Mercurial > dropbear
comparison svr-auth.c @ 118:5312ca05ed48 private-rez
propagate of 717950f4061f1123659ee87c7c168805af920ab7 and 839f98f136788cc1466e4641bf796f96040a085d from branch 'matt.dbclient.authpam' to 'matt.dbclient.rez'
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Sun, 12 Sep 2004 04:56:50 +0000 |
| parents | 3b2a5a1c4347 2e92778dd162 |
| children | 3394a7cb30cd |
comparison
equal
deleted
inserted
replaced
| 57:3b2a5a1c4347 | 118:5312ca05ed48 |
|---|---|
| 30 #include "session.h" | 30 #include "session.h" |
| 31 #include "buffer.h" | 31 #include "buffer.h" |
| 32 #include "ssh.h" | 32 #include "ssh.h" |
| 33 #include "packet.h" | 33 #include "packet.h" |
| 34 #include "auth.h" | 34 #include "auth.h" |
| 35 #include "authpasswd.h" | |
| 36 #include "authpubkey.h" | |
| 37 #include "runopts.h" | 35 #include "runopts.h" |
| 38 | 36 |
| 39 static void authclear(); | 37 static void authclear(); |
| 40 static int checkusername(unsigned char *username, unsigned int userlen); | 38 static int checkusername(unsigned char *username, unsigned int userlen); |
| 41 static void send_msg_userauth_banner(); | 39 static void send_msg_userauth_banner(); |
| 52 * user decides to try with a different username etc, and is also invoked | 50 * user decides to try with a different username etc, and is also invoked |
| 53 * on initialisation */ | 51 * on initialisation */ |
| 54 static void authclear() { | 52 static void authclear() { |
| 55 | 53 |
| 56 memset(&ses.authstate, 0, sizeof(ses.authstate)); | 54 memset(&ses.authstate, 0, sizeof(ses.authstate)); |
| 57 #ifdef DROPBEAR_PUBKEY_AUTH | 55 #ifdef ENABLE_SVR_PUBKEY_AUTH |
| 58 ses.authstate.authtypes |= AUTH_TYPE_PUBKEY; | 56 ses.authstate.authtypes |= AUTH_TYPE_PUBKEY; |
| 59 #endif | 57 #endif |
| 60 #if defined(DROPBEAR_PASSWORD_AUTH) || defined(DROPBEAR_PAM_AUTH) | 58 #if defined(DROPBEAR_PASSWORD_AUTH) || defined(DROPBEAR_PAM_AUTH) |
| 59 #ifdef ENABLE_SVR_PASSWORD_AUTH | |
| 61 if (!svr_opts.noauthpass) { | 60 if (!svr_opts.noauthpass) { |
| 62 ses.authstate.authtypes |= AUTH_TYPE_PASSWORD; | 61 ses.authstate.authtypes |= AUTH_TYPE_PASSWORD; |
| 63 } | 62 } |
| 64 #endif | 63 #endif |
| 65 | 64 |
| 91 | 90 |
| 92 /* handle a userauth request, check validity, pass to password or pubkey | 91 /* handle a userauth request, check validity, pass to password or pubkey |
| 93 * checking, and handle success or failure */ | 92 * checking, and handle success or failure */ |
| 94 void recv_msg_userauth_request() { | 93 void recv_msg_userauth_request() { |
| 95 | 94 |
| 96 unsigned char *username, *servicename, *methodname; | 95 unsigned char *username = NULL, *servicename = NULL, *methodname = NULL; |
| 97 unsigned int userlen, servicelen, methodlen; | 96 unsigned int userlen, servicelen, methodlen; |
| 98 | 97 |
| 99 TRACE(("enter recv_msg_userauth_request")); | 98 TRACE(("enter recv_msg_userauth_request")); |
| 100 | 99 |
| 101 /* ignore packets if auth is already done */ | 100 /* ignore packets if auth is already done */ |
| 141 TRACE(("sending checkusername failure")); | 140 TRACE(("sending checkusername failure")); |
| 142 send_msg_userauth_failure(0, 1); | 141 send_msg_userauth_failure(0, 1); |
| 143 goto out; | 142 goto out; |
| 144 } | 143 } |
| 145 | 144 |
| 146 #ifdef DROPBEAR_PASSWORD_AUTH | 145 #ifdef ENABLE_SVR_PASSWORD_AUTH |
| 147 if (!svr_opts.noauthpass && | 146 if (!svr_opts.noauthpass && |
| 148 !(svr_opts.norootpass && ses.authstate.pw->pw_uid == 0) ) { | 147 !(svr_opts.norootpass && ses.authstate.pw->pw_uid == 0) ) { |
| 149 /* user wants to try password auth */ | 148 /* user wants to try password auth */ |
| 150 if (methodlen == AUTH_METHOD_PASSWORD_LEN && | 149 if (methodlen == AUTH_METHOD_PASSWORD_LEN && |
| 151 strncmp(methodname, AUTH_METHOD_PASSWORD, | 150 strncmp(methodname, AUTH_METHOD_PASSWORD, |
| 167 goto out; | 166 goto out; |
| 168 } | 167 } |
| 169 } | 168 } |
| 170 #endif | 169 #endif |
| 171 | 170 |
| 172 #ifdef DROPBEAR_PUBKEY_AUTH | 171 #ifdef ENABLE_SVR_PUBKEY_AUTH |
| 173 /* user wants to try pubkey auth */ | 172 /* user wants to try pubkey auth */ |
| 174 if (methodlen == AUTH_METHOD_PUBKEY_LEN && | 173 if (methodlen == AUTH_METHOD_PUBKEY_LEN && |
| 175 strncmp(methodname, AUTH_METHOD_PUBKEY, | 174 strncmp(methodname, AUTH_METHOD_PUBKEY, |
| 176 AUTH_METHOD_PUBKEY_LEN) == 0) { | 175 AUTH_METHOD_PUBKEY_LEN) == 0) { |
| 177 svr_auth_pubkey(); | 176 svr_auth_pubkey(); |
| 288 * incrfail is whether to count this failure in the failure count (which | 287 * incrfail is whether to count this failure in the failure count (which |
| 289 * is limited. This function also handles disconnection after too many | 288 * is limited. This function also handles disconnection after too many |
| 290 * failures */ | 289 * failures */ |
| 291 void send_msg_userauth_failure(int partial, int incrfail) { | 290 void send_msg_userauth_failure(int partial, int incrfail) { |
| 292 | 291 |
| 293 buffer *typebuf; | 292 buffer *typebuf = NULL; |
| 294 | 293 |
| 295 TRACE(("enter send_msg_userauth_failure")); | 294 TRACE(("enter send_msg_userauth_failure")); |
| 296 | 295 |
| 297 CHECKCLEARTOWRITE(); | 296 CHECKCLEARTOWRITE(); |
| 298 | 297 |
| 353 | 352 |
| 354 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_SUCCESS); | 353 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_SUCCESS); |
| 355 encrypt_packet(); | 354 encrypt_packet(); |
| 356 | 355 |
| 357 ses.authstate.authdone = 1; | 356 ses.authstate.authdone = 1; |
| 357 ses.connecttimeout = 0; | |
| 358 | |
| 358 | 359 |
| 359 if (ses.authstate.pw->pw_uid == 0) { | 360 if (ses.authstate.pw->pw_uid == 0) { |
| 360 ses.allowprivport = 1; | 361 ses.allowprivport = 1; |
| 361 } | 362 } |
| 362 | 363 |