- (bal) Refixed auth2.c. It was never fully commited while spliting out

authentication to different files.
2025-02-16 22:06:55 +00:00 · 2002-06-07 02:05:25 +00:00 · 2002-06-07 02:05:25 +00:00 · b85ab30a6e
commit b85ab30a6e
parent 4eeccc79f6
2 changed files with 3 additions and 322 deletions
--- a/4
+++ b/4
@ -133,6 +133,8 @@
 - (bal) Missed msg.[ch] in merge.  Required for ssh-keysign.
 - (bal) Forgot to add msg.c Makefile.in.
 - (bal) monitor_mm.c typos.
+ - (bal) Refixed auth2.c.  It was never fully commited while spliting out
+	authentication to different files.

 20020604
 - (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed
@ -817,4 +819,4 @@
 - (stevesk) entropy.c: typo in debug message
 - (djm) ssh-keygen -i needs seeded RNG; report from markus@

-$Id: ChangeLog,v 1.2182 2002/06/07 01:57:25 mouring Exp $
+$Id: ChangeLog,v 1.2183 2002/06/07 02:05:25 mouring Exp $
--- a/auth2.c
+++ b/auth2.c
@ -249,327 +249,6 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
 	}
 }

-char *
-auth2_read_banner(void)
-{
-	struct stat st;
-	char *banner = NULL;
-	off_t len, n;
-	int fd;
-
-	if ((fd = open(options.banner, O_RDONLY)) == -1)
-		return (NULL);
-	if (fstat(fd, &st) == -1) {
-		close(fd);
-		return (NULL);
-	}
-	len = st.st_size;
-	banner = xmalloc(len + 1);
-	n = atomicio(read, fd, banner, len);
-	close(fd);
-
-	if (n != len) {
-		free(banner);
-		return (NULL);
-	}
-	banner[n] = '\0';
-	
-	return (banner);
-}
-
-static void
-userauth_banner(void)
-{
-	char *banner = NULL;
-
-	if (options.banner == NULL || (datafellows & SSH_BUG_BANNER))
-		return;
-
-	if ((banner = PRIVSEP(auth2_read_banner())) == NULL)
-		goto done;
-
-	packet_start(SSH2_MSG_USERAUTH_BANNER);
-	packet_put_cstring(banner);
-	packet_put_cstring("");		/* language, unused */
-	packet_send();
-	debug("userauth_banner: sent");
-done:
-	if (banner)
-		xfree(banner);
-	return;
-}
-
-static int
-userauth_none(Authctxt *authctxt)
-{
-	/* disable method "none", only allowed one time */
-	Authmethod *m = authmethod_lookup("none");
-	if (m != NULL)
-		m->enabled = NULL;
-	packet_check_eom();
-	userauth_banner();
-
-	if (authctxt->valid == 0)
-		return(0);
-
-#ifdef HAVE_CYGWIN
-	if (check_nt_auth(1, authctxt->pw) == 0)
-		return(0);
-#endif
-	return PRIVSEP(auth_password(authctxt, ""));
-}
-
-static int
-userauth_passwd(Authctxt *authctxt)
-{
-	char *password;
-	int authenticated = 0;
-	int change;
-	u_int len;
-	change = packet_get_char();
-	if (change)
-		log("password change not supported");
-	password = packet_get_string(&len);
-	packet_check_eom();
-	if (authctxt->valid &&
-#ifdef HAVE_CYGWIN
-	    check_nt_auth(1, authctxt->pw) &&
-#endif
-	    PRIVSEP(auth_password(authctxt, password)) == 1)
-		authenticated = 1;
-	memset(password, 0, len);
-	xfree(password);
-	return authenticated;
-}
-
-static int
-userauth_kbdint(Authctxt *authctxt)
-{
-	int authenticated = 0;
-	char *lang, *devs;
-
-	lang = packet_get_string(NULL);
-	devs = packet_get_string(NULL);
-	packet_check_eom();
-
