src/usr.bin/ssh/sshconnect2.c - diff

Return to sshconnect2.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/sshconnect2.c between version 1.301 and 1.302

version 1.301, 2019/01/21 10:38:54

version 1.302, 2019/02/11 09:44:42

Line 257

struct cauthmethod *method;

sig_atomic_t success;

char *authlist;

#ifdef GSSAPI

/* gssapi */

gss_OID_set gss_supported_mechs;

u_int mech_tried;

#endif

/* pubkey */

struct idlist keys;

int agent_fd;

Line 281

Line 286

int *batch_flag; /* flag in option struct that disables method */

};

int input_userauth_service_accept(int, u_int32_t, struct ssh *);

static int input_userauth_service_accept(int, u_int32_t, struct ssh *);

int input_userauth_ext_info(int, u_int32_t, struct ssh *);

static int input_userauth_ext_info(int, u_int32_t, struct ssh *);

int input_userauth_success(int, u_int32_t, struct ssh *);

static int input_userauth_success(int, u_int32_t, struct ssh *);

int input_userauth_success_unexpected(int, u_int32_t, struct ssh *);

static int input_userauth_failure(int, u_int32_t, struct ssh *);

int input_userauth_failure(int, u_int32_t, struct ssh *);

static int input_userauth_banner(int, u_int32_t, struct ssh *);

int input_userauth_banner(int, u_int32_t, struct ssh *);

static int input_userauth_error(int, u_int32_t, struct ssh *);

int input_userauth_error(int, u_int32_t, struct ssh *);

static int input_userauth_info_req(int, u_int32_t, struct ssh *);

int input_userauth_info_req(int, u_int32_t, struct ssh *);

static int input_userauth_pk_ok(int, u_int32_t, struct ssh *);

int input_userauth_pk_ok(int, u_int32_t, struct ssh *);

static int input_userauth_passwd_changereq(int, u_int32_t, struct ssh *);

int input_userauth_passwd_changereq(int, u_int32_t, struct ssh *);

int userauth_none(struct ssh *);

static int userauth_none(struct ssh *);

int userauth_pubkey(struct ssh *);

static int userauth_pubkey(struct ssh *);

int userauth_passwd(struct ssh *);

static void userauth_pubkey_cleanup(struct ssh *);

int userauth_kbdint(struct ssh *);

static int userauth_passwd(struct ssh *);

int userauth_hostbased(struct ssh *);

static int userauth_kbdint(struct ssh *);

static int userauth_hostbased(struct ssh *);

#ifdef GSSAPI

int userauth_gssapi(struct ssh *);

static int userauth_gssapi(struct ssh *);

int input_gssapi_response(int type, u_int32_t, struct ssh *);

static void userauth_gssapi_cleanup(struct ssh *);

int input_gssapi_token(int type, u_int32_t, struct ssh *);

static int input_gssapi_response(int type, u_int32_t, struct ssh *);

int input_gssapi_hash(int type, u_int32_t, struct ssh *);

static int input_gssapi_token(int type, u_int32_t, struct ssh *);

int input_gssapi_error(int, u_int32_t, struct ssh *);

static int input_gssapi_error(int, u_int32_t, struct ssh *);

int input_gssapi_errtok(int, u_int32_t, struct ssh *);

static int input_gssapi_errtok(int, u_int32_t, struct ssh *);

#endif

void userauth(struct ssh *, char *);

static int sign_and_send_pubkey(struct ssh *ssh, Identity *);

static void pubkey_prepare(Authctxt *);

static void pubkey_cleanup(Authctxt *);

static void pubkey_reset(Authctxt *);

static struct sshkey *load_identity_file(Identity *);

Line 323

Line 327

#ifdef GSSAPI

{"gssapi-with-mic",

userauth_gssapi,

NULL,

userauth_gssapi_cleanup,

&options.gss_authentication,

NULL},

#endif

Line 334

Line 338

NULL},

{"publickey",

userauth_pubkey,

NULL,

userauth_pubkey_cleanup,

&options.pubkey_authentication,

NULL},

{"keyboard-interactive",

Line 382

Line 386

authctxt.info_req_seen = 0;

authctxt.attempt_kbdint = 0;

authctxt.attempt_passwd = 0;

