tyler.durden/Win32-OpenSSH
1
0
Fork 0
mirror of https://github.com/PowerShell/Win32-OpenSSH.git synced 2025-07-25 15:04:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'L1-Prod' of https://github.com/PowerShell/Win32-OpenSSH.git

Browse Source
This commit is contained in:
Ray Hayes 2016-09-30 12:55:39 -07:00
commit 62fa4b9f1f
2 changed files with 247 additions and 246 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
contrib/win32/win32compat/ssh-agent/agent.c
View File

@ -194,7 +194,7 @@ agent_listen_loop() {
verbose("Failed to create child process %ls ERROR:%d", module_path, GetLastError()); verbose("Failed to create child process %ls ERROR:%d", module_path, GetLastError());
} }
else { else {
debug("spawned child %d ", pi.dwProcessId); debug("spawned worker %d for agent client pid %d ", pi.dwProcessId, client_pid);
CloseHandle(pi.hProcess); CloseHandle(pi.hProcess);
CloseHandle(pi.hThread); CloseHandle(pi.hThread);
} }

491
contrib/win32/win32compat/ssh-agent/authagent-request.c
View File

@ -42,178 +42,178 @@
static void static void
InitLsaString(LSA_STRING *lsa_string, const char *str) InitLsaString(LSA_STRING *lsa_string, const char *str)
{ {
if (str == NULL) if (str == NULL)
memset(lsa_string, 0, sizeof(LSA_STRING)); memset(lsa_string, 0, sizeof(LSA_STRING));
else { else {
lsa_string->Buffer = (char *)str; lsa_string->Buffer = (char *)str;
lsa_string->Length = strlen(str); lsa_string->Length = strlen(str);
lsa_string->MaximumLength = lsa_string->Length + 1; lsa_string->MaximumLength = lsa_string->Length + 1;
} }
} }
static void static void
EnablePrivilege(const char *privName, int enabled) EnablePrivilege(const char *privName, int enabled)
{ {
TOKEN_PRIVILEGES tp; TOKEN_PRIVILEGES tp;
HANDLE hProcToken = NULL; HANDLE hProcToken = NULL;
LUID luid; LUID luid;
int exitCode = 1; int exitCode = 1;
if (LookupPrivilegeValueA(NULL, privName, &luid) == FALSE || if (LookupPrivilegeValueA(NULL, privName, &luid) == FALSE ||
OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hProcToken) == FALSE) OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hProcToken) == FALSE)
goto done; goto done;
tp.PrivilegeCount = 1; tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid; tp.Privileges[0].Luid = luid;
tp.Privileges[0].Attributes = enabled ? SE_PRIVILEGE_ENABLED : 0; tp.Privileges[0].Attributes = enabled ? SE_PRIVILEGE_ENABLED : 0;
AdjustTokenPrivileges(hProcToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), NULL, NULL); AdjustTokenPrivileges(hProcToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), NULL, NULL);
done: done:
if (hProcToken) if (hProcToken)
CloseHandle(hProcToken); CloseHandle(hProcToken);
return; return;
} }
void void
LoadProfile(struct agent_connection* con, wchar_t* user, wchar_t* domain) { LoadProfile(struct agent_connection* con, wchar_t* user, wchar_t* domain) {
PROFILEINFOW profileInfo; PROFILEINFOW profileInfo;
profileInfo.dwFlags = PI_NOUI; profileInfo.dwFlags = PI_NOUI;
profileInfo.lpProfilePath = NULL; profileInfo.lpProfilePath = NULL;
profileInfo.lpUserName = user; profileInfo.lpUserName = user;
profileInfo.lpDefaultPath = NULL; profileInfo.lpDefaultPath = NULL;
profileInfo.lpServerName = domain; profileInfo.lpServerName = domain;
profileInfo.lpPolicyPath = NULL; profileInfo.lpPolicyPath = NULL;
profileInfo.hProfile = NULL; profileInfo.hProfile = NULL;
