openssh/dist/auth2.c

61 #include "ssh-gss.h"
106 static int input_service_request(int, u_int32_t, struct ssh *);
107 static int input_userauth_request(int, u_int32_t, struct ssh *);
154 userauth_send_banner(struct ssh *ssh, const char *msg)
158 	if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_BANNER)) != 0 ||
159 	    (r = sshpkt_put_cstring(ssh, msg)) != 0 ||
160 	    (r = sshpkt_put_cstring(ssh, "")) != 0 ||	/* language, unused */
161 	    (r = sshpkt_send(ssh)) != 0)
167 userauth_banner(struct ssh *ssh)
176 	userauth_send_banner(ssh, banner);
186 do_authentication2(struct ssh *ssh)
188 	Authctxt *authctxt = ssh->authctxt;
190 	ssh_dispatch_init(ssh, &dispatch_protocol_error);
191 	if (ssh->kex->ext_info_c)
192 		ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &kex_input_ext_info);
193 	ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_REQUEST, &input_service_request);
194 	ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &authctxt->success);
195 	ssh->authctxt = NULL;
199 input_service_request(int type, u_int32_t seq, struct ssh *ssh)
201 	Authctxt *authctxt = ssh->authctxt;
205 	if ((r = sshpkt_get_cstring(ssh, &service, NULL)) != 0 ||
206 	    (r = sshpkt_get_end(ssh)) != 0)
212 	if (strcmp(service, "ssh-userauth") == 0) {
216 			ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_REQUEST,
223 		if ((r = sshpkt_start(ssh, SSH2_MSG_SERVICE_ACCEPT)) != 0 ||
224 		    (r = sshpkt_put_cstring(ssh, service)) != 0 ||
225 		    (r = sshpkt_send(ssh)) != 0 ||
226 		    (r = ssh_packet_write_wait(ssh)) < 0)
230 		ssh_packet_disconnect(ssh, "bad service request %s", service);
232 	ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &dispatch_protocol_error);
284 input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
286 	Authctxt *authctxt = ssh->authctxt;
295 	if ((r = sshpkt_get_cstring(ssh, &user, NULL)) != 0 ||
296 	    (r = sshpkt_get_cstring(ssh, &service, NULL)) != 0 ||
297 	    (r = sshpkt_get_cstring(ssh, &method, NULL)) != 0)
302 		      ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), user);
311 		auth_maxtries_exceeded(ssh);
314 		authctxt->pw = PRIVSEP(getpwnamallow(ssh, user));
316 		if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
327 			PRIVSEP(start_pam(ssh));
329 		ssh_packet_set_log_preamble(ssh, "%suser %s",
337 		userauth_banner(ssh);
338 		if ((r = kex_server_update_ext_info(ssh)) != 0)
341 			ssh_packet_disconnect(ssh,
345 		ssh_packet_disconnect(ssh, "Change of username or service "
350 	auth2_challenge_stop(ssh);
354 	ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
355 	ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL);
366 		authenticated =	m->userauth(ssh, method);
371 	userauth_finish(ssh, authenticated, method, NULL);
381 userauth_finish(struct ssh *ssh, int authenticated, const char *packet_method,
384 	Authctxt *authctxt = ssh->authctxt;
405 	    !auth_root_allowed(ssh, method)) {
420 				userauth_send_banner(ssh,
422 				if ((r = ssh_packet_write_wait(ssh)) < 0) {
423 					sshpkt_fatal(ssh, r,
441 	auth_log(ssh, authenticated, partial, method, submethod);
452 		ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_REQUEST,
454 		if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_SUCCESS)) != 0 ||
455 		    (r = sshpkt_send(ssh)) != 0 ||
456 		    (r = ssh_packet_write_wait(ssh)) < 0)
460 		ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user);
469 			auth_maxtries_exceeded(ssh);
473 		if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_FAILURE)) != 0 ||
474 		    (r = sshpkt_put_cstring(ssh, methods)) != 0 ||
475 		    (r = sshpkt_put_u8(ssh, partial)) != 0 ||
476 		    (r = sshpkt_send(ssh)) != 0 ||
477 		    (r = ssh_packet_write_wait(ssh)) < 0)