#if GSSAPI

authctxt.gss_supported_mechs = NULL;

authctxt.mech_tried = 0;

#endif

authctxt.agent_fd = -1;

pubkey_prepare(&authctxt);

if (authctxt.method == NULL) {

Line 401

Line 409

ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &authctxt.success); /* loop until success */

ssh->authctxt = NULL;

pubkey_cleanup(&authctxt);

ssh_dispatch_range(ssh, SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL);

if (!authctxt.success)

Line 410

Line 417

}

/* ARGSUSED */

int

static int

input_userauth_service_accept(int type, u_int32_t seq, struct ssh *ssh)

{

int r;

Line 442

Line 449

}

/* ARGSUSED */

int

static int

input_userauth_ext_info(int type, u_int32_t seqnr, struct ssh *ssh)

{

return kex_input_ext_info(type, seqnr, ssh);

Line 487

Line 494

}

/* ARGSUSED */

int

static int

input_userauth_error(int type, u_int32_t seq, struct ssh *ssh)

{

fatal("%s: bad message during authentication: type %d", __func__, type);

Line 495

Line 502

}

/* ARGSUSED */

int

static int

input_userauth_banner(int type, u_int32_t seq, struct ssh *ssh)

{

char *msg = NULL;

Line 515

Line 522

}

/* ARGSUSED */

int

static int

input_userauth_success(int type, u_int32_t seq, struct ssh *ssh)

{

Authctxt *authctxt = ssh->authctxt;

Line 532

Line 539

return 0;

}

int

#if 0

static int

input_userauth_success_unexpected(int type, u_int32_t seq, struct ssh *ssh)

{

Authctxt *authctxt = ssh->authctxt;

Line 544

Line 552

authctxt->method->name);

return 0;

}

#endif

/* ARGSUSED */

int

static int

input_userauth_failure(int type, u_int32_t seq, struct ssh *ssh)

{

Authctxt *authctxt = ssh->authctxt;

Line 601

Line 610

}

/* ARGSUSED */

int

static int

input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh)

{

Authctxt *authctxt = ssh->authctxt;

Line 672

Line 681

}

#ifdef GSSAPI

int

static int

userauth_gssapi(struct ssh *ssh)

{

Authctxt *authctxt = (Authctxt *)ssh->authctxt;

Gssctxt *gssctxt = NULL;

static gss_OID_set gss_supported = NULL;

static u_int mech = 0;

OM_uint32 min;

int r, ok = 0;

gss_OID mech = NULL;

/* Try one GSSAPI method at a time, rather than sending them all at

* once. */

if (gss_supported == NULL)

if (authctxt->gss_supported_mechs == NULL)

gss_indicate_mechs(&min, &gss_supported);

gss_indicate_mechs(&min, &authctxt->gss_supported_mechs);

/* Check to see if the mechanism is usable before we offer it */

/* Check to see whether the mechanism is usable before we offer it */

while (mech < gss_supported->count && !ok) {

while (authctxt->mech_tried < authctxt->gss_supported_mechs->count &&

!ok) {

mech = &authctxt->gss_supported_mechs->

elements[authctxt->mech_tried];

/* My DER encoding requires length<128 */

if (gss_supported->elements[mech].length < 128 &&

if (mech->length < 128 && ssh_gssapi_check_mechanism(&gssctxt,

ssh_gssapi_check_mechanism(&gssctxt,

mech, authctxt->host)) {

&gss_supported->elements[mech], authctxt->host)) {

ok = 1; /* Mechanism works */

} else {

mech++;

authctxt->mech_tried++;

}

if (!ok)

if (!ok || mech == NULL)

return 0;

authctxt->methoddata=(void *)gssctxt;