profileInfo.dwSize = sizeof(profileInfo); profileInfo.dwSize = sizeof(profileInfo);
EnablePrivilege("SeBackupPrivilege", 1); EnablePrivilege("SeBackupPrivilege", 1);
EnablePrivilege("SeRestorePrivilege", 1); EnablePrivilege("SeRestorePrivilege", 1);
if (LoadUserProfileW(con->auth_token, &profileInfo) == FALSE) if (LoadUserProfileW(con->auth_token, &profileInfo) == FALSE)
debug("Loading user (%ls,%ls) profile failed ERROR: %d", user, domain, GetLastError()); debug("Loading user (%ls,%ls) profile failed ERROR: %d", user, domain, GetLastError());
else else
con->hProfile = profileInfo.hProfile; con->hProfile = profileInfo.hProfile;
EnablePrivilege("SeBackupPrivilege", 0); EnablePrivilege("SeBackupPrivilege", 0);
EnablePrivilege("SeRestorePrivilege", 0); EnablePrivilege("SeRestorePrivilege", 0);
} }
#define MAX_USER_LEN 256 #define MAX_USER_LEN 256
static HANDLE static HANDLE
generate_user_token(wchar_t* user) { generate_user_token(wchar_t* user) {
HANDLE lsa_handle = 0, token = 0; HANDLE lsa_handle = 0, token = 0;
LSA_OPERATIONAL_MODE mode; LSA_OPERATIONAL_MODE mode;
ULONG auth_package_id; ULONG auth_package_id;
NTSTATUS ret, subStatus; NTSTATUS ret, subStatus;
void * logon_info = NULL; void * logon_info = NULL;
size_t logon_info_size; size_t logon_info_size;
LSA_STRING logon_process_name, auth_package_name, originName; LSA_STRING logon_process_name, auth_package_name, originName;
TOKEN_SOURCE sourceContext; TOKEN_SOURCE sourceContext;
PKERB_INTERACTIVE_PROFILE pProfile = NULL; PKERB_INTERACTIVE_PROFILE pProfile = NULL;
LUID logonId; LUID logonId;
QUOTA_LIMITS quotas; QUOTA_LIMITS quotas;
DWORD cbProfile; DWORD cbProfile;
BOOL domain_user; BOOL domain_user;
wchar_t user_copy[MAX_USER_LEN]; wchar_t user_copy[MAX_USER_LEN];
/* prep user name - TODO: implment an accurate check if user is domain account*/ /* prep user name - TODO: implment an accurate check if user is domain account*/
if (wcsnlen(user, MAX_USER_LEN) == MAX_USER_LEN) { if (wcsnlen(user, MAX_USER_LEN) == MAX_USER_LEN) {
debug("user length is not supported"); debug("user length is not supported");
goto done; goto done;
} }
if (wcschr(user, L'\\') != NULL) { if (wcschr(user, L'\\') != NULL) {
wchar_t *un = NULL, *dn = NULL; wchar_t *un = NULL, *dn = NULL;
DWORD un_len = 0, dn_len = 0; DWORD un_len = 0, dn_len = 0;
dn = user; dn = user;
dn_len = wcschr(user, L'\\') - user; dn_len = wcschr(user, L'\\') - user;
un = wcschr(user, L'\\') + 1; un = wcschr(user, L'\\') + 1;
un_len = wcsnlen(user, MAX_USER_LEN) - dn_len - 1; un_len = wcsnlen(user, MAX_USER_LEN) - dn_len - 1;
if (dn_len == 0 || un_len == 0) { if (dn_len == 0 || un_len == 0) {
debug("cannot get user token - bad user name"); debug("cannot get user token - bad user name");
goto done; goto done;
} }
memcpy(user_copy, un, un_len * sizeof(wchar_t)); memcpy(user_copy, un, un_len * sizeof(wchar_t));
user_copy[un_len] = L'@'; user_copy[un_len] = L'@';
memcpy(user_copy + un_len + 1, dn, dn_len * sizeof(wchar_t)); memcpy(user_copy + un_len + 1, dn, dn_len * sizeof(wchar_t));
user_copy[dn_len + 1 + un_len] = L'\0'; user_copy[dn_len + 1 + un_len] = L'\0';
user = user_copy; user = user_copy;
} }
domain_user = (wcschr(user, L'@') != NULL) ? TRUE : FALSE; domain_user = (wcschr(user, L'@') != NULL) ? TRUE : FALSE;
InitLsaString(&logon_process_name, "ssh-agent"); InitLsaString(&logon_process_name, "ssh-agent");
if (domain_user) if (domain_user)
