version 1.130, 2018/06/06 18:23:32 |
version 1.131, 2018/07/09 21:35:50 |
|
|
#include "match.h" |
#include "match.h" |
#include "groupaccess.h" |
#include "groupaccess.h" |
#include "log.h" |
#include "log.h" |
#include "buffer.h" |
#include "sshbuf.h" |
#include "misc.h" |
#include "misc.h" |
#include "servconf.h" |
#include "servconf.h" |
#include "key.h" |
#include "sshkey.h" |
#include "hostfile.h" |
#include "hostfile.h" |
#include "auth.h" |
#include "auth.h" |
#include "auth-options.h" |
#include "auth-options.h" |
|
|
extern struct sshauthopt *auth_opts; |
extern struct sshauthopt *auth_opts; |
|
|
/* Debugging messages */ |
/* Debugging messages */ |
Buffer auth_debug; |
static struct sshbuf *auth_debug; |
int auth_debug_init; |
|
|
|
/* |
/* |
* Check if the user is allowed to log in via ssh. If user is listed |
* Check if the user is allowed to log in via ssh. If user is listed |
|
|
if (key == NULL) |
if (key == NULL) |
return NULL; |
return NULL; |
|
|
if (key_is_cert(key)) { |
if (sshkey_is_cert(key)) { |
fp = sshkey_fingerprint(key->cert->signature_key, |
fp = sshkey_fingerprint(key->cert->signature_key, |
options.fingerprint_hash, SSH_FP_DEFAULT); |
options.fingerprint_hash, SSH_FP_DEFAULT); |
xasprintf(&ret, "%s ID %s (serial %llu) CA %s %s%s%s", |
xasprintf(&ret, "%s ID %s (serial %llu) CA %s %s%s%s", |
|
|
{ |
{ |
char buf[1024]; |
char buf[1024]; |
va_list args; |
va_list args; |
|
int r; |
|
|
if (!auth_debug_init) |
if (auth_debug == NULL) |
return; |
return; |
|
|
va_start(args, fmt); |
va_start(args, fmt); |
vsnprintf(buf, sizeof(buf), fmt, args); |
vsnprintf(buf, sizeof(buf), fmt, args); |
va_end(args); |
va_end(args); |
buffer_put_cstring(&auth_debug, buf); |
if ((r = sshbuf_put_cstring(auth_debug, buf)) != 0) |
|
fatal("%s: sshbuf_put_cstring: %s", __func__, ssh_err(r)); |
} |
} |
|
|
void |
void |
auth_debug_send(void) |
auth_debug_send(void) |
{ |
{ |
|
struct ssh *ssh = active_state; /* XXX */ |
char *msg; |
char *msg; |
|
int r; |
|
|
if (!auth_debug_init) |
if (auth_debug == NULL) |
return; |
return; |
while (buffer_len(&auth_debug)) { |
while (sshbuf_len(auth_debug) != 0) { |
msg = buffer_get_string(&auth_debug, NULL); |
if ((r = sshbuf_get_cstring(auth_debug, &msg, NULL)) != 0) |
packet_send_debug("%s", msg); |
fatal("%s: sshbuf_get_cstring: %s", |
|
__func__, ssh_err(r)); |
|
ssh_packet_send_debug(ssh, "%s", msg); |
free(msg); |
free(msg); |
} |
} |
} |
} |
|
|
void |
void |
auth_debug_reset(void) |
auth_debug_reset(void) |
{ |
{ |
if (auth_debug_init) |
if (auth_debug != NULL) |
buffer_clear(&auth_debug); |
sshbuf_reset(auth_debug); |
else { |
else if ((auth_debug = sshbuf_new()) == NULL) |
buffer_init(&auth_debug); |
fatal("%s: sshbuf_new failed", __func__); |
auth_debug_init = 1; |
|
} |
|
} |
} |
|
|
struct passwd * |
struct passwd * |