Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-5]: src/crypto/dist/ssh Pull up revisions 1.2-1.4 (requested by...
details: https://anonhg.NetBSD.org/src/rev/fd9dd50a4388
branches: netbsd-1-5
changeset: 490700:fd9dd50a4388
user: he <he%NetBSD.org@localhost>
date: Mon Feb 26 20:26:49 2001 +0000
description:
Pull up revisions 1.2-1.4 (requested by itojun):
Update SSH to version found on trunk as of 26 Feb 2001.
diffstat:
crypto/dist/ssh/auth2.c | 628 ++++++++++++++++++++++++++++++++++++++++++++
crypto/dist/ssh/pathnames.h | 113 +++++++
crypto/dist/ssh/random.c | 108 +++++++
crypto/dist/ssh/ssh.h | 85 +++++
4 files changed, 934 insertions(+), 0 deletions(-)
diffs (truncated from 950 to 300 lines):
diff -r c6ac2e997a89 -r fd9dd50a4388 crypto/dist/ssh/auth2.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/crypto/dist/ssh/auth2.c Mon Feb 26 20:26:49 2001 +0000
@@ -0,0 +1,628 @@
+/*
+ * Copyright (c) 2000 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+RCSID("$OpenBSD: auth2.c,v 1.42 2001/02/13 22:49:40 markus Exp $");
+
+#include <openssl/evp.h>
+
+#include "ssh2.h"
+#include "xmalloc.h"
+#include "rsa.h"
+#include "pty.h"
+#include "packet.h"
+#include "buffer.h"
+#include "log.h"
+#include "servconf.h"
+#include "compat.h"
+#include "channels.h"
+#include "bufaux.h"
+#include "auth.h"
+#include "session.h"
+#include "dispatch.h"
+#include "key.h"
+#include "cipher.h"
+#include "kex.h"
+#include "pathnames.h"
+#include "uidswap.h"
+#include "auth-options.h"
+
+/* import */
+extern ServerOptions options;
+extern u_char *session_id2;
+extern int session_id2_len;
+
+static Authctxt *x_authctxt = NULL;
+static int one = 1;
+
+typedef struct Authmethod Authmethod;
+struct Authmethod {
+ char *name;
+ int (*userauth)(Authctxt *authctxt);
+ int *enabled;
+};
+
+/* protocol */
+
+void input_service_request(int type, int plen, void *ctxt);
+void input_userauth_request(int type, int plen, void *ctxt);
+void protocol_error(int type, int plen, void *ctxt);
+
+/* helper */
+Authmethod *authmethod_lookup(const char *name);
+struct passwd *pwcopy(struct passwd *pw);
+int user_key_allowed(struct passwd *pw, Key *key);
+char *authmethods_get(void);
+
+/* auth */
+void userauth_banner(void);
+int userauth_none(Authctxt *authctxt);
+int userauth_passwd(Authctxt *authctxt);
+int userauth_pubkey(Authctxt *authctxt);
+int userauth_kbdint(Authctxt *authctxt);
+
+Authmethod authmethods[] = {
+ {"none",
+ userauth_none,
+ &one},
+ {"publickey",
+ userauth_pubkey,
+ &options.pubkey_authentication},
+ {"password",
+ userauth_passwd,
+ &options.password_authentication},
+ {"keyboard-interactive",
+ userauth_kbdint,
+ &options.kbd_interactive_authentication},
+ {NULL, NULL, NULL}
+};
+
+/*
+ * loop until authctxt->success == TRUE
+ */
+
+void
+do_authentication2()
+{
+ Authctxt *authctxt = authctxt_new();
+
+ x_authctxt = authctxt; /*XXX*/
+
+ /* challenge-reponse is implemented via keyboard interactive */
+ if (options.challenge_reponse_authentication)
+ options.kbd_interactive_authentication = 1;
+
+ dispatch_init(&protocol_error);
+ dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request);
+ dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt);
+ do_authenticated2(authctxt);
+}
+
+void
+protocol_error(int type, int plen, void *ctxt)
+{
+ log("auth: protocol error: type %d plen %d", type, plen);
+ packet_start(SSH2_MSG_UNIMPLEMENTED);
+ packet_put_int(0);
+ packet_send();
+ packet_write_wait();
+}
+
+void
+input_service_request(int type, int plen, void *ctxt)
+{
+ Authctxt *authctxt = ctxt;
+ u_int len;
+ int accept = 0;
+ char *service = packet_get_string(&len);
+ packet_done();
+
+ if (authctxt == NULL)
+ fatal("input_service_request: no authctxt");
+
+ if (strcmp(service, "ssh-userauth") == 0) {
+ if (!authctxt->success) {
+ accept = 1;
+ /* now we can handle user-auth requests */
+ dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &input_userauth_request);
+ }
+ }
+ /* XXX all other service requests are denied */