InitLsaString(&auth_package_name, MICROSOFT_KERBEROS_NAME_A); InitLsaString(&auth_package_name, MICROSOFT_KERBEROS_NAME_A);
else else
InitLsaString(&auth_package_name, "SSH-LSA"); InitLsaString(&auth_package_name, "SSH-LSA");
InitLsaString(&originName, "sshd"); InitLsaString(&originName, "sshd");
if (ret = LsaRegisterLogonProcess(&logon_process_name, &lsa_handle, &mode) != STATUS_SUCCESS) if (ret = LsaRegisterLogonProcess(&logon_process_name, &lsa_handle, &mode) != STATUS_SUCCESS)
goto done; goto done;
if (ret = LsaLookupAuthenticationPackage(lsa_handle, &auth_package_name, &auth_package_id) != STATUS_SUCCESS) if (ret = LsaLookupAuthenticationPackage(lsa_handle, &auth_package_name, &auth_package_id) != STATUS_SUCCESS)
goto done; goto done;
if (domain_user) { if (domain_user) {
KERB_S4U_LOGON *s4u_logon; KERB_S4U_LOGON *s4u_logon;
logon_info_size = sizeof(KERB_S4U_LOGON); logon_info_size = sizeof(KERB_S4U_LOGON);
logon_info_size += (wcslen(user) * 2 + 2); logon_info_size += (wcslen(user) * 2 + 2);
logon_info = malloc(logon_info_size); logon_info = malloc(logon_info_size);
if (logon_info == NULL) if (logon_info == NULL)
goto done; goto done;
s4u_logon = (KERB_S4U_LOGON*)logon_info; s4u_logon = (KERB_S4U_LOGON*)logon_info;
s4u_logon->MessageType = KerbS4ULogon; s4u_logon->MessageType = KerbS4ULogon;
s4u_logon->Flags = 0; s4u_logon->Flags = 0;
s4u_logon->ClientUpn.Length = wcslen(user) * 2; s4u_logon->ClientUpn.Length = wcslen(user) * 2;
s4u_logon->ClientUpn.MaximumLength = s4u_logon->ClientUpn.Length; s4u_logon->ClientUpn.MaximumLength = s4u_logon->ClientUpn.Length;
s4u_logon->ClientUpn.Buffer = (WCHAR*)(s4u_logon + 1); s4u_logon->ClientUpn.Buffer = (WCHAR*)(s4u_logon + 1);
memcpy(s4u_logon->ClientUpn.Buffer, user, s4u_logon->ClientUpn.Length + 2); memcpy(s4u_logon->ClientUpn.Buffer, user, s4u_logon->ClientUpn.Length + 2);
s4u_logon->ClientRealm.Length = 0; s4u_logon->ClientRealm.Length = 0;
s4u_logon->ClientRealm.MaximumLength = 0; s4u_logon->ClientRealm.MaximumLength = 0;
s4u_logon->ClientRealm.Buffer = 0; s4u_logon->ClientRealm.Buffer = 0;
} }
else { else {
logon_info_size = (wcslen(user) + 1)*sizeof(wchar_t); logon_info_size = (wcslen(user) + 1)*sizeof(wchar_t);
logon_info = malloc(logon_info_size); logon_info = malloc(logon_info_size);
if (logon_info == NULL) if (logon_info == NULL)
goto done; goto done;
memcpy(logon_info, user, logon_info_size); memcpy(logon_info, user, logon_info_size);
} }
memcpy(sourceContext.SourceName,"sshagent", sizeof(sourceContext.SourceName)); memcpy(sourceContext.SourceName,"sshagent", sizeof(sourceContext.SourceName));
if (AllocateLocallyUniqueId(&sourceContext.SourceIdentifier) != TRUE) if (AllocateLocallyUniqueId(&sourceContext.SourceIdentifier) != TRUE)
goto done; goto done;
if (ret = LsaLogonUser(lsa_handle, if (ret = LsaLogonUser(lsa_handle,
&originName, &originName,
Network, Network,
auth_package_id, auth_package_id,
logon_info, logon_info,
logon_info_size, logon_info_size,
NULL, NULL,
&sourceContext, &sourceContext,
(PVOID*)&pProfile, (PVOID*)&pProfile,
&cbProfile, &cbProfile,
&logonId, &logonId,
&token, &token,
&quotas, &quotas,
&subStatus) != STATUS_SUCCESS) { &subStatus) != STATUS_SUCCESS) {
debug("LsaLogonUser failed %d", ret); debug("LsaLogonUser failed %d", ret);
goto done; goto done;
} }
done: done:
if (lsa_handle) if (lsa_handle)
LsaDeregisterLogonProcess(lsa_handle); LsaDeregisterLogonProcess(lsa_handle);
