version 1.98, 2018/01/08 15:14:44 |
version 1.99, 2018/03/03 03:15:51 |
|
|
|
|
/* Do the password authentication */ |
/* Do the password authentication */ |
int |
int |
mm_auth_password(Authctxt *authctxt, char *password) |
mm_auth_password(struct ssh *ssh, char *password) |
{ |
{ |
Buffer m; |
Buffer m; |
int authenticated = 0; |
int authenticated = 0; |
|
|
} |
} |
|
|
int |
int |
mm_user_key_allowed(struct passwd *pw, struct sshkey *key, |
mm_user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key, |
int pubkey_auth_attempt) |
int pubkey_auth_attempt, struct sshauthopt **authoptp) |
{ |
{ |
return (mm_key_allowed(MM_USERKEY, NULL, NULL, key, |
return (mm_key_allowed(MM_USERKEY, NULL, NULL, key, |
pubkey_auth_attempt)); |
pubkey_auth_attempt, authoptp)); |
} |
} |
|
|
int |
int |
mm_hostbased_key_allowed(struct passwd *pw, const char *user, const char *host, |
mm_hostbased_key_allowed(struct passwd *pw, const char *user, const char *host, |
struct sshkey *key) |
struct sshkey *key) |
{ |
{ |
return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0)); |
return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0, NULL)); |
} |
} |
|
|
int |
int |
mm_key_allowed(enum mm_keytype type, const char *user, const char *host, |
mm_key_allowed(enum mm_keytype type, const char *user, const char *host, |
struct sshkey *key, int pubkey_auth_attempt) |
struct sshkey *key, int pubkey_auth_attempt, struct sshauthopt **authoptp) |
{ |
{ |
Buffer m; |
Buffer m; |
u_char *blob; |
u_char *blob; |
u_int len; |
u_int len; |
int allowed = 0, have_forced = 0; |
int r, allowed = 0; |
|
struct sshauthopt *opts = NULL; |
|
|
debug3("%s entering", __func__); |
debug3("%s entering", __func__); |
|
|
|
if (authoptp != NULL) |
|
*authoptp = NULL; |
|
|
/* Convert the key to a blob and the pass it over */ |
/* Convert the key to a blob and the pass it over */ |
if (!key_to_blob(key, &blob, &len)) |
if (!key_to_blob(key, &blob, &len)) |
return (0); |
return 0; |
|
|
buffer_init(&m); |
buffer_init(&m); |
buffer_put_int(&m, type); |
buffer_put_int(&m, type); |
|
|
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m); |
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m); |
|
|
debug3("%s: waiting for MONITOR_ANS_KEYALLOWED", __func__); |
debug3("%s: waiting for MONITOR_ANS_KEYALLOWED", __func__); |
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYALLOWED, &m); |
mm_request_receive_expect(pmonitor->m_recvfd, |
|
MONITOR_ANS_KEYALLOWED, &m); |
|
|
allowed = buffer_get_int(&m); |
allowed = buffer_get_int(&m); |
|
if (allowed && type == MM_USERKEY) { |
/* fake forced command */ |
if ((r = sshauthopt_deserialise(&m, &opts)) != 0) |
auth_clear_options(); |
fatal("%s: sshauthopt_deserialise: %s", |
have_forced = buffer_get_int(&m); |
__func__, ssh_err(r)); |
forced_command = have_forced ? xstrdup("true") : NULL; |
} |
|
|
buffer_free(&m); |
buffer_free(&m); |
|
|
return (allowed); |
if (authoptp != NULL) { |
|
*authoptp = opts; |
|
opts = NULL; |
|
} |
|
sshauthopt_free(opts); |
|
|
|
return allowed; |
} |
} |
|
|
/* |
/* |