Cross Reference: /freebsd-11.0-release/crypto/openssh/auth1.c

Deleted Added

sdiff udiff text old ( 112870 ) new ( 113911 )

full compact

auth1.c (112870)	auth1.c (113911)
1/* 2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 3 * All rights reserved 4 * 5 * As far as I am concerned, the code I have written for this software 6 * can be used freely for any purpose. Any derived versions of this 7 * software must be clearly marked as such, and if the derived work is 8 * incompatible with the protocol description in the RFC file, it must be 9 * called by a name other than "ssh" or "Secure Shell". 10 */ 11 12#include "includes.h"	1/* 2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 3 * All rights reserved 4 * 5 * As far as I am concerned, the code I have written for this software 6 * can be used freely for any purpose. Any derived versions of this 7 * software must be clearly marked as such, and if the derived work is 8 * incompatible with the protocol description in the RFC file, it must be 9 * called by a name other than "ssh" or "Secure Shell". 10 */ 11 12#include "includes.h"
13RCSID("$OpenBSD: auth1.c,v 1.44 2002/09/26 11:38:43 markus Exp $"); 14RCSID("$FreeBSD: head/crypto/openssh/auth1.c 112870 2003-03-31 13:45:36Z des $");	13RCSID("$OpenBSD: auth1.c,v 1.47 2003/02/06 21:22:42 markus Exp $"); 14RCSID("$FreeBSD: head/crypto/openssh/auth1.c 113911 2003-04-23 17:13:13Z des $");
15 16#include "xmalloc.h" 17#include "rsa.h" 18#include "ssh1.h" 19#include "packet.h" 20#include "buffer.h" 21#include "mpaux.h" 22#include "log.h" --- 135 unchanged lines hidden (view full) --- 158 tkt.data = kdata; 159 160 if (PRIVSEP(auth_krb5(authctxt, &tkt, 161 &client_user, &reply))) { 162 authenticated = 1; 163 snprintf(info, sizeof(info), 164 " tktuser %.100s", 165 client_user);	15 16#include "xmalloc.h" 17#include "rsa.h" 18#include "ssh1.h" 19#include "packet.h" 20#include "buffer.h" 21#include "mpaux.h" 22#include "log.h" --- 135 unchanged lines hidden (view full) --- 158 tkt.data = kdata; 159 160 if (PRIVSEP(auth_krb5(authctxt, &tkt, 161 &client_user, &reply))) { 162 authenticated = 1; 163 snprintf(info, sizeof(info), 164 " tktuser %.100s", 165 client_user);
166	166
167 /* Send response to client / 168* packet_start( 169 SSH_SMSG_AUTH_KERBEROS_RESPONSE); 170 packet_put_string((char ) 171* reply.data, reply.length); 172 packet_send(); 173 packet_write_wait(); 174 --- 118 unchanged lines hidden (view full) --- 293 continue; 294 } 295 } 296 break; 297 case SSH_CMSG_AUTH_TIS_RESPONSE: 298 debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE"); 299 if (options.challenge_response_authentication == 1) { 300 char *response = packet_get_string(&dlen);	167 /* Send response to client / 168* packet_start( 169 SSH_SMSG_AUTH_KERBEROS_RESPONSE); 170 packet_put_string((char ) 171* reply.data, reply.length); 172 packet_send(); 173 packet_write_wait(); 174 --- 118 unchanged lines hidden (view full) --- 293 continue; 294 } 295 } 296 break; 297 case SSH_CMSG_AUTH_TIS_RESPONSE: 298 debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE"); 299 if (options.challenge_response_authentication == 1) { 300 char *response = packet_get_string(&dlen);
301 debug("got response '%s'", response);
302 packet_check_eom(); 303 authenticated = verify_response(authctxt, response); 304 memset(response, 'r', dlen); 305 xfree(response); 306 } 307 break; 308 309 default: --- 27 unchanged lines hidden (view full) --- 337 if (authenticated && 338 !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, pw)) { 339 packet_disconnect("Authentication rejected for uid %d.", 340 pw == NULL ? -1 : pw->pw_uid); 341 authenticated = 0; 342 } 343#else 344 /* Special handling for root */	301 packet_check_eom(); 302 authenticated = verify_response(authctxt, response); 303 memset(response, 'r', dlen); 304 xfree(response); 305 } 306 break; 307 308 default: --- 27 unchanged lines hidden (view full) --- 336 if (authenticated && 337 !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, pw)) { 338 packet_disconnect("Authentication rejected for uid %d.", 339 pw == NULL ? -1 : pw->pw_uid); 340 authenticated = 0; 341 } 342#else 343 /* Special handling for root */
345 if (!use_privsep && 346 authenticated && authctxt->pw->pw_uid == 0 &&	344 if (authenticated && authctxt->pw->pw_uid == 0 &&
347 !auth_root_allowed(get_authname(type))) 348 authenticated = 0; 349#endif 350#ifdef USE_PAM 351 if (!use_privsep && authenticated && 352 !do_pam_account(pw->pw_name, client_user)) 353 authenticated = 0; 354#endif --- 93 unchanged lines hidden ---	345 !auth_root_allowed(get_authname(type))) 346 authenticated = 0; 347#endif 348#ifdef USE_PAM 349 if (!use_privsep && authenticated && 350 !do_pam_account(pw->pw_name, client_user)) 351 authenticated = 0; 352#endif --- 93 unchanged lines hidden ---