if (logon_info) if (logon_info)
free(logon_info); free(logon_info);
if (pProfile) if (pProfile)
LsaFreeReturnBuffer(pProfile); LsaFreeReturnBuffer(pProfile);
return token; return token;
} }
#define PUBKEY_AUTH_REQUEST "pubkey" #define PUBKEY_AUTH_REQUEST "pubkey"
@ -224,120 +224,121 @@ done:
int process_passwordauth_request(struct sshbuf* request, struct sshbuf* response, struct agent_connection* con) { int process_passwordauth_request(struct sshbuf* request, struct sshbuf* response, struct agent_connection* con) {
char *user = NULL, *pwd = NULL; char *user = NULL, *pwd = NULL;
wchar_t userW_buf[MAX_USER_NAME_LEN], pwdW_buf[MAX_PW_LEN]; wchar_t userW_buf[MAX_USER_NAME_LEN], pwdW_buf[MAX_PW_LEN];
wchar_t *userW = userW_buf, *domW = NULL, *pwdW = pwdW_buf, *tmp; wchar_t *userW = userW_buf, *domW = NULL, *pwdW = pwdW_buf, *tmp;
size_t user_len = 0, pwd_len = 0, dom_len = 0; size_t user_len = 0, pwd_len = 0, dom_len = 0;
int r = -1; int r = -1;
HANDLE token = 0, dup_token, client_proc = 0; HANDLE token = 0, dup_token, client_proc = 0;
ULONG client_pid; ULONG client_pid;
if (sshbuf_get_cstring(request, &user, &user_len) != 0 || if (sshbuf_get_cstring(request, &user, &user_len) != 0 ||
sshbuf_get_cstring(request, &pwd, &pwd_len) != 0 || sshbuf_get_cstring(request, &pwd, &pwd_len) != 0 ||
user_len == 0 || user_len == 0 ||
pwd_len == 0 ){ pwd_len == 0 ){
debug("bad password auth request"); debug("bad password auth request");
goto done; goto done;
} }
userW[0] = L'\0'; userW[0] = L'\0';
if (MultiByteToWideChar(CP_UTF8, 0, user, user_len + 1, userW, MAX_USER_NAME_LEN) == 0 || if (MultiByteToWideChar(CP_UTF8, 0, user, user_len + 1, userW, MAX_USER_NAME_LEN) == 0 ||
MultiByteToWideChar(CP_UTF8, 0, pwd, pwd_len + 1, pwdW, MAX_PW_LEN) == 0) { MultiByteToWideChar(CP_UTF8, 0, pwd, pwd_len + 1, pwdW, MAX_PW_LEN) == 0) {
debug("unable to convert user (%s) or password to UTF-16", user); debug("unable to convert user (%s) or password to UTF-16", user);
goto done; goto done;
} }
if ((tmp = wcschr(userW, L'\\')) != NULL) { if ((tmp = wcschr(userW, L'\\')) != NULL) {
domW = userW; domW = userW;
userW = tmp + 1; userW = tmp + 1;
*tmp = L'\0'; *tmp = L'\0';
} }
else if ((tmp = wcschr(userW, L'@')) != NULL) { else if ((tmp = wcschr(userW, L'@')) != NULL) {
domW = tmp + 1; domW = tmp + 1;
*tmp = L'\0'; *tmp = L'\0';
} }
if (LogonUserW(userW, domW, pwdW, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &token) == FALSE) { if (LogonUserW(userW, domW, pwdW, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &token) == FALSE) {
debug("failed to logon user"); debug("failed to logon user");
goto done; goto done;
} }
if ((FALSE == GetNamedPipeClientProcessId(con->connection, &client_pid)) || if ((FALSE == GetNamedPipeClientProcessId(con->connection, &client_pid)) ||
((client_proc = OpenProcess(PROCESS_DUP_HANDLE, FALSE, client_pid)) == NULL) || ((client_proc = OpenProcess(PROCESS_DUP_HANDLE, FALSE, client_pid)) == NULL) ||
(FALSE == DuplicateHandle(GetCurrentProcess(), token, client_proc, &dup_token, TOKEN_QUERY | TOKEN_IMPERSONATE, FALSE, DUPLICATE_SAME_ACCESS)) || (FALSE == DuplicateHandle(GetCurrentProcess(), token, client_proc, &dup_token, TOKEN_QUERY | TOKEN_IMPERSONATE, FALSE, DUPLICATE_SAME_ACCESS)) ||
(sshbuf_put_u32(response, dup_token) != 0)) { (sshbuf_put_u32(response, dup_token) != 0)) {
debug("failed to duplicate user token"); debug("failed to duplicate user token");
