|
Lines 265-270
struct cauthctxt {
Link Here
|
| 265 |
struct cauthmethod *method; |
265 |
struct cauthmethod *method; |
| 266 |
sig_atomic_t success; |
266 |
sig_atomic_t success; |
| 267 |
char *authlist; |
267 |
char *authlist; |
|
|
268 |
#ifdef GSSAPI |
| 269 |
/* gssapi */ |
| 270 |
gss_OID_set gss_supported_mechs; |
| 271 |
u_int mech_tried; |
| 272 |
#endif |
| 268 |
/* pubkey */ |
273 |
/* pubkey */ |
| 269 |
struct idlist keys; |
274 |
struct idlist keys; |
| 270 |
int agent_fd; |
275 |
int agent_fd; |
|
Lines 302-325
int input_userauth_passwd_changereq(int, u_int32_t, struct ssh *);
Link Here
|
| 302 |
|
307 |
|
| 303 |
int userauth_none(struct ssh *); |
308 |
int userauth_none(struct ssh *); |
| 304 |
int userauth_pubkey(struct ssh *); |
309 |
int userauth_pubkey(struct ssh *); |
|
|
310 |
void userauth_pubkey_cleanup(struct ssh *); |
| 305 |
int userauth_passwd(struct ssh *); |
311 |
int userauth_passwd(struct ssh *); |
| 306 |
int userauth_kbdint(struct ssh *); |
312 |
int userauth_kbdint(struct ssh *); |
| 307 |
int userauth_hostbased(struct ssh *); |
313 |
int userauth_hostbased(struct ssh *); |
| 308 |
|
314 |
|
| 309 |
#ifdef GSSAPI |
315 |
#ifdef GSSAPI |
|
|
316 |
<<<<<<< HEAD |
| 310 |
int userauth_gssapi(struct ssh *); |
317 |
int userauth_gssapi(struct ssh *); |
| 311 |
int input_gssapi_response(int type, u_int32_t, struct ssh *); |
318 |
void userauth_gssapi_cleanup(struct ssh *); |
| 312 |
int input_gssapi_token(int type, u_int32_t, struct ssh *); |
319 |
static int input_gssapi_response(int type, u_int32_t, struct ssh *); |
| 313 |
int input_gssapi_hash(int type, u_int32_t, struct ssh *); |
320 |
static int input_gssapi_token(int type, u_int32_t, struct ssh *); |
| 314 |
int input_gssapi_error(int, u_int32_t, struct ssh *); |
321 |
static int input_gssapi_error(int, u_int32_t, struct ssh *); |
| 315 |
int input_gssapi_errtok(int, u_int32_t, struct ssh *); |
322 |
static int input_gssapi_errtok(int, u_int32_t, struct ssh *); |
| 316 |
#endif |
323 |
#endif |
| 317 |
|
324 |
|
| 318 |
void userauth(struct ssh *, char *); |
325 |
void userauth(struct ssh *, char *); |
| 319 |
|
326 |
|
| 320 |
static int sign_and_send_pubkey(struct ssh *ssh, Identity *); |
327 |
static int sign_and_send_pubkey(struct ssh *ssh, Identity *); |
| 321 |
static void pubkey_prepare(Authctxt *); |
328 |
static void pubkey_prepare(Authctxt *); |
| 322 |
static void pubkey_cleanup(Authctxt *); |
|
|
| 323 |
static void pubkey_reset(Authctxt *); |
329 |
static void pubkey_reset(Authctxt *); |
| 324 |
static struct sshkey *load_identity_file(Identity *); |
330 |
static struct sshkey *load_identity_file(Identity *); |
| 325 |
|
331 |
|
|
Lines 331-337
Authmethod authmethods[] = {
Link Here
|
| 331 |
#ifdef GSSAPI |
337 |
#ifdef GSSAPI |
| 332 |
{"gssapi-with-mic", |
338 |
{"gssapi-with-mic", |
| 333 |
userauth_gssapi, |
339 |
userauth_gssapi, |
| 334 |
NULL, |
340 |
userauth_gssapi_cleanup, |
| 335 |
&options.gss_authentication, |
341 |
&options.gss_authentication, |
| 336 |
NULL}, |
342 |
NULL}, |
| 337 |
#endif |
343 |
#endif |
|
Lines 342-348
Authmethod authmethods[] = {
Link Here
|
| 342 |
NULL}, |
348 |
NULL}, |
| 343 |
{"publickey", |
349 |
{"publickey", |
| 344 |
userauth_pubkey, |
350 |
userauth_pubkey, |
| 345 |
NULL, |
351 |
userauth_pubkey_cleanup, |
