Mercurial > dropbear

comparison svr-auth.c @ 24:469950e86d0f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
switching to global vars
author Matt Johnston <matt@ucc.asn.au>
date Tue, 20 Jul 2004 12:05:00 +0000
parents c1e5d9195402
children f789045062e6
comparison
equal deleted inserted replaced
23:c896a4dd65da 24:469950e86d0f
32 #include "ssh.h" 32 #include "ssh.h"
33 #include "packet.h" 33 #include "packet.h"
34 #include "auth.h" 34 #include "auth.h"
35 #include "authpasswd.h" 35 #include "authpasswd.h"
36 #include "authpubkey.h" 36 #include "authpubkey.h"
37 #include "runopts.h"
37 38
38 static void authclear(); 39 static void authclear();
39 static int checkusername(unsigned char *username, unsigned int userlen); 40 static int checkusername(unsigned char *username, unsigned int userlen);
40 static void send_msg_userauth_banner(); 41 static void send_msg_userauth_banner();
41 42
59 svr_ses.authstate.authtypes = 0; 60 svr_ses.authstate.authtypes = 0;
60 #ifdef DROPBEAR_PUBKEY_AUTH 61 #ifdef DROPBEAR_PUBKEY_AUTH
61 svr_ses.authstate.authtypes |= AUTH_TYPE_PUBKEY; 62 svr_ses.authstate.authtypes |= AUTH_TYPE_PUBKEY;
62 #endif 63 #endif
63 #ifdef DROPBEAR_PASSWORD_AUTH 64 #ifdef DROPBEAR_PASSWORD_AUTH
64 if (!ses.opts->noauthpass) { 65 if (svr_opts.noauthpass) {
65 svr_ses.authstate.authtypes |= AUTH_TYPE_PASSWORD; 66 svr_ses.authstate.authtypes |= AUTH_TYPE_PASSWORD;
66 } 67 }
67 #endif 68 #endif
68 69
69 } 70 }
71 /* Send a banner message if specified to the client. The client might 72 /* Send a banner message if specified to the client. The client might
72 * ignore this, but possibly serves as a legal "no trespassing" sign */ 73 * ignore this, but possibly serves as a legal "no trespassing" sign */
73 static void send_msg_userauth_banner() { 74 static void send_msg_userauth_banner() {
74 75
75 TRACE(("enter send_msg_userauth_banner")); 76 TRACE(("enter send_msg_userauth_banner"));
76 if (ses.opts->banner == NULL) { 77 if (svr_opts.banner == NULL) {
77 TRACE(("leave send_msg_userauth_banner: banner is NULL")); 78 TRACE(("leave send_msg_userauth_banner: banner is NULL"));
78 return; 79 return;
79 } 80 }
80 81
81 CHECKCLEARTOWRITE(); 82 CHECKCLEARTOWRITE();
82 83
83 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_BANNER); 84 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_BANNER);
84 buf_putstring(ses.writepayload, buf_getptr(ses.opts->banner, 85 buf_putstring(ses.writepayload, buf_getptr(svr_opts.banner,
85 ses.opts->banner->len), ses.opts->banner->len); 86 svr_opts.banner->len), svr_opts.banner->len);
86 buf_putstring(ses.writepayload, "en", 2); 87 buf_putstring(ses.writepayload, "en", 2);
87 88
88 encrypt_packet(); 89 encrypt_packet();
89 buf_free(ses.opts->banner); 90 buf_free(svr_opts.banner);
90 ses.opts->banner = NULL; 91 svr_opts.banner = NULL;
91 92
92 TRACE(("leave send_msg_userauth_banner")); 93 TRACE(("leave send_msg_userauth_banner"));
93 } 94 }
94 95
95 /* handle a userauth request, check validity, pass to password or pubkey 96 /* handle a userauth request, check validity, pass to password or pubkey
105 if (ses.authdone == 1) { 106 if (ses.authdone == 1) {
106 return; 107 return;
107 } 108 }
108 109
109 /* send the banner if it exists, it will only exist once */ 110 /* send the banner if it exists, it will only exist once */
110 if (ses.opts->banner) { 111 if (svr_opts.banner) {
111 send_msg_userauth_banner(); 112 send_msg_userauth_banner();
112 } 113 }
113 114
114 115
115 username = buf_getstring(ses.payload, &userlen); 116 username = buf_getstring(ses.payload, &userlen);
143 send_msg_userauth_failure(0, 1); 144 send_msg_userauth_failure(0, 1);
144 goto out; 145 goto out;
145 } 146 }
146 147
147 #ifdef DROPBEAR_PASSWORD_AUTH 148 #ifdef DROPBEAR_PASSWORD_AUTH
148 if (!ses.opts->noauthpass && 149 if (!svr_opts.noauthpass &&
149 !(ses.opts->norootpass && svr_ses.authstate.pw->pw_uid == 0) ) { 150 !(svr_opts.norootpass && svr_ses.authstate.pw->pw_uid == 0) ) {
150 /* user wants to try password auth */ 151 /* user wants to try password auth */
151 if (methodlen == AUTH_METHOD_PASSWORD_LEN && 152 if (methodlen == AUTH_METHOD_PASSWORD_LEN &&
152 strncmp(methodname, AUTH_METHOD_PASSWORD, 153 strncmp(methodname, AUTH_METHOD_PASSWORD,
153 AUTH_METHOD_PASSWORD_LEN) == 0) { 154 AUTH_METHOD_PASSWORD_LEN) == 0) {
154 passwordauth(); 155 passwordauth();
215 216
216 /* We can set it once we know its a real user */ 217 /* We can set it once we know its a real user */
217 svr_ses.authstate.printableuser = m_strdup(svr_ses.authstate.pw->pw_name); 218 svr_ses.authstate.printableuser = m_strdup(svr_ses.authstate.pw->pw_name);
218 219
219 /* check for non-root if desired */ 220 /* check for non-root if desired */
220 if (ses.opts->norootlogin && svr_ses.authstate.pw->pw_uid == 0) { 221 if (svr_opts.norootlogin && svr_ses.authstate.pw->pw_uid == 0) {
221 TRACE(("leave checkusername: root login disabled")); 222 TRACE(("leave checkusername: root login disabled"));
222 dropbear_log(LOG_WARNING, "root login rejected"); 223 dropbear_log(LOG_WARNING, "root login rejected");
223 send_msg_userauth_failure(0, 1); 224 send_msg_userauth_failure(0, 1);
224 return DROPBEAR_FAILURE; 225 return DROPBEAR_FAILURE;
225 } 226 }