+/* $OpenBSD: auth1.c,v 1.70 2006/08/03 03:34:41 deraadt Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
*/
#include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.60 2005/05/20 12:57:01 djm Exp $");
+
+#include <sys/types.h>
+
+#include <stdarg.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <pwd.h>
#include "xmalloc.h"
#include "rsa.h"
#include "log.h"
#include "servconf.h"
#include "compat.h"
+#include "key.h"
+#include "hostfile.h"
#include "auth.h"
#include "channels.h"
#include "session.h"
#include "uidswap.h"
+#ifdef GSSAPI
+#include "ssh-gss.h"
+#endif
#include "monitor_wrap.h"
#include "buffer.h"
{
int i;
- for(i = 0; auth1_methods[i].name != NULL; i++)
+ for (i = 0; auth1_methods[i].name != NULL; i++)
if (auth1_methods[i].type == type)
return (&(auth1_methods[i]));
return (buf);
}
+/*ARGSUSED*/
static int
auth1_process_password(Authctxt *authctxt, char *info, size_t infolen)
{
return (authenticated);
}
+/*ARGSUSED*/
static int
auth1_process_rsa(Authctxt *authctxt, char *info, size_t infolen)
{
return (authenticated);
}
+/*ARGSUSED*/
static int
auth1_process_rhosts_rsa(Authctxt *authctxt, char *info, size_t infolen)
{
- int authenticated = 0;
+ int keybits, authenticated = 0;
u_int bits;
Key *client_host_key;
u_int ulen;
packet_get_bignum(client_host_key->rsa->e);
packet_get_bignum(client_host_key->rsa->n);
- if (bits != BN_num_bits(client_host_key->rsa->n)) {
+ keybits = BN_num_bits(client_host_key->rsa->n);
+ if (keybits < 0 || bits != (u_int)keybits) {
verbose("Warning: keysize mismatch for client_host_key: "
"actual %d, announced %d",
BN_num_bits(client_host_key->rsa->n), bits);
key_free(client_host_key);
snprintf(info, infolen, " ruser %.100s", client_user);
-
+
return (authenticated);
}
+/*ARGSUSED*/
static int
auth1_process_tis_challenge(Authctxt *authctxt, char *info, size_t infolen)
{
char *challenge;
-
+
if ((challenge = get_challenge(authctxt)) == NULL)
return (0);
return (-1);
}
+/*ARGSUSED*/
static int
auth1_process_tis_response(Authctxt *authctxt, char *info, size_t infolen)
{
#ifdef HAVE_CYGWIN
if (authenticated &&
- !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD,
+ !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD,
authctxt->pw)) {
packet_disconnect("Authentication rejected for uid %d.",
authctxt->pw == NULL ? -1 : authctxt->pw->pw_uid);
size_t len;
error("Access denied for user %s by PAM account "
- "configuration", authctxt->user);
+ "configuration", authctxt->user);
len = buffer_len(&loginmsg);
buffer_append(&loginmsg, "\0", 1);
msg = buffer_ptr(&loginmsg);