| 346 |
&options.pubkey_authentication, |
352 |
&options.pubkey_authentication, |
| 347 |
NULL}, |
353 |
NULL}, |
| 348 |
{"keyboard-interactive", |
354 |
{"keyboard-interactive", |
|
Lines 390-395
ssh_userauth2(struct ssh *ssh, const char *local_user,
Link Here
|
| 390 |
authctxt.info_req_seen = 0; |
396 |
authctxt.info_req_seen = 0; |
| 391 |
authctxt.attempt_kbdint = 0; |
397 |
authctxt.attempt_kbdint = 0; |
| 392 |
authctxt.attempt_passwd = 0; |
398 |
authctxt.attempt_passwd = 0; |
|
|
399 |
#if GSSAPI |
| 400 |
authctxt.gss_supported_mechs = NULL;; |
| 401 |
authctxt.mech_tried = 0; |
| 402 |
#endif |
| 393 |
authctxt.agent_fd = -1; |
403 |
authctxt.agent_fd = -1; |
| 394 |
pubkey_prepare(&authctxt); |
404 |
pubkey_prepare(&authctxt); |
| 395 |
if (authctxt.method == NULL) { |
405 |
if (authctxt.method == NULL) { |
|
Lines 409-415
ssh_userauth2(struct ssh *ssh, const char *local_user,
Link Here
|
| 409 |
ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &authctxt.success); /* loop until success */ |
419 |
ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &authctxt.success); /* loop until success */ |
| 410 |
ssh->authctxt = NULL; |
420 |
ssh->authctxt = NULL; |
| 411 |
|
421 |
|
| 412 |
pubkey_cleanup(&authctxt); |
|
|
| 413 |
ssh_dispatch_range(ssh, SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL); |
422 |
ssh_dispatch_range(ssh, SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL); |
| 414 |
|
423 |
|
| 415 |
if (!authctxt.success) |
424 |
if (!authctxt.success) |
|
Lines 685-710
userauth_gssapi(struct ssh *ssh)
Link Here
|
| 685 |
{ |
694 |
{ |
| 686 |
Authctxt *authctxt = (Authctxt *)ssh->authctxt; |
695 |
Authctxt *authctxt = (Authctxt *)ssh->authctxt; |
| 687 |
Gssctxt *gssctxt = NULL; |
696 |
Gssctxt *gssctxt = NULL; |
| 688 |
static gss_OID_set gss_supported = NULL; |
|
|
| 689 |
static u_int mech = 0; |
| 690 |
OM_uint32 min; |
697 |
OM_uint32 min; |
| 691 |
int r, ok = 0; |
698 |
int r, ok = 0; |
| 692 |
|
699 |
|
| 693 |
/* Try one GSSAPI method at a time, rather than sending them all at |
700 |
/* Try one GSSAPI method at a time, rather than sending them all at |
| 694 |
* once. */ |
701 |
* once. */ |
| 695 |
|
702 |
|
| 696 |
if (gss_supported == NULL) |
703 |
if (authctxt->gss_supported_mechs == NULL) |
| 697 |
gss_indicate_mechs(&min, &gss_supported); |
704 |
gss_indicate_mechs(&min, &authctxt->gss_supported_mechs); |
| 698 |
|
705 |
|
| 699 |
/* Check to see if the mechanism is usable before we offer it */ |
706 |
/* Check to see if the mechanism is usable before we offer it */ |
| 700 |
while (mech < gss_supported->count && !ok) { |
707 |
while (authctxt->mech_tried < authctxt->gss_supported_mechs->count && !ok) { |
| 701 |
/* My DER encoding requires length<128 */ |
708 |
/* My DER encoding requires length<128 */ |
| 702 |
if (gss_supported->elements[mech].length < 128 && |
709 |
if (authctxt->gss_supported_mechs->elements[authctxt->mech_tried].length < 128 && |
| 703 |
ssh_gssapi_check_mechanism(&gssctxt, |
710 |
ssh_gssapi_check_mechanism(&gssctxt, |
| 704 |
&gss_supported->elements[mech], authctxt->host)) { |
711 |
&authctxt->gss_supported_mechs->elements[authctxt->mech_tried], authctxt->host)) { |
| 705 |
ok = 1; /* Mechanism works */ |
712 |
ok = 1; /* Mechanism works */ |
| 706 |
} else { |
