*/
#include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.72 2001/11/07 22:41:51 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.82 2002/01/13 17:57:37 markus Exp $");
#include <openssl/evp.h>
extern u_char *session_id2;
extern int session_id2_len;
-#ifdef WITH_AIXAUTHENTICATE
-extern char *aixloginmsg;
-#endif
-
static Authctxt *x_authctxt = NULL;
static int one = 1;
/* protocol */
-static void input_service_request(int, int, void *);
-static void input_userauth_request(int, int, void *);
-static void protocol_error(int, int, void *);
+static void input_service_request(int, u_int32_t, void *);
+static void input_userauth_request(int, u_int32_t, void *);
/* helper */
static Authmethod *authmethod_lookup(const char *);
*/
void
-do_authentication2()
+do_authentication2(void)
{
Authctxt *authctxt = authctxt_new();
if (options.pam_authentication_via_kbd_int)
options.kbd_interactive_authentication = 1;
- dispatch_init(&protocol_error);
+ dispatch_init(&dispatch_protocol_error);
dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request);
dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt);
do_authenticated(authctxt);
}
static void
-protocol_error(int type, int plen, void *ctxt)
-{
- log("auth: protocol error: type %d plen %d", type, plen);
- packet_start(SSH2_MSG_UNIMPLEMENTED);
- packet_put_int(0);
- packet_send();
- packet_write_wait();
-}
-
-static void
-input_service_request(int type, int plen, void *ctxt)
+input_service_request(int type, u_int32_t seq, void *ctxt)
{
Authctxt *authctxt = ctxt;
u_int len;
int accept = 0;
char *service = packet_get_string(&len);
- packet_done();
+ packet_check_eom();
if (authctxt == NULL)
fatal("input_service_request: no authctxt");
}
static void
-input_userauth_request(int type, int plen, void *ctxt)
+input_userauth_request(int type, u_int32_t seq, void *ctxt)
{
Authctxt *authctxt = ctxt;
Authmethod *m = NULL;
authctxt->user, authctxt->service, user, service);
}
/* reset state */
- dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, &protocol_error);
+ auth2_challenge_stop(authctxt);
authctxt->postponed = 0;
-#ifdef BSD_AUTH
- if (authctxt->as) {
- auth_close(authctxt->as);
- authctxt->as = NULL;
- }
-#endif
/* try to authenticate user */
m = authmethod_lookup(method);
/* XXX todo: check if multiple auth methods are needed */
if (authenticated == 1) {
/* turn off userauth */
- dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &protocol_error);
+ dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore);
packet_start(SSH2_MSG_USERAUTH_SUCCESS);
packet_send();
packet_write_wait();
/* now we can break out */
authctxt->success = 1;
} else {
- if (authctxt->failures++ > AUTH_FAIL_MAX)
+ if (authctxt->failures++ > AUTH_FAIL_MAX) {
+#ifdef WITH_AIXAUTHENTICATE
+ loginfailed(authctxt->user,
+ get_canonical_hostname(options.reverse_mapping_check),
+ "ssh");
+#endif /* WITH_AIXAUTHENTICATE */
packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
+ }
methods = authmethods_get();
packet_start(SSH2_MSG_USERAUTH_FAILURE);
packet_put_cstring(methods);
Authmethod *m = authmethod_lookup("none");
if (m != NULL)
m->enabled = NULL;
- packet_done();
+ packet_check_eom();
userauth_banner();
if (authctxt->valid == 0)
return(0);
#ifdef HAVE_CYGWIN
- if (check_nt_auth(1, authctxt->pw->pw_uid) == 0)
+ if (check_nt_auth(1, authctxt->pw) == 0)
return(0);
#endif
#ifdef USE_PAM
if (change)
log("password change not supported");
password = packet_get_string(&len);
- packet_done();
+ packet_check_eom();
if (authctxt->valid &&
#ifdef HAVE_CYGWIN
- check_nt_auth(1, authctxt->pw->pw_uid) &&
+ check_nt_auth(1, authctxt->pw) &&
#endif
#ifdef USE_PAM
auth_pam_password(authctxt->pw, password) == 1)
lang = packet_get_string(NULL);
devs = packet_get_string(NULL);
- packet_done();
+ packet_check_eom();
debug("keyboard-interactive devs %s", devs);
xfree(devs);
xfree(lang);
#ifdef HAVE_CYGWIN
- if (check_nt_auth(0, authctxt->pw->pw_uid) == 0)
+ if (check_nt_auth(0, authctxt->pw) == 0)
return(0);
#endif
return authenticated;
if (key != NULL) {
if (have_sig) {
sig = packet_get_string(&slen);
- packet_done();
+ packet_check_eom();
buffer_init(&b);
if (datafellows & SSH_OLD_SESSIONID) {
buffer_append(&b, session_id2, session_id2_len);
xfree(sig);
} else {
debug("test whether pkalg/pkblob are acceptable");
- packet_done();
+ packet_check_eom();
/* XXX fake reply and always send PK_OK ? */
/*
xfree(pkalg);
xfree(pkblob);
#ifdef HAVE_CYGWIN
- if (check_nt_auth(0, authctxt->pw->pw_uid) == 0)
+ if (check_nt_auth(0, authctxt->pw) == 0)
return(0);
#endif
return authenticated;
authmethods_get(void)
{
Authmethod *method = NULL;
- u_int size = 0;
+ Buffer b;
char *list;
+ buffer_init(&b);
for (method = authmethods; method->name != NULL; method++) {
if (strcmp(method->name, "none") == 0)
continue;
if (method->enabled != NULL && *(method->enabled) != 0) {
- if (size != 0)
- size += strlen(DELIM);
- size += strlen(method->name);
- }
- }
- size++; /* trailing '\0' */
- list = xmalloc(size);
- list[0] = '\0';
-
- for (method = authmethods; method->name != NULL; method++) {
- if (strcmp(method->name, "none") == 0)
- continue;
- if (method->enabled != NULL && *(method->enabled) != 0) {
- if (list[0] != '\0')
- strlcat(list, DELIM, size);
- strlcat(list, method->name, size);
+ if (buffer_len(&b) > 0)
+ buffer_append(&b, ",", 1);
+ buffer_append(&b, method->name, strlen(method->name));
}
}
+ buffer_append(&b, "\0", 1);
+ list = xstrdup(buffer_ptr(&b));
+ buffer_free(&b);
return list;
}
u_long linenum = 0;
struct stat st;
Key *found;
+ char *fp;
if (pw == NULL)
return 0;
found_key = 1;
debug("matching key found: file %s, line %lu",
file, linenum);
+ fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX);
+ verbose("Found matching %s key: %s",
+ key_type(found), fp);
+ xfree(fp);
break;
}
}
Key *key)
{
const char *resolvedname, *ipaddr, *lookup;
- int host_status, len;
+ HostStatus host_status;
+ int len;
resolvedname = get_canonical_hostname(options.reverse_mapping_check);
ipaddr = get_remote_ipaddr();
andersk / openssh.git / blobdiff