version 1.8, 2000/05/08 17:42:24 |
version 1.8.2.1, 2000/09/01 18:23:17 |
|
|
|
|
#include "dsa.h" |
#include "dsa.h" |
#include "uidswap.h" |
#include "uidswap.h" |
|
#include "auth-options.h" |
|
|
/* import */ |
/* import */ |
extern ServerOptions options; |
extern ServerOptions options; |
|
|
/* auth */ |
/* auth */ |
int ssh2_auth_none(struct passwd *pw); |
int ssh2_auth_none(struct passwd *pw); |
int ssh2_auth_password(struct passwd *pw); |
int ssh2_auth_password(struct passwd *pw); |
int ssh2_auth_pubkey(struct passwd *pw, unsigned char *raw, unsigned int rlen); |
int ssh2_auth_pubkey(struct passwd *pw, char *service); |
|
|
/* helper */ |
/* helper */ |
struct passwd* auth_set_user(char *u, char *s); |
struct passwd* auth_set_user(char *u, char *s); |
|
|
{ |
{ |
static void (*authlog) (const char *fmt,...) = verbose; |
static void (*authlog) (const char *fmt,...) = verbose; |
static int attempt = 0; |
static int attempt = 0; |
unsigned int len, rlen; |
unsigned int len; |
int authenticated = 0; |
int authenticated = 0; |
char *raw, *user, *service, *method, *authmsg = NULL; |
char *user, *service, *method, *authmsg = NULL; |
struct passwd *pw; |
struct passwd *pw; |
|
|
if (++attempt == AUTH_FAIL_MAX) |
if (++attempt == AUTH_FAIL_MAX) |
packet_disconnect("too many failed userauth_requests"); |
packet_disconnect("too many failed userauth_requests"); |
|
|
raw = packet_get_raw(&rlen); |
|
if (plen != rlen) |
|
fatal("plen != rlen"); |
|
user = packet_get_string(&len); |
user = packet_get_string(&len); |
service = packet_get_string(&len); |
service = packet_get_string(&len); |
method = packet_get_string(&len); |
method = packet_get_string(&len); |
|
|
} else if (strcmp(method, "password") == 0) { |
} else if (strcmp(method, "password") == 0) { |
authenticated = ssh2_auth_password(pw); |
authenticated = ssh2_auth_password(pw); |
} else if (strcmp(method, "publickey") == 0) { |
} else if (strcmp(method, "publickey") == 0) { |
authenticated = ssh2_auth_pubkey(pw, raw, rlen); |
authenticated = ssh2_auth_pubkey(pw, service); |
} |
} |
} |
} |
if (authenticated && pw && pw->pw_uid == 0 && !options.permit_root_login) { |
if (authenticated && pw && pw->pw_uid == 0 && !options.permit_root_login) { |
|
|
return authenticated; |
return authenticated; |
} |
} |
int |
int |
ssh2_auth_pubkey(struct passwd *pw, unsigned char *raw, unsigned int rlen) |
ssh2_auth_pubkey(struct passwd *pw, char *service) |
{ |
{ |
Buffer b; |
Buffer b; |
Key *key; |
Key *key; |
|
|
debug("pubkey auth disabled"); |
debug("pubkey auth disabled"); |
return 0; |
return 0; |
} |
} |
if (datafellows & SSH_BUG_PUBKEYAUTH) { |
|
log("bug compatibility with ssh-2.0.13 pubkey not implemented"); |
|
return 0; |
|
} |
|
have_sig = packet_get_char(); |
have_sig = packet_get_char(); |
pkalg = packet_get_string(&alen); |
pkalg = packet_get_string(&alen); |
if (strcmp(pkalg, KEX_DSS) != 0) { |
if (strcmp(pkalg, KEX_DSS) != 0) { |
|
|
sig = packet_get_string(&slen); |
sig = packet_get_string(&slen); |
