|
Lines 188-194
struct mon_table mon_dispatch_proto20[]
Link Here
|
| 188 |
{MONITOR_REQ_PAM_ACCOUNT, 0, mm_answer_pam_account}, |
188 |
{MONITOR_REQ_PAM_ACCOUNT, 0, mm_answer_pam_account}, |
| 189 |
{MONITOR_REQ_PAM_INIT_CTX, MON_ISAUTH, mm_answer_pam_init_ctx}, |
189 |
{MONITOR_REQ_PAM_INIT_CTX, MON_ISAUTH, mm_answer_pam_init_ctx}, |
| 190 |
{MONITOR_REQ_PAM_QUERY, MON_ISAUTH, mm_answer_pam_query}, |
190 |
{MONITOR_REQ_PAM_QUERY, MON_ISAUTH, mm_answer_pam_query}, |
| 191 |
{MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, |
191 |
{MONITOR_REQ_PAM_RESPOND, MON_AUTH, mm_answer_pam_respond}, |
| 192 |
{MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, |
192 |
{MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, |
| 193 |
#endif |
193 |
#endif |
| 194 |
#ifdef SSH_AUDIT_EVENTS |
194 |
#ifdef SSH_AUDIT_EVENTS |
|
Lines 231-238
struct mon_table mon_dispatch_proto15[]
Link Here
|
| 231 |
{MONITOR_REQ_SESSKEY, MON_ONCE, mm_answer_sesskey}, |
231 |
{MONITOR_REQ_SESSKEY, MON_ONCE, mm_answer_sesskey}, |
| 232 |
{MONITOR_REQ_SESSID, MON_ONCE, mm_answer_sessid}, |
232 |
{MONITOR_REQ_SESSID, MON_ONCE, mm_answer_sessid}, |
| 233 |
{MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, |
233 |
{MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, |
| 234 |
{MONITOR_REQ_RSAKEYALLOWED, MON_ISAUTH, mm_answer_rsa_keyallowed}, |
234 |
{MONITOR_REQ_RSAKEYALLOWED, MON_AUTH, mm_answer_rsa_keyallowed}, |
| 235 |
{MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed}, |
235 |
{MONITOR_REQ_KEYALLOWED, MON_AUTH, mm_answer_keyallowed}, |
| 236 |
{MONITOR_REQ_RSACHALLENGE, MON_ONCE, mm_answer_rsa_challenge}, |
236 |
{MONITOR_REQ_RSACHALLENGE, MON_ONCE, mm_answer_rsa_challenge}, |
| 237 |
{MONITOR_REQ_RSARESPONSE, MON_ONCE|MON_AUTHDECIDE, mm_answer_rsa_response}, |
237 |
{MONITOR_REQ_RSARESPONSE, MON_ONCE|MON_AUTHDECIDE, mm_answer_rsa_response}, |
| 238 |
#ifdef BSD_AUTH |
238 |
#ifdef BSD_AUTH |
|
Lines 248-254
struct mon_table mon_dispatch_proto15[]
Link Here
|
| 248 |
{MONITOR_REQ_PAM_ACCOUNT, 0, mm_answer_pam_account}, |
248 |
{MONITOR_REQ_PAM_ACCOUNT, 0, mm_answer_pam_account}, |
| 249 |
{MONITOR_REQ_PAM_INIT_CTX, MON_ISAUTH, mm_answer_pam_init_ctx}, |
249 |
{MONITOR_REQ_PAM_INIT_CTX, MON_ISAUTH, mm_answer_pam_init_ctx}, |
| 250 |
{MONITOR_REQ_PAM_QUERY, MON_ISAUTH, mm_answer_pam_query}, |
250 |
{MONITOR_REQ_PAM_QUERY, MON_ISAUTH, mm_answer_pam_query}, |
| 251 |
{MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, |
251 |
{MONITOR_REQ_PAM_RESPOND, MON_AUTH, mm_answer_pam_respond}, |
| 252 |
{MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, |
252 |
{MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, |
| 253 |
#endif |
253 |
#endif |
| 254 |
#ifdef SSH_AUDIT_EVENTS |
254 |
#ifdef SSH_AUDIT_EVENTS |
|
Lines 921-927
mm_answer_pam_respond(int sock, Buffer *
Link Here
|
| 921 |
buffer_clear(m); |
921 |
buffer_clear(m); |
| 922 |
buffer_put_int(m, ret); |