-	debug("keyboard-interactive devs %s", devs);
-
-	if (options.challenge_response_authentication)
-		authenticated = auth2_challenge(authctxt, devs);
-
-#ifdef USE_PAM
-	if (authenticated == 0 && options.pam_authentication_via_kbd_int)
-		authenticated = auth2_pam(authctxt);
-#endif
-	xfree(devs);
-	xfree(lang);
-#ifdef HAVE_CYGWIN
-	if (check_nt_auth(0, authctxt->pw) == 0)
-		return(0);
-#endif
-	return authenticated;
-}
-
-static int
-userauth_pubkey(Authctxt *authctxt)
-{
-	Buffer b;
-	Key *key = NULL;
-	char *pkalg;
-	u_char *pkblob, *sig;
-	u_int alen, blen, slen;
-	int have_sig, pktype;
-	int authenticated = 0;
-
-	if (!authctxt->valid) {
-		debug2("userauth_pubkey: disabled because of invalid user");
-		return 0;
-	}
-	have_sig = packet_get_char();
-	if (datafellows & SSH_BUG_PKAUTH) {
-		debug2("userauth_pubkey: SSH_BUG_PKAUTH");
-		/* no explicit pkalg given */
-		pkblob = packet_get_string(&blen);
-		buffer_init(&b);
-		buffer_append(&b, pkblob, blen);
-		/* so we have to extract the pkalg from the pkblob */
-		pkalg = buffer_get_string(&b, &alen);
-		buffer_free(&b);
-	} else {
-		pkalg = packet_get_string(&alen);
-		pkblob = packet_get_string(&blen);
-	}
-	pktype = key_type_from_name(pkalg);
-	if (pktype == KEY_UNSPEC) {
-		/* this is perfectly legal */
-		log("userauth_pubkey: unsupported public key algorithm: %s",
-		    pkalg);
-		goto done;
-	}
-	key = key_from_blob(pkblob, blen);
-	if (key == NULL) {
-		error("userauth_pubkey: cannot decode key: %s", pkalg);
-		goto done;
-	}
-	if (key->type != pktype) {
-		error("userauth_pubkey: type mismatch for decoded key "
-		    "(received %d, expected %d)", key->type, pktype);
-		goto done;
-	}
-	if (have_sig) {
-		sig = packet_get_string(&slen);
-		packet_check_eom();
-		buffer_init(&b);
-		if (datafellows & SSH_OLD_SESSIONID) {
-			buffer_append(&b, session_id2, session_id2_len);
-		} else {
-			buffer_put_string(&b, session_id2, session_id2_len);
-		}
-		/* reconstruct packet */
-		buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
-		buffer_put_cstring(&b, authctxt->user);
-		buffer_put_cstring(&b,
-		    datafellows & SSH_BUG_PKSERVICE ?
-		    "ssh-userauth" :
-		    authctxt->service);
-		if (datafellows & SSH_BUG_PKAUTH) {
-			buffer_put_char(&b, have_sig);
-		} else {
-			buffer_put_cstring(&b, "publickey");
-			buffer_put_char(&b, have_sig);
-			buffer_put_cstring(&b, pkalg);
-		}
-		buffer_put_string(&b, pkblob, blen);
-#ifdef DEBUG_PK
-		buffer_dump(&b);
-#endif
-		/* test for correct signature */
-		authenticated = 0;
-		if (PRIVSEP(user_key_allowed(authctxt->pw, key)) &&
-		    PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b),
-				buffer_len(&b))) == 1)
-			authenticated = 1;
-		buffer_clear(&b);
-		xfree(sig);
-	} else {
-		debug("test whether pkalg/pkblob are acceptable");
-		packet_check_eom();
-
-		/* XXX fake reply and always send PK_OK ? */
-		/*
-		 * XXX this allows testing whether a user is allowed
-		 * to login: if you happen to have a valid pubkey this