goto done; goto done;
} }
con->auth_token = token; con->auth_token = token;
LoadProfile(con, userW, domW); LoadProfile(con, userW, domW);
r = 0; r = 0;
done: done:
/* TODO Fix this hacky protocol*/ /* TODO Fix this hacky protocol*/
if ((r == -1) && (sshbuf_put_u8(response, SSH_AGENT_FAILURE) == 0)) if ((r == -1) && (sshbuf_put_u8(response, SSH_AGENT_FAILURE) == 0))
r = 0; r = 0;
if (user) if (user)
free(user); free(user);
if (pwd) if (pwd)
free(pwd); free(pwd);
if (client_proc) if (client_proc)
CloseHandle(client_proc); CloseHandle(client_proc);
return r; return r;
} }
int process_pubkeyauth_request(struct sshbuf* request, struct sshbuf* response, struct agent_connection* con) { int process_pubkeyauth_request(struct sshbuf* request, struct sshbuf* response, struct agent_connection* con) {
int r = -1; int r = -1;
char *key_blob, *user, *sig, *blob; char *key_blob, *user, *sig, *blob;
size_t key_blob_len, user_len, sig_len, blob_len; size_t key_blob_len, user_len, sig_len, blob_len;
struct sshkey *key = NULL; struct sshkey *key = NULL;
HANDLE token = NULL, dup_token = NULL, client_proc = NULL; HANDLE token = NULL, dup_token = NULL, client_proc = NULL;
wchar_t wuser[MAX_USER_NAME_LEN]; wchar_t wuser[MAX_USER_NAME_LEN];
PWSTR wuser_home = NULL; PWSTR wuser_home = NULL;
ULONG client_pid; ULONG client_pid;
user = NULL; user = NULL;
if (sshbuf_get_string_direct(request, &key_blob, &key_blob_len) != 0 || if (sshbuf_get_string_direct(request, &key_blob, &key_blob_len) != 0 ||
sshbuf_get_cstring(request, &user, &user_len) != 0 || sshbuf_get_cstring(request, &user, &user_len) != 0 ||
sshbuf_get_string_direct(request, &sig, &sig_len) != 0 || sshbuf_get_string_direct(request, &sig, &sig_len) != 0 ||
sshbuf_get_string_direct(request, &blob, &blob_len) != 0 || sshbuf_get_string_direct(request, &blob, &blob_len) != 0 ||
sshkey_from_blob(key_blob, key_blob_len, &key) != 0) { sshkey_from_blob(key_blob, key_blob_len, &key) != 0) {
debug("invalid pubkey auth request"); debug("invalid pubkey auth request");
goto done; goto done;
} }
wuser[0] = L'\0'; wuser[0] = L'\0';
if (MultiByteToWideChar(CP_UTF8, 0, user, user_len + 1, wuser, MAX_USER_NAME_LEN) == 0 || if (MultiByteToWideChar(CP_UTF8, 0, user, user_len + 1, wuser, MAX_USER_NAME_LEN) == 0 ||
(token = generate_user_token(wuser)) == 0) { (token = generate_user_token(wuser)) == 0) {
debug("unable to generate token for user %ls", wuser); debug("unable to generate token for user %ls", wuser);
goto done; goto done;
} }
con->auth_token = token; con->auth_token = token;
if (SHGetKnownFolderPath(&FOLDERID_Profile, 0, token, &wuser_home) != S_OK || if (SHGetKnownFolderPath(&FOLDERID_Profile, 0, token, &wuser_home) != S_OK ||
pubkey_allowed(key, wuser, wuser_home) != 1) { pubkey_allowed(key, wuser, wuser_home) != 1) {
debug("given public key is not mapped to user %ls (profile:%ls)", wuser, wuser_home); debug("given public key is not mapped to user %ls (profile:%ls)", wuser, wuser_home);
goto done; goto done;
} }
if (key_verify(key, sig, sig_len, blob, blob_len) != 1) { if (key_verify(key, sig, sig_len, blob, blob_len) != 1) {
debug("signature verification failed"); debug("signature verification failed");
goto done; goto done;
} }
if ((FALSE == GetNamedPipeClientProcessId(con->connection, &client_pid)) || if ((FALSE == GetNamedPipeClientProcessId(con->connection, &client