (key != NULL) {
- if (have_sig) {
- sig = packet_get_string(&slen);
- packet_done();
- buffer_init(&b);
- if (datafellows & SSH_OLD_SESSIONID) {
- buffer_append(&b, session_id2, session_id2_len);
- } else {
- buffer_put_string(&b, session_id2, session_id2_len);
- }
- /* reconstruct packet */
- buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
- buffer_put_cstring(&b, authctxt->user);
- buffer_put_cstring(&b,
- datafellows & SSH_BUG_PUBKEYAUTH ?
- "ssh-userauth" :
- authctxt->service);
- buffer_put_cstring(&b, "publickey");
- buffer_put_char(&b, have_sig);
- buffer_put_cstring(&b, KEX_DSS);
- buffer_put_string(&b, pkblob, blen);
-#ifdef DEBUG_DSS
- buffer_dump(&b);
-#endif
- /* test for correct signature */
- if (user_dsa_key_allowed(authctxt->pw, key) &&
- dsa_verify(key, sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1)
- authenticated = 1;
- buffer_clear(&b);
- xfree(sig);
- } else {
- debug("test whether pkalg/pkblob are acceptable");
- packet_done();
-
- /* XXX fake reply and always send PK_OK ? */
- /*
- * XXX this allows testing whether a user is allowed
- * to login: if you happen to have a valid pubkey this
- * message is sent. the message is NEVER sent at all
- * if a user is not allowed to login. is this an
- * issue? -markus
- */
- if (user_dsa_key_allowed(authctxt->pw, key)) {
- packet_start(SSH2_MSG_USERAUTH_PK_OK);
- packet_put_string(pkalg, alen);
- packet_put_string(pkblob, blen);
- packet_send();
- packet_write_wait();
- authenticated = -1;
- }
- }
- if (authenticated != 1)
- auth_clear_options();
- key_free(key);
- }
- xfree(pkalg);
- xfree(pkblob);
-#ifdef HAVE_CYGWIN
- if (check_nt_auth(0, authctxt->pw->pw_uid) == 0)
- return(0);
-#endif
- return authenticated;
-}
-