-		 * message is sent. the message is NEVER sent at all
-		 * if a user is not allowed to login. is this an
-		 * issue? -markus
-		 */
-		if (PRIVSEP(user_key_allowed(authctxt->pw, key))) {
-			packet_start(SSH2_MSG_USERAUTH_PK_OK);
-			packet_put_string(pkalg, alen);
-			packet_put_string(pkblob, blen);
-			packet_send();
-			packet_write_wait();
-			authctxt->postponed = 1;
-		}
-	}
-	if (authenticated != 1)
-		auth_clear_options();
-done:
-	debug2("userauth_pubkey: authenticated %d pkalg %s", authenticated, pkalg);
-	if (key != NULL)
-		key_free(key);
-	xfree(pkalg);
-	xfree(pkblob);
-#ifdef HAVE_CYGWIN
-	if (check_nt_auth(0, authctxt->pw) == 0)
-		return(0);
-#endif
-	return authenticated;
-}
-
-static int
-userauth_hostbased(Authctxt *authctxt)
-{
-	Buffer b;
-	Key *key = NULL;
-	char *pkalg, *cuser, *chost, *service;
-	u_char *pkblob, *sig;
-	u_int alen, blen, slen;
-	int pktype;
-	int authenticated = 0;
-
-	if (!authctxt->valid) {
-		debug2("userauth_hostbased: disabled because of invalid user");
-		return 0;
-	}
-	pkalg = packet_get_string(&alen);
-	pkblob = packet_get_string(&blen);
-	chost = packet_get_string(NULL);
-	cuser = packet_get_string(NULL);
-	sig = packet_get_string(&slen);
-
-	debug("userauth_hostbased: cuser %s chost %s pkalg %s slen %d",
-	    cuser, chost, pkalg, slen);
-#ifdef DEBUG_PK
-	debug("signature:");
-	buffer_init(&b);
-	buffer_append(&b, sig, slen);
-	buffer_dump(&b);
-	buffer_free(&b);
-#endif
-	pktype = key_type_from_name(pkalg);
-	if (pktype == KEY_UNSPEC) {
-		/* this is perfectly legal */
-		log("userauth_hostbased: unsupported "
-		    "public key algorithm: %s", pkalg);
-		goto done;
-	}
-	key = key_from_blob(pkblob, blen);
-	if (key == NULL) {
-		error("userauth_hostbased: cannot decode key: %s", pkalg);
-		goto done;
-	}
-	if (key->type != pktype) {
-		error("userauth_hostbased: type mismatch for decoded key "
-		    "(received %d, expected %d)", key->type, pktype);
-		goto done;
-	}
-	service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
-	    authctxt->service;
-	buffer_init(&b);
-	buffer_put_string(&b, session_id2, session_id2_len);
-	/* reconstruct packet */
-	buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
-	buffer_put_cstring(&b, authctxt->user);
-	buffer_put_cstring(&b, service);
-	buffer_put_cstring(&b, "hostbased");
-	buffer_put_string(&b, pkalg, alen);
-	buffer_put_string(&b, pkblob, blen);
-	buffer_put_cstring(&b, chost);
-	buffer_put_cstring(&b, cuser);
-#ifdef DEBUG_PK
-	buffer_dump(&b);
-#endif
-	/* test for allowed key and correct signature */
-	authenticated = 0;
-	if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) &&
-	    PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b),
-			buffer_len(&b))) == 1)
-		authenticated = 1;
-
-	buffer_clear(&b);
-done:
-	debug2("userauth_hostbased: authenticated %d", authenticated);
-	if (key != NULL)
-		key_free(key);
-	xfree(pkalg);
-	xfree(pkblob);
-	xfree(cuser);
-	xfree(chost);
-	xfree(sig);
-	return authenticated;
-}
-
 /* get current user */

 struct passwd*