src/usr.bin/ssh/auth2.c - diff

Return to auth2.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/auth2.c between version 1.71.2.2 and 1.71.2.3

version 1.71.2.2, 2002/03/07 17:37:46

version 1.71.2.3, 2002/05/17 00:03:23

Line 47

#include "pathnames.h"

#include "uidswap.h"

#include "auth-options.h"

#include "misc.h"

#include "hostfile.h"

#include "canohost.h"

#include "match.h"

#include "monitor_wrap.h"

#include "atomicio.h"

/* import */

extern ServerOptions options;

extern u_char *session_id2;

extern int session_id2_len;

static Authctxt *x_authctxt = NULL;

Authctxt *x_authctxt = NULL;

static int one = 1;

typedef struct Authmethod Authmethod;

Line 75

Line 76

/* helper */

static Authmethod *authmethod_lookup(const char *);

static char *authmethods_get(void);

static int user_key_allowed(struct passwd *, Key *);

int user_key_allowed(struct passwd *, Key *);

static int hostbased_key_allowed(struct passwd *, const char *, char *, Key *);

int hostbased_key_allowed(struct passwd *, const char *, char *, Key *);

/* auth */

static void userauth_banner(void);

Line 109

Line 110

* loop until authctxt->success == TRUE

void

Authctxt *

do_authentication2(void)

{

Authctxt *authctxt = authctxt_new();

Line 123

Line 124

dispatch_init(&dispatch_protocol_error);

dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request);

dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt);

do_authenticated(authctxt);

return (authctxt);

}

static void

Line 181

Line 183

if (authctxt->attempt++ == 0) {

/* setup auth context */

struct passwd *pw = NULL;

authctxt->pw = PRIVSEP(getpwnamallow(user));

pw = getpwnam(user);

if (authctxt->pw && strcmp(service, "ssh-connection")==0) {

if (pw && allowed_user(pw) && strcmp(service, "ssh-connection")==0) {

authctxt->pw = pwcopy(pw);

authctxt->valid = 1;

debug2("input_userauth_request: setting up authctxt for %s", user);

} else {

log("input_userauth_request: illegal user %s", user);

}

setproctitle("%s", pw ? user : "unknown");

setproctitle("%s%s", authctxt->pw ? user : "unknown",

use_privsep ? " [net]" : "");

authctxt->user = xstrdup(user);

authctxt->service = xstrdup(service);

authctxt->style = style ? xstrdup(style) : NULL;

if (use_privsep)

mm_inform_authserv(service, style);

} else if (strcmp(user, authctxt->user) != 0 ||

strcmp(service, authctxt->service) != 0) {

packet_disconnect("Change of username or service not allowed: "

Line 259

Line 262

}

static void

char *

userauth_banner(void)

auth2_read_banner(void)

{

struct stat st;

char *banner = NULL;

off_t len, n;

int fd;

if (options.banner == NULL || (datafellows & SSH_BUG_BANNER))

if ((fd = open(options.banner, O_RDONLY)) == -1)

return;

return (NULL);

if ((fd = open(options.banner, O_RDONLY)) < 0)

if (fstat(fd, &st) == -1) {

return;

close(fd);

if (fstat(fd, &st) < 0)

return (NULL);

goto done;

}

len = st.st_size;

banner = xmalloc(len + 1);

if ((n = read(fd, banner, len)) < 0)

n = atomicio(read, fd, banner, len);

goto done;

close(fd);

if (n != len) {

free(banner);

return (NULL);

}

banner[n] = '\0';

return (banner);

}

static void

userauth_banner(void)

{

char *banner = NULL;

if (options.banner == NULL || (datafellows & SSH_BUG_BANNER))

return;

if ((banner = PRIVSEP(auth2_read_banner())) == NULL)

goto done;

packet_start(SSH2_MSG_USERAUTH_BANNER);

packet_put_cstring(banner);

packet_put_cstring(""); /* language, unused */

Line 286

Line 309

done:

if (banner)

xfree(banner);

close(fd);

return;

}

Line 299

Line 321

m->enabled = NULL;

packet_check_eom();

userauth_banner();

return authctxt->valid ? auth_password(authctxt, "") : 0;

return (authctxt->valid ? PRIVSEP(auth_password(authctxt, "")) : 0);

}

static int

Line 315

Line 337

password = packet_get_string(&len);

packet_check_eom();

if (authctxt->valid &&

auth_password(authctxt, password) == 1)

PRIVSEP(auth_password(authctxt, password)) == 1)

authenticated = 1;

memset(password, 0, len);

xfree(password);

Line 416

Line 438

buffer_dump(&b);

#endif

/* test for correct signature */

if (user_key_allowed(authctxt->pw, key) &&

authenticated = 0;

key_verify(key, sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1)

if (PRIVSEP(user_key_allowed(authctxt->pw, key)) &&

PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b),

buffer_len(&b))) == 1)

authenticated = 1;

buffer_clear(&b);

xfree(sig);

Line 433

Line 457

* if a user is not allowed to login. is this an

* issue? -markus

if (user_key_allowed(authctxt->pw, key)) {

if (PRIVSEP(user_key_allowed(authctxt->pw, key))) {

packet_start(SSH2_MSG_USERAUTH_PK_OK);

packet_put_string(pkalg, alen);

packet_put_string(pkblob, blen);

Line 517

Line 541

buffer_dump(&b);

#endif

/* test for allowed key and correct signature */

if (hostbased_key_allowed(authctxt->pw, cuser, chost, key) &&

authenticated = 0;

key_verify(key, sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1)

if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) &&

PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b),

buffer_len(&b))) == 1)

authenticated = 1;

buffer_clear(&b);

Line 675

Line 701

}

/* check whether given key is in .ssh/authorized_keys* */

static int

int

user_key_allowed(struct passwd *pw, Key *key)

{

int success;

Line 695

Line 721

}

/* return 1 if given hostkey is allowed */

static int

int

hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,

Key *key)

{