packet_done(); |
packet_done(); |
buffer_init(&b); |
buffer_init(&b); |
buffer_append(&b, session_id2, session_id2_len); |
if (datafellows & SSH_COMPAT_SESSIONID_ENCODING) { |
|
buffer_put_string(&b, session_id2, session_id2_len); |
|
} else { |
|
buffer_append(&b, session_id2, session_id2_len); |
|
} |
|
/* reconstruct packet */ |
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); |
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); |
if (slen + 4 > rlen) |
buffer_put_cstring(&b, pw->pw_name); |
fatal("bad rlen/slen"); |
buffer_put_cstring(&b, |
buffer_append(&b, raw, rlen - slen - 4); |
datafellows & SSH_BUG_PUBKEYAUTH ? |
|
"ssh-userauth" : |
|
service); |
|
buffer_put_cstring(&b, "publickey"); |
|
buffer_put_char(&b, have_sig); |
|
buffer_put_cstring(&b, KEX_DSS); |
|
buffer_put_string(&b, pkblob, blen); |
#ifdef DEBUG_DSS |
#ifdef DEBUG_DSS |
buffer_dump(&b); |
buffer_dump(&b); |
#endif |
#endif |
|
|
copy->pw_passwd = xstrdup(pw->pw_passwd); |
copy->pw_passwd = xstrdup(pw->pw_passwd); |
copy->pw_uid = pw->pw_uid; |
copy->pw_uid = pw->pw_uid; |
copy->pw_gid = pw->pw_gid; |
copy->pw_gid = pw->pw_gid; |
|
copy->pw_class = xstrdup(pw->pw_class); |
copy->pw_dir = xstrdup(pw->pw_dir); |
copy->pw_dir = xstrdup(pw->pw_dir); |
copy->pw_shell = xstrdup(pw->pw_shell); |
copy->pw_shell = xstrdup(pw->pw_shell); |
authctxt->valid = 1; |
authctxt->valid = 1; |
|
|
} |
} |
} |
} |
if (fail) { |
if (fail) { |
log(buf); |
|
fclose(f); |
fclose(f); |
|
log("%s",buf); |
restore_uid(); |
restore_uid(); |
return 0; |
return 0; |
} |
} |
|
|
found = key_new(KEY_DSA); |
found = key_new(KEY_DSA); |
|
|
while (fgets(line, sizeof(line), f)) { |
while (fgets(line, sizeof(line), f)) { |
char *cp; |
char *cp, *options = NULL; |
linenum++; |
linenum++; |
/* Skip leading whitespace, empty and comment lines. */ |
/* Skip leading whitespace, empty and comment lines. */ |
for (cp = line; *cp == ' ' || *cp == '\t'; cp++) |
for (cp = line; *cp == ' ' || *cp == '\t'; cp++) |
; |
; |
if (!*cp || *cp == '\n' || *cp == '#') |
if (!*cp || *cp == '\n' || *cp == '#') |
continue; |
continue; |
|
|
bits = key_read(found, &cp); |
bits = key_read(found, &cp); |
if (bits == 0) |
if (bits == 0) { |
continue; |
/* no key? check if there are options for this key */ |
if (key_equal(found, key)) { |
int quoted = 0; |
|
options = cp; |
|
for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) { |
|
if (*cp == '\\' && cp[1] == '"') |
|
cp++; /* Skip both */ |
|
else if (*cp == '"') |
|
quoted = !quoted; |
|
} |
|
/* Skip remaining whitespace. */ |
|
for (; *cp == ' ' || *cp == '\t'; cp++) |
|
; |
|
bits = key_read(found, &cp); |
|
if (bits == 0) { |
|
/* still no key? advance to next line*/ |
|
continue; |
|
} |
|
} |
|
if (key_equal(found, key) && |
|
auth_parse_options(pw, options, linenum) == 1) { |
found_key = 1; |
found_key = 1; |
debug("matching key found: file %s, line %ld", |
debug("matching key found: file %s, line %ld", |
file, linenum); |
file, linenum); |