| version 1.2, 2000/04/27 08:01:25 |
version 1.3, 2000/04/27 15:23:02 |
|
|
| void |
void |
| input_userauth_request(int type, int plen) |
input_userauth_request(int type, int plen) |
| { |
{ |
| static int try = 0; |
static void (*authlog) (const char *fmt,...) = verbose; |
| |
static int attempt = 0; |
| unsigned int len, rlen; |
unsigned int len, rlen; |
| int authenticated = 0; |
int authenticated = 0; |
| char *raw, *user, *service, *method; |
char *raw, *user, *service, *method, *authmsg = NULL; |
| struct passwd *pw; |
struct passwd *pw; |
| |
|
| if (++try == AUTH_FAIL_MAX) |
if (++attempt == AUTH_FAIL_MAX) |
| packet_disconnect("too many failed userauth_requests"); |
packet_disconnect("too many failed userauth_requests"); |
| |
|
| raw = packet_get_raw(&rlen); |
raw = packet_get_raw(&rlen); |
|
|
| authenticated = ssh2_auth_pubkey(pw, raw, rlen); |
authenticated = ssh2_auth_pubkey(pw, raw, rlen); |
| } |
} |
| } |
} |
| /* XXX check if other auth methods are needed */ |
if (authenticated && pw && pw->pw_uid == 0 && !options.permit_root_login) { |
| |
authenticated = 0; |
| |
log("ROOT LOGIN REFUSED FROM %.200s", |
| |
get_canonical_hostname()); |
| |
} |
| |
|
| |
/* XXX todo: check if multiple auth methods are needed */ |
| if (authenticated == 1) { |
if (authenticated == 1) { |
| log("userauth success for %s method %s", user, method); |
authmsg = "Accepted"; |
| /* turn off userauth */ |
/* turn off userauth */ |
| dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &protocol_error); |
dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &protocol_error); |
| packet_start(SSH2_MSG_USERAUTH_SUCCESS); |
packet_start(SSH2_MSG_USERAUTH_SUCCESS); |
|
|
| /* now we can break out */ |
/* now we can break out */ |
| userauth_success = 1; |
userauth_success = 1; |
| } else if (authenticated == 0) { |
} else if (authenticated == 0) { |
| log("userauth failure for %s method %s", user, method); |
authmsg = "Failed"; |
| packet_start(SSH2_MSG_USERAUTH_FAILURE); |
packet_start(SSH2_MSG_USERAUTH_FAILURE); |
| packet_put_cstring("publickey,password"); /* XXX dynamic */ |
packet_put_cstring("publickey,password"); /* XXX dynamic */ |
| packet_put_char(0); /* XXX partial success, unused */ |
packet_put_char(0); /* XXX partial success, unused */ |
| packet_send(); |
packet_send(); |
| packet_write_wait(); |
packet_write_wait(); |
| } else { |
} else { |
| log("userauth postponed for %s method %s", user, method); |
authmsg = "Postponed"; |
| } |
} |
| |
/* Raise logging level */ |
| |
if (authenticated == 1|| |
| |
attempt == AUTH_FAIL_LOG || |
| |
strcmp(method, "password") == 0) |
| |
authlog = log; |
| |
|
| |
authlog("%s %s for %.200s from %.200s port %d ssh2", |
| |
authmsg, |
| |
method, |
| |
pw && pw->pw_uid == 0 ? "ROOT" : user, |
| |
get_remote_ipaddr(), |
| |
get_remote_port()); |
| |
|
| xfree(service); |
xfree(service); |
| xfree(user); |
xfree(user); |
| xfree(method); |
xfree(method); |
|
|
| log("password change not supported"); |
log("password change not supported"); |
| password = packet_get_string(&len); |
password = packet_get_string(&len); |
| packet_done(); |
packet_done(); |
| if (auth_password(pw, password)) |
if (options.password_authentication && |
| |
auth_password(pw, password) == 1) |
| authenticated = 1; |
authenticated = 1; |
| memset(password, 0, len); |
memset(password, 0, len); |
| xfree(password); |
xfree(password); |
| return authenticated; |
return authenticated; |
| } |
} |
| |
|
| int |
int |
| ssh2_auth_pubkey(struct passwd *pw, unsigned char *raw, unsigned int rlen) |
ssh2_auth_pubkey(struct passwd *pw, unsigned char *raw, unsigned int rlen) |
| { |
{ |
|
|
| int have_sig; |
int have_sig; |
| int authenticated = 0; |
int authenticated = 0; |
| |
|
| |
if (options.rsa_authentication == 0) { |
| |
debug("pubkey auth disabled"); |
| |
return 0; |
| |
} |
| have_sig = packet_get_char(); |
have_sig = packet_get_char(); |
| pkalg = packet_get_string(&alen); |
pkalg = packet_get_string(&alen); |
| if (strcmp(pkalg, KEX_DSS) != 0) { |
if (strcmp(pkalg, KEX_DSS) != 0) { |
|
|
| setproctitle("%s", u); |
setproctitle("%s", u); |
| pw = getpwnam(u); |
pw = getpwnam(u); |
| if (!pw || !allowed_user(pw)) { |
if (!pw || !allowed_user(pw)) { |
| log("auth_set_user: bad user %s", u); |
log("auth_set_user: illegal user %s", u); |
| return NULL; |
return NULL; |
| } |
} |
| copy = &authctxt->pw; |
copy = &authctxt->pw; |
|
|
| if (!f) { |
if (!f) { |
| /* Restore the privileged uid. */ |
/* Restore the privileged uid. */ |
| restore_uid(); |
restore_uid(); |
| packet_send_debug("Could not open %.900s for reading.", file); |
|
| packet_send_debug("If your home is on an NFS volume, it may need to be world-readable."); |
|
| return 0; |
return 0; |
| } |
} |
| if (options.strict_modes) { |
if (options.strict_modes) { |
![[BACK]](/icons/back.gif){kind=icon}
Return to auth2.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh