version 1.96.2.2, 2004/03/04 18:18:15 |
version 1.97, 2003/04/08 20:21:28 |
|
|
#include "pathnames.h" |
#include "pathnames.h" |
#include "monitor_wrap.h" |
#include "monitor_wrap.h" |
|
|
#ifdef GSSAPI |
|
#include "ssh-gss.h" |
|
#endif |
|
|
|
/* import */ |
/* import */ |
extern ServerOptions options; |
extern ServerOptions options; |
extern u_char *session_id2; |
extern u_char *session_id2; |
extern u_int session_id2_len; |
extern int session_id2_len; |
|
|
|
Authctxt *x_authctxt = NULL; |
|
|
/* methods */ |
/* methods */ |
|
|
extern Authmethod method_none; |
extern Authmethod method_none; |
|
|
extern Authmethod method_passwd; |
extern Authmethod method_passwd; |
extern Authmethod method_kbdint; |
extern Authmethod method_kbdint; |
extern Authmethod method_hostbased; |
extern Authmethod method_hostbased; |
#ifdef GSSAPI |
|
extern Authmethod method_gssapi; |
|
#endif |
|
|
|
Authmethod *authmethods[] = { |
Authmethod *authmethods[] = { |
&method_none, |
&method_none, |
&method_pubkey, |
&method_pubkey, |
#ifdef GSSAPI |
|
&method_gssapi, |
|
#endif |
|
&method_passwd, |
&method_passwd, |
&method_kbdint, |
&method_kbdint, |
&method_hostbased, |
&method_hostbased, |
|
|
static Authmethod *authmethod_lookup(const char *); |
static Authmethod *authmethod_lookup(const char *); |
static char *authmethods_get(void); |
static char *authmethods_get(void); |
int user_key_allowed(struct passwd *, Key *); |
int user_key_allowed(struct passwd *, Key *); |
|
int hostbased_key_allowed(struct passwd *, const char *, char *, Key *); |
|
|
/* |
/* |
* loop until authctxt->success == TRUE |
* loop until authctxt->success == TRUE |
*/ |
*/ |
|
|
void |
Authctxt * |
do_authentication2(Authctxt *authctxt) |
do_authentication2(void) |
{ |
{ |
|
Authctxt *authctxt = authctxt_new(); |
|
|
|
x_authctxt = authctxt; /*XXX*/ |
|
|
/* challenge-response is implemented via keyboard interactive */ |
/* challenge-response is implemented via keyboard interactive */ |
if (options.challenge_response_authentication) |
if (options.challenge_response_authentication) |
options.kbd_interactive_authentication = 1; |
options.kbd_interactive_authentication = 1; |
|
|
dispatch_init(&dispatch_protocol_error); |
dispatch_init(&dispatch_protocol_error); |
dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request); |
dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request); |
dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt); |
dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt); |
|
|
|
return (authctxt); |
} |
} |
|
|
static void |
static void |
|
|
debug2("input_userauth_request: setting up authctxt for %s", user); |
debug2("input_userauth_request: setting up authctxt for %s", user); |
} else { |
} else { |
logit("input_userauth_request: illegal user %s", user); |
logit("input_userauth_request: illegal user %s", user); |
authctxt->pw = fakepw(); |
|
} |
} |
setproctitle("%s%s", authctxt->pw ? user : "unknown", |
setproctitle("%s%s", authctxt->pw ? user : "unknown", |
use_privsep ? " [net]" : ""); |
use_privsep ? " [net]" : ""); |
|
|
} |
} |
/* reset state */ |
/* reset state */ |
auth2_challenge_stop(authctxt); |
auth2_challenge_stop(authctxt); |
|
|
#ifdef GSSAPI |
|
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
|
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL); |
|
#endif |
|
|
|
authctxt->postponed = 0; |
authctxt->postponed = 0; |
|
|
/* try to authenticate user */ |
/* try to authenticate user */ |
|
|
packet_write_wait(); |
packet_write_wait(); |
xfree(methods); |
xfree(methods); |
} |
} |
|
} |
|
|
|
/* get current user */ |
|
|
|
struct passwd* |
|
auth_get_user(void) |
|
{ |
|
return (x_authctxt != NULL && x_authctxt->valid) ? x_authctxt->pw : NULL; |
} |
} |
|
|
#define DELIM "," |
#define DELIM "," |