version 1.8, 2000/05/08 17:42:24 |
version 1.9, 2000/06/18 01:09:10 |
|
|
/* auth */ |
/* auth */ |
int ssh2_auth_none(struct passwd *pw); |
int ssh2_auth_none(struct passwd *pw); |
int ssh2_auth_password(struct passwd *pw); |
int ssh2_auth_password(struct passwd *pw); |
int ssh2_auth_pubkey(struct passwd *pw, unsigned char *raw, unsigned int rlen); |
int ssh2_auth_pubkey(struct passwd *pw, char *service); |
|
|
/* helper */ |
/* helper */ |
struct passwd* auth_set_user(char *u, char *s); |
struct passwd* auth_set_user(char *u, char *s); |
|
|
{ |
{ |
static void (*authlog) (const char *fmt,...) = verbose; |
static void (*authlog) (const char *fmt,...) = verbose; |
static int attempt = 0; |
static int attempt = 0; |
unsigned int len, rlen; |
unsigned int len; |
int authenticated = 0; |
int authenticated = 0; |
char *raw, *user, *service, *method, *authmsg = NULL; |
char *user, *service, *method, *authmsg = NULL; |
struct passwd *pw; |
struct passwd *pw; |
|
|
if (++attempt == AUTH_FAIL_MAX) |
if (++attempt == AUTH_FAIL_MAX) |
packet_disconnect("too many failed userauth_requests"); |
packet_disconnect("too many failed userauth_requests"); |
|
|
raw = packet_get_raw(&rlen); |
|
if (plen != rlen) |
|
fatal("plen != rlen"); |
|
user = packet_get_string(&len); |
user = packet_get_string(&len); |
service = packet_get_string(&len); |
service = packet_get_string(&len); |
method = packet_get_string(&len); |
method = packet_get_string(&len); |
|
|
} else if (strcmp(method, "password") == 0) { |
} else if (strcmp(method, "password") == 0) { |
authenticated = ssh2_auth_password(pw); |
authenticated = ssh2_auth_password(pw); |
} else if (strcmp(method, "publickey") == 0) { |
} else if (strcmp(method, "publickey") == 0) { |
authenticated = ssh2_auth_pubkey(pw, raw, rlen); |
authenticated = ssh2_auth_pubkey(pw, service); |
} |
} |
} |
} |
if (authenticated && pw && pw->pw_uid == 0 && !options.permit_root_login) { |
if (authenticated && pw && pw->pw_uid == 0 && !options.permit_root_login) { |
|
|
return authenticated; |
return authenticated; |
} |
} |
int |
int |
ssh2_auth_pubkey(struct passwd *pw, unsigned char *raw, unsigned int rlen) |
ssh2_auth_pubkey(struct passwd *pw, char *service) |
{ |
{ |
Buffer b; |
Buffer b; |
Key *key; |
Key *key; |
|
|
debug("pubkey auth disabled"); |
debug("pubkey auth disabled"); |
return 0; |
return 0; |
} |
} |
if (datafellows & SSH_BUG_PUBKEYAUTH) { |
|
log("bug compatibility with ssh-2.0.13 pubkey not implemented"); |
|
return 0; |
|
} |
|
have_sig = packet_get_char(); |
have_sig = packet_get_char(); |
pkalg = packet_get_string(&alen); |
pkalg = packet_get_string(&alen); |
if (strcmp(pkalg, KEX_DSS) != 0) { |
if (strcmp(pkalg, KEX_DSS) != 0) { |
|
|
packet_done(); |
packet_done(); |
buffer_init(&b); |
buffer_init(&b); |
buffer_append(&b, session_id2, session_id2_len); |
buffer_append(&b, session_id2, session_id2_len); |
|
|
|
/* reconstruct packet */ |
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); |
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); |
if (slen + 4 > rlen) |
buffer_put_cstring(&b, pw->pw_name); |
fatal("bad rlen/slen"); |
buffer_put_cstring(&b, |
buffer_append(&b, raw, rlen - slen - 4); |
datafellows & SSH_BUG_PUBKEYAUTH ? |
|
"ssh-userauth" : |
|
service); |
|
buffer_put_cstring(&b, "publickey"); |
|
buffer_put_char(&b, have_sig); |
|
buffer_put_cstring(&b, KEX_DSS); |
|
buffer_put_string(&b, pkblob, blen); |
#ifdef DEBUG_DSS |
#ifdef DEBUG_DSS |
buffer_dump(&b); |
buffer_dump(&b); |
#endif |
#endif |