src/usr.bin/ssh/auth2.c - diff

Return to auth2.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/auth2.c between version 1.27 and 1.28

version 1.27, 2001/01/13 18:56:48

version 1.28, 2001/01/18 17:00:00

Line 71

void input_userauth_request(int type, int plen, void *ctxt);

void protocol_error(int type, int plen, void *ctxt);

/* helper */

Authmethod *authmethod_lookup(const char *name);

struct passwd *pwcopy(struct passwd *pw);

Line 108

Line 107

void

do_authentication2()

{

Authctxt *authctxt = xmalloc(sizeof(*authctxt));

Authctxt *authctxt = authctxt_new();

memset(authctxt, 'a', sizeof(*authctxt));

authctxt->valid = 0;

authctxt->attempt = 0;

authctxt->failures = 0;

authctxt->success = 0;

x_authctxt = authctxt; /*XXX*/

#ifdef AFS

Line 126

Line 121

dispatch_init(&protocol_error);

dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request);

dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt);

do_authenticated2();

do_authenticated2(authctxt);

}

void

Line 177

Line 172

{

Authctxt *authctxt = ctxt;

Authmethod *m = NULL;

char *user, *service, *method;

char *user, *service, *method, *style = NULL;

int authenticated = 0;

if (authctxt == NULL)

Line 189

Line 184

debug("userauth-request for user %s service %s method %s", user, service, method);

debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);

if ((style = strchr(user, ':')) != NULL)

*style++ = 0;

if (authctxt->attempt++ == 0) {

/* setup auth context */

struct passwd *pw = NULL;

Line 203

Line 201

}

authctxt->user = xstrdup(user);

authctxt->service = xstrdup(service);

authctxt->style = style ? xstrdup(style) : NULL; /* currently unused */

} else if (authctxt->valid) {

if (strcmp(user, authctxt->user) != 0 ||

strcmp(service, authctxt->service) != 0) {

Line 211

Line 210

authctxt->valid = 0;

}

/* reset state */

dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, &protocol_error);

authctxt->postponed = 0;

/* try to authenticate user */

m = authmethod_lookup(method);

if (m != NULL) {

debug2("input_userauth_request: try method %s", method);

authenticated = m->userauth(authctxt);

} else {

debug2("input_userauth_request: unsupported method %s", method);

}

if (!authctxt->valid && authenticated == 1) {

if (!authctxt->valid && authenticated)

log("input_userauth_request: INTERNAL ERROR: authenticated invalid user %s service %s", user, method);

fatal("INTERNAL ERROR: authenticated invalid user %s",

authenticated = 0;

authctxt->user);

}

/* Special handling for root */

if (authenticated == 1 &&

if (authenticated && authctxt->pw->pw_uid == 0 && !auth_root_allowed())

authctxt->valid && authctxt->pw->pw_uid == 0 && !options.permit_root_login) {

authenticated = 0;

log("ROOT LOGIN REFUSED FROM %.200s", get_canonical_hostname());

}

/* Log before sending the reply */

userauth_log(authctxt, authenticated, method);

auth_log(authctxt, authenticated, method, " ssh2");

userauth_reply(authctxt, authenticated);

if (!authctxt->postponed)

userauth_reply(authctxt, authenticated);

xfree(service);

xfree(user);

xfree(method);

Line 274

Line 273

return;

}

void

userauth_log(Authctxt *authctxt, int authenticated, char *method)

{

void (*authlog) (const char *fmt,...) = verbose;

char *user = NULL, *authmsg = NULL;

/* Raise logging level */

if (authenticated == 1 ||

!authctxt->valid ||

authctxt->failures >= AUTH_FAIL_LOG ||

strcmp(method, "password") == 0)

authlog = log;

if (authenticated == 1) {

authmsg = "Accepted";

} else if (authenticated == 0) {

authmsg = "Failed";

} else {

authmsg = "Postponed";

}

if (authctxt->valid) {

user = authctxt->pw->pw_uid == 0 ? "ROOT" : authctxt->user;

} else {

user = authctxt->user ? authctxt->user : "NOUSER";

}

authlog("%s %s for %.200s from %.200s port %d ssh2",

authmsg,

method,

user,

get_remote_ipaddr(),

get_remote_port());

}

void

userauth_reply(Authctxt *authctxt, int authenticated)

{

char *methods;

/* XXX todo: check if multiple auth methods are needed */

if (authenticated == 1) {

if (authenticated) {

/* turn off userauth */

dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &protocol_error);

packet_start(SSH2_MSG_USERAUTH_SUCCESS);

Line 322

Line 287

packet_write_wait();

/* now we can break out */

authctxt->success = 1;

} else if (authenticated == 0) {

} else {

if (authctxt->failures++ >= AUTH_FAIL_MAX)

if (authctxt->failures++ > AUTH_FAIL_MAX)

packet_disconnect("too many failed userauth_requests");

packet_disconnect(AUTH_FAIL_MSG, authctxt->user);

methods = authmethods_get();

packet_start(SSH2_MSG_USERAUTH_FAILURE);

packet_put_cstring(methods);

Line 332

Line 297

packet_send();

packet_write_wait();

xfree(methods);

} else {

/* do nothing, we did already send a reply */

}

Line 381

Line 344

packet_done();

debug("keyboard-interactive language %s devs %s", lang, devs);

#ifdef SKEY

/* XXX hardcoded, we should look at devs */

authenticated = auth2_challenge(authctxt, devs);

if (options.skey_authentication != 0)

authenticated = auth2_skey(authctxt);

#endif

xfree(lang);

xfree(devs);

return authenticated;

Line 667

Line 628

fclose(f);

key_free(found);

return found_key;

}

struct passwd *

pwcopy(struct passwd *pw)

{

struct passwd *copy = xmalloc(sizeof(*copy));

memset(copy, 0, sizeof(*copy));

copy->pw_name = xstrdup(pw->pw_name);

copy->pw_passwd = xstrdup(pw->pw_passwd);

copy->pw_uid = pw->pw_uid;

copy->pw_gid = pw->pw_gid;

copy->pw_class = xstrdup(pw->pw_class);

copy->pw_dir = xstrdup(pw->pw_dir);

copy->pw_shell = xstrdup(pw->pw_shell);

return copy;

}