922 |
buffer_put_int(m, ret); |
| 923 |
mm_request_send(sock, MONITOR_ANS_PAM_RESPOND, m); |
923 |
mm_request_send(sock, MONITOR_ANS_PAM_RESPOND, m); |
| 924 |
auth_method = "keyboard-interactive/pam"; |
924 |
auth_method = compat20 ? "keyboard-interactive/pam" : |
|
|
925 |
"challenge-response"; |
| 925 |
if (ret == 0) |
926 |
if (ret == 0) |
| 926 |
sshpam_authok = sshpam_ctxt; |
927 |
sshpam_authok = sshpam_ctxt; |
| 927 |
return (0); |
928 |
return (0); |
|
Lines 980-996
mm_answer_keyallowed(int sock, Buffer *m
Link Here
|
| 980 |
case MM_USERKEY: |
981 |
case MM_USERKEY: |
| 981 |
allowed = options.pubkey_authentication && |
982 |
allowed = options.pubkey_authentication && |
| 982 |
user_key_allowed(authctxt->pw, key); |
983 |
user_key_allowed(authctxt->pw, key); |
|
|
984 |
auth_method = "publickey"; |
| 983 |
break; |
985 |
break; |
| 984 |
case MM_HOSTKEY: |
986 |
case MM_HOSTKEY: |
| 985 |
allowed = options.hostbased_authentication && |
987 |
allowed = options.hostbased_authentication && |
| 986 |
hostbased_key_allowed(authctxt->pw, |
988 |
hostbased_key_allowed(authctxt->pw, |
| 987 |
cuser, chost, key); |
989 |
cuser, chost, key); |
|
|
990 |
auth_method = "hostbased"; |
| 988 |
break; |
991 |
break; |
| 989 |
case MM_RSAHOSTKEY: |
992 |
case MM_RSAHOSTKEY: |
| 990 |
key->type = KEY_RSA1; /* XXX */ |
993 |
key->type = KEY_RSA1; /* XXX */ |
| 991 |
allowed = options.rhosts_rsa_authentication && |
994 |
allowed = options.rhosts_rsa_authentication && |
| 992 |
auth_rhosts_rsa_key_allowed(authctxt->pw, |
995 |
auth_rhosts_rsa_key_allowed(authctxt->pw, |
| 993 |
cuser, chost, key); |
996 |
cuser, chost, key); |
|
|
997 |
auth_method = "rsa"; |
| 994 |
break; |
998 |
break; |
| 995 |
default: |
999 |
default: |
| 996 |
fatal("%s: unknown key type %d", __func__, type); |
1000 |
fatal("%s: unknown key type %d", __func__, type); |
|
Lines 1010-1015
mm_answer_keyallowed(int sock, Buffer *m
Link Here
|
| 1010 |
key_blobtype = type; |
1014 |
key_blobtype = type; |
| 1011 |
hostbased_cuser = cuser; |
1015 |
hostbased_cuser = cuser; |
| 1012 |
hostbased_chost = chost; |
1016 |
hostbased_chost = chost; |
|
|
1017 |
} else { |
| 1018 |
/* Log failed attempt */ |
| 1019 |
auth_log(authctxt, 0, auth_method, compat20 ? " ssh2" : ""); |
| 1013 |
} |
1020 |
} |
| 1014 |
|
1021 |
|
| 1015 |
debug3("%s: key %p is %s", |
1022 |
debug3("%s: key %p is %s", |
|
Lines 1374-1379
mm_answer_rsa_keyallowed(int sock, Buffe
Link Here
|
| 1374 |
|
1381 |
|
| 1375 |
debug3("%s entering", __func__); |
1382 |
debug3("%s entering", __func__); |
| 1376 |
|
1383 |
|
|
|
1384 |
auth_method = "rsa"; |
| 1377 |
if (options.rsa_authentication && authctxt->valid) { |
1385 |
if (options.rsa_authentication && authctxt->valid) { |
| 1378 |
if ((client_n = BN_new()) == NULL) |
1386 |
if ((client_n = BN_new()) == NULL) |
| 1379 |
fatal("%s: BN_new", __func__); |
1387 |
fatal("%s: BN_new", __func__); |