+
+ if (accept) {
+ packet_start(SSH2_MSG_SERVICE_ACCEPT);
+ packet_put_cstring(service);
+ packet_send();
+ packet_write_wait();
+ } else {
+ debug("bad service request %s", service);
+ packet_disconnect("bad service request %s", service);
+ }
+ xfree(service);
+}
+
+void
+input_userauth_request(int type, int plen, void *ctxt)
+{
+ Authctxt *authctxt = ctxt;
+ Authmethod *m = NULL;
+ char *user, *service, *method, *style = NULL;
+ int authenticated = 0;
+
+ if (authctxt == NULL)
+ fatal("input_userauth_request: no authctxt");
+
+ user = packet_get_string(NULL);
+ service = packet_get_string(NULL);
+ method = packet_get_string(NULL);
+ debug("userauth-request for user %s service %s method %s", user, service, method);
+ debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
+
+ if ((style = strchr(user, ':')) != NULL)
+ *style++ = 0;
+
+ if (authctxt->attempt++ == 0) {
+ /* setup auth context */
+ struct passwd *pw = NULL;
+ pw = getpwnam(user);
+ if (pw && allowed_user(pw) && strcmp(service, "ssh-connection")==0) {
+ authctxt->pw = pwcopy(pw);
+ authctxt->valid = 1;
+ debug2("input_userauth_request: setting up authctxt for %s", user);
+ } else {
+ log("input_userauth_request: illegal user %s", user);
+ }
+ setproctitle("%s", pw ? user : "unknown");
+ authctxt->user = xstrdup(user);
+ authctxt->service = xstrdup(service);
+ authctxt->style = style ? xstrdup(style) : NULL; /* currently unused */
+ } else if (authctxt->valid) {
+ if (strcmp(user, authctxt->user) != 0 ||
+ strcmp(service, authctxt->service) != 0) {
+ log("input_userauth_request: missmatch: (%s,%s)!=(%s,%s)",
+ user, service, authctxt->user, authctxt->service);
+ authctxt->valid = 0;
+ }
+ }
+ /* reset state */
+ dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, &protocol_error);
+ authctxt->postponed = 0;
+
+ /* try to authenticate user */
+ m = authmethod_lookup(method);
+ if (m != NULL) {
+ debug2("input_userauth_request: try method %s", method);
+ authenticated = m->userauth(authctxt);
+ }
+ if (!authctxt->valid && authenticated)
+ fatal("INTERNAL ERROR: authenticated invalid user %s",
+ authctxt->user);
+
+ /* Special handling for root */
+ if (authenticated && authctxt->pw->pw_uid == 0 &&
+ !auth_root_allowed(method))
+ authenticated = 0;
+
+ /* Log before sending the reply */
+ auth_log(authctxt, authenticated, method, " ssh2");
+
+ if (!authctxt->postponed)
+ userauth_reply(authctxt, authenticated);
+
+ xfree(service);
+ xfree(user);
+ xfree(method);
+}
+
+void
+userauth_banner(void)
+{
+ struct stat st;
+ char *banner = NULL;
+ off_t len, n;
+ int fd;
+
+ if (options.banner == NULL || (datafellows & SSH_BUG_BANNER))
+ return;
+ if ((fd = open(options.banner, O_RDONLY)) < 0) {
+ error("userauth_banner: open %s failed: %s",
+ options.banner, strerror(errno));
+ return;
+ }
+ if (fstat(fd, &st) < 0)
+ goto done;
+ len = st.st_size;
+ banner = xmalloc(len + 1);
+ if ((n = read(fd, banner, len)) < 0)
+ goto done;
+ banner[n] = '\0';
+ packet_start(SSH2_MSG_USERAUTH_BANNER);
+ packet_put_cstring(banner);
+ packet_put_cstring(""); /* language, unused */
+ packet_send();
+ debug("userauth_banner: sent");
+done:
+ if (banner)
+ xfree(banner);
+ close(fd);
+ return;
+}
+
+void
+userauth_reply(Authctxt *authctxt, int authenticated)
+{
+ char *methods;
+
+ /* XXX todo: check if multiple auth methods are needed */
+ if (authenticated == 1) {
+ /* turn off userauth */
+ dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &protocol_error);
+ packet_start(SSH2_MSG_USERAUTH_SUCCESS);
+ packet_send();
+ packet_write_wait();
+ /* now we can break out */
+ authctxt->success = 1;
+ } else {
+ if (authctxt->failures++ > AUTH_FAIL_MAX)
+ packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
+ methods = authmethods_get();
+ packet_start(SSH2_MSG_USERAUTH_FAILURE);
+ packet_put_cstring(methods);
+ packet_put_char(0); /* XXX partial success, unused */
+ packet_send();
+ packet_write_wait();
+ xfree(methods);
+ }
Home |
Main Index |
Thread Index |
Old Index