Line 710

Line 720

(r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 ||

(r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 ||

(r = sshpkt_put_u32(ssh, 1)) != 0 ||

(r = sshpkt_put_u32(ssh,

(r = sshpkt_put_u32(ssh, (mech->length) + 2)) != 0 ||

(gss_supported->elements[mech].length) + 2)) != 0 ||

(r = sshpkt_put_u8(ssh, SSH_GSS_OIDTYPE)) != 0 ||

(r = sshpkt_put_u8(ssh,

(r = sshpkt_put_u8(ssh, mech->length)) != 0 ||

gss_supported->elements[mech].length)) != 0 ||

(r = sshpkt_put(ssh, mech->elements, mech->length)) != 0 ||

(r = sshpkt_put(ssh,

gss_supported->elements[mech].elements,

gss_supported->elements[mech].length)) != 0 ||

(r = sshpkt_send(ssh)) != 0)

fatal("%s: %s", __func__, ssh_err(r));

Line 726

Line 732

ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERROR, &input_gssapi_error);

ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok);

mech++; /* Move along to next candidate */

authctxt->mech_tried++; /* Move along to next candidate */

return 1;

}

static void

userauth_gssapi_cleanup(struct ssh *ssh)

{

Authctxt *authctxt = (Authctxt *)ssh->authctxt;

Gssctxt *gssctxt = (Gssctxt *)authctxt->methoddata;

ssh_gssapi_delete_ctx(&gssctxt);

authctxt->methoddata = NULL;

free(authctxt->gss_supported_mechs);

authctxt->gss_supported_mechs = NULL;

}

static OM_uint32

process_gssapi_token(struct ssh *ssh, gss_buffer_t recv_tok)

{

Line 798

Line 817

}

/* ARGSUSED */

int

static int

input_gssapi_response(int type, u_int32_t plen, struct ssh *ssh)

{

Authctxt *authctxt = ssh->authctxt;

Line 843

Line 862

}

/* ARGSUSED */

int

static int

input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh)

{

Authctxt *authctxt = ssh->authctxt;

Line 876

Line 895

}

/* ARGSUSED */

int

static int

input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh)

{

Authctxt *authctxt = ssh->authctxt;

Line 911

Line 930

}

/* ARGSUSED */

int

static int

input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh)

{

char *msg = NULL;

Line 932

Line 951

}

#endif /* GSSAPI */

int

static int

userauth_none(struct ssh *ssh)

{

Authctxt *authctxt = (Authctxt *)ssh->authctxt;

Line 948

Line 967

return 1;

}

int

static int

userauth_passwd(struct ssh *ssh)

{

Authctxt *authctxt = (Authctxt *)ssh->authctxt;

Line 989

Line 1008

* parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST

/* ARGSUSED */

int

static int

input_userauth_passwd_changereq(int type, u_int32_t seqnr, struct ssh *ssh)

{

Authctxt *authctxt = ssh->authctxt;

Line 1611

Line 1630

}

static void

pubkey_cleanup(Authctxt *authctxt)

userauth_pubkey_cleanup(struct ssh *ssh)

{

Authctxt *authctxt = (Authctxt *)ssh->authctxt;

Identity *id;

if (authctxt->agent_fd != -1) {

Line 1651

Line 1672

return 1;

}

int

static int

userauth_pubkey(struct ssh *ssh)

{

Authctxt *authctxt = (Authctxt *)ssh->authctxt;

Line 1699

Line 1720

* Send userauth request message specifying keyboard-interactive method.

int

static int

userauth_kbdint(struct ssh *ssh)

{

Authctxt *authctxt = (Authctxt *)ssh->authctxt;

Line 1732

Line 1753

* parse INFO_REQUEST, prompt user and send INFO_RESPONSE

int

static int

input_userauth_info_req(int type, u_int32_t seq, struct ssh *ssh)

{

Authctxt *authctxt = ssh->authctxt;

Line 1912

Line 1933

return 0;

}

int

static int

userauth_hostbased(struct ssh *ssh)

{

Authctxt *authctxt = (Authctxt *)ssh->authctxt;