version 1.139, 2017/05/30 14:23:52 |
version 1.140, 2017/05/30 14:29:59 |
|
|
{ |
{ |
struct ssh *ssh = active_state; /* XXX */ |
struct ssh *ssh = active_state; /* XXX */ |
ssh->authctxt = authctxt; /* XXX move to caller */ |
ssh->authctxt = authctxt; /* XXX move to caller */ |
dispatch_init(&dispatch_protocol_error); |
ssh_dispatch_init(ssh, &dispatch_protocol_error); |
dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request); |
ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_REQUEST, &input_service_request); |
dispatch_run(DISPATCH_BLOCK, &authctxt->success, ssh); |
ssh_dispatch_run(ssh, DISPATCH_BLOCK, &authctxt->success, ssh); |
ssh->authctxt = NULL; |
ssh->authctxt = NULL; |
} |
} |
|
|
|
|
if (!authctxt->success) { |
if (!authctxt->success) { |
acceptit = 1; |
acceptit = 1; |
/* now we can handle user-auth requests */ |
/* now we can handle user-auth requests */ |
dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &input_userauth_request); |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_REQUEST, &input_userauth_request); |
} |
} |
} |
} |
/* XXX all other service requests are denied */ |
/* XXX all other service requests are denied */ |
|
|
authctxt->user, authctxt->service, user, service); |
authctxt->user, authctxt->service, user, service); |
} |
} |
/* reset state */ |
/* reset state */ |
auth2_challenge_stop(authctxt); |
auth2_challenge_stop(ssh); |
|
|
#ifdef GSSAPI |
#ifdef GSSAPI |
/* XXX move to auth2_gssapi_stop() */ |
/* XXX move to auth2_gssapi_stop() */ |
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL); |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL); |
#endif |
#endif |
|
|
authctxt->postponed = 0; |
authctxt->postponed = 0; |
|
|
m = authmethod_lookup(authctxt, method); |
m = authmethod_lookup(authctxt, method); |
if (m != NULL && authctxt->failures < options.max_authtries) { |
if (m != NULL && authctxt->failures < options.max_authtries) { |
debug2("input_userauth_request: try method %s", method); |
debug2("input_userauth_request: try method %s", method); |
authenticated = m->userauth(authctxt); |
authenticated = m->userauth(ssh); |
} |
} |
userauth_finish(authctxt, authenticated, method, NULL); |
userauth_finish(ssh, authenticated, method, NULL); |
|
|
free(service); |
free(service); |
free(user); |
free(user); |
|
|
} |
} |
|
|
void |
void |
userauth_finish(Authctxt *authctxt, int authenticated, const char *method, |
userauth_finish(struct ssh *ssh, int authenticated, const char *method, |
const char *submethod) |
const char *submethod) |
{ |
{ |
struct ssh *ssh = active_state; /* XXX */ |
Authctxt *authctxt = ssh->authctxt; |
char *methods; |
char *methods; |
int partial = 0; |
int partial = 0; |
|
|
|
|
|
|
if (authenticated == 1) { |
if (authenticated == 1) { |
/* turn off userauth */ |
/* turn off userauth */ |
dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore); |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore); |
packet_start(SSH2_MSG_USERAUTH_SUCCESS); |
packet_start(SSH2_MSG_USERAUTH_SUCCESS); |
packet_send(); |
packet_send(); |
packet_write_wait(); |
packet_write_wait(); |