auth1.c (112870) | auth1.c (113911) |
---|---|
1/* 2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 3 * All rights reserved 4 * 5 * As far as I am concerned, the code I have written for this software 6 * can be used freely for any purpose. Any derived versions of this 7 * software must be clearly marked as such, and if the derived work is 8 * incompatible with the protocol description in the RFC file, it must be 9 * called by a name other than "ssh" or "Secure Shell". 10 */ 11 12#include "includes.h" | 1/* 2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 3 * All rights reserved 4 * 5 * As far as I am concerned, the code I have written for this software 6 * can be used freely for any purpose. Any derived versions of this 7 * software must be clearly marked as such, and if the derived work is 8 * incompatible with the protocol description in the RFC file, it must be 9 * called by a name other than "ssh" or "Secure Shell". 10 */ 11 12#include "includes.h" |
13RCSID("$OpenBSD: auth1.c,v 1.44 2002/09/26 11:38:43 markus Exp $"); 14RCSID("$FreeBSD: head/crypto/openssh/auth1.c 112870 2003-03-31 13:45:36Z des $"); | 13RCSID("$OpenBSD: auth1.c,v 1.47 2003/02/06 21:22:42 markus Exp $"); 14RCSID("$FreeBSD: head/crypto/openssh/auth1.c 113911 2003-04-23 17:13:13Z des $"); |
15 16#include "xmalloc.h" 17#include "rsa.h" 18#include "ssh1.h" 19#include "packet.h" 20#include "buffer.h" 21#include "mpaux.h" 22#include "log.h" --- 135 unchanged lines hidden (view full) --- 158 tkt.data = kdata; 159 160 if (PRIVSEP(auth_krb5(authctxt, &tkt, 161 &client_user, &reply))) { 162 authenticated = 1; 163 snprintf(info, sizeof(info), 164 " tktuser %.100s", 165 client_user); | 15 16#include "xmalloc.h" 17#include "rsa.h" 18#include "ssh1.h" 19#include "packet.h" 20#include "buffer.h" 21#include "mpaux.h" 22#include "log.h" --- 135 unchanged lines hidden (view full) --- 158 tkt.data = kdata; 159 160 if (PRIVSEP(auth_krb5(authctxt, &tkt, 161 &client_user, &reply))) { 162 authenticated = 1; 163 snprintf(info, sizeof(info), 164 " tktuser %.100s", 165 client_user); |
166 | 166 |
167 /* Send response to client */ 168 packet_start( 169 SSH_SMSG_AUTH_KERBEROS_RESPONSE); 170 packet_put_string((char *) 171 reply.data, reply.length); 172 packet_send(); 173 packet_write_wait(); 174 --- 118 unchanged lines hidden (view full) --- 293 continue; 294 } 295 } 296 break; 297 case SSH_CMSG_AUTH_TIS_RESPONSE: 298 debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE"); 299 if (options.challenge_response_authentication == 1) { 300 char *response = packet_get_string(&dlen); | 167 /* Send response to client */ 168 packet_start( 169 SSH_SMSG_AUTH_KERBEROS_RESPONSE); 170 packet_put_string((char *) 171 reply.data, reply.length); 172 packet_send(); 173 packet_write_wait(); 174 --- 118 unchanged lines hidden (view full) --- 293 continue; 294 } 295 } 296 break; 297 case SSH_CMSG_AUTH_TIS_RESPONSE: 298 debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE"); 299 if (options.challenge_response_authentication == 1) { 300 char *response = packet_get_string(&dlen); |
301 debug("got response '%s'", response); | |
302 packet_check_eom(); 303 authenticated = verify_response(authctxt, response); 304 memset(response, 'r', dlen); 305 xfree(response); 306 } 307 break; 308 309 default: --- 27 unchanged lines hidden (view full) --- 337 if (authenticated && 338 !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, pw)) { 339 packet_disconnect("Authentication rejected for uid %d.", 340 pw == NULL ? -1 : pw->pw_uid); 341 authenticated = 0; 342 } 343#else 344 /* Special handling for root */ | 301 packet_check_eom(); 302 authenticated = verify_response(authctxt, response); 303 memset(response, 'r', dlen); 304 xfree(response); 305 } 306 break; 307 308 default: --- 27 unchanged lines hidden (view full) --- 336 if (authenticated && 337 !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, pw)) { 338 packet_disconnect("Authentication rejected for uid %d.", 339 pw == NULL ? -1 : pw->pw_uid); 340 authenticated = 0; 341 } 342#else 343 /* Special handling for root */ |
345 if (!use_privsep && 346 authenticated && authctxt->pw->pw_uid == 0 && | 344 if (authenticated && authctxt->pw->pw_uid == 0 && |
347 !auth_root_allowed(get_authname(type))) 348 authenticated = 0; 349#endif 350#ifdef USE_PAM 351 if (!use_privsep && authenticated && 352 !do_pam_account(pw->pw_name, client_user)) 353 authenticated = 0; 354#endif --- 93 unchanged lines hidden --- | 345 !auth_root_allowed(get_authname(type))) 346 authenticated = 0; 347#endif 348#ifdef USE_PAM 349 if (!use_privsep && authenticated && 350 !do_pam_account(pw->pw_name, client_user)) 351 authenticated = 0; 352#endif --- 93 unchanged lines hidden --- |