713 |
} else { |
| 707 |
mech++; |
714 |
authctxt->mech_tried++; |
| 708 |
} |
715 |
} |
| 709 |
} |
716 |
} |
| 710 |
|
717 |
|
|
Lines 719-731
userauth_gssapi(struct ssh *ssh)
Link Here
|
| 719 |
(r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 || |
726 |
(r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 || |
| 720 |
(r = sshpkt_put_u32(ssh, 1)) != 0 || |
727 |
(r = sshpkt_put_u32(ssh, 1)) != 0 || |
| 721 |
(r = sshpkt_put_u32(ssh, |
728 |
(r = sshpkt_put_u32(ssh, |
| 722 |
(gss_supported->elements[mech].length) + 2)) != 0 || |
729 |
(authctxt->gss_supported_mechs->elements[authctxt->mech_tried].length) + 2)) != 0 || |
| 723 |
(r = sshpkt_put_u8(ssh, SSH_GSS_OIDTYPE)) != 0 || |
730 |
(r = sshpkt_put_u8(ssh, SSH_GSS_OIDTYPE)) != 0 || |
| 724 |
(r = sshpkt_put_u8(ssh, |
731 |
(r = sshpkt_put_u8(ssh, |
| 725 |
gss_supported->elements[mech].length)) != 0 || |
732 |
authctxt->gss_supported_mechs->elements[authctxt->mech_tried].length)) != 0 || |
| 726 |
(r = sshpkt_put(ssh, |
733 |
(r = sshpkt_put(ssh, |
| 727 |
gss_supported->elements[mech].elements, |
734 |
authctxt->gss_supported_mechs->elements[authctxt->mech_tried].elements, |
| 728 |
gss_supported->elements[mech].length)) != 0 || |
735 |
authctxt->gss_supported_mechs->elements[authctxt->mech_tried].length)) != 0 || |
| 729 |
(r = sshpkt_send(ssh)) != 0) |
736 |
(r = sshpkt_send(ssh)) != 0) |
| 730 |
fatal("%s: %s", __func__, ssh_err(r)); |
737 |
fatal("%s: %s", __func__, ssh_err(r)); |
| 731 |
|
738 |
|
|
Lines 734-744
userauth_gssapi(struct ssh *ssh)
Link Here
|
| 734 |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERROR, &input_gssapi_error); |
741 |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERROR, &input_gssapi_error); |
| 735 |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok); |
742 |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok); |
| 736 |
|
743 |
|
| 737 |
mech++; /* Move along to next candidate */ |
744 |
authctxt->mech_tried++; /* Move along to next candidate */ |
| 738 |
|
745 |
|
| 739 |
return 1; |
746 |
return 1; |
| 740 |
} |
747 |
} |
| 741 |
|
748 |
|
|
|
749 |
void |
| 750 |
userauth_gssapi_cleanup(struct ssh *ssh) |
| 751 |
{ |
| 752 |
Authctxt *authctxt = (Authctxt *)ssh->authctxt; |
| 753 |
|
| 754 |
Gssctxt *gssctxt = (Gssctxt *)authctxt->methoddata; |
| 755 |
ssh_gssapi_delete_ctx(&gssctxt); |
| 756 |
authctxt->methoddata = NULL; |
| 757 |
|
| 758 |
free(authctxt->gss_supported_mechs); |
| 759 |
authctxt->gss_supported_mechs = NULL; |
| 760 |
} |
| 761 |
|
| 742 |
static OM_uint32 |
762 |
static OM_uint32 |
| 743 |
process_gssapi_token(struct ssh *ssh, gss_buffer_t recv_tok) |
763 |
process_gssapi_token(struct ssh *ssh, gss_buffer_t recv_tok) |
| 744 |
{ |
764 |
{ |
|
Lines 1618-1626
pubkey_prepare(Authctxt *authctxt)
Link Here
|
| 1618 |
debug2("%s: done", __func__); |
1638 |
debug2("%s: done", __func__); |
| 1619 |
} |
1639 |
} |
| 1620 |
|
1640 |
|
| 1621 |
static void |
1641 |
void |
| 1622 |
pubkey_cleanup(Authctxt *authctxt) |
1642 |
userauth_pubkey_cleanup(struct ssh *ssh) |
| 1623 |
{ |
1643 |
{ |
|
|
1644 |
Authctxt *authctxt = (Authctxt *)ssh->authctxt; |
| 1645 |
|
| 1624 |
Identity *id; |
1646 |
Identity *id; |
| 1625 |
|
1647 |
|
| 1626 |
if (authctxt->agent_fd != -1) { |
1648 |
if (authctxt->agent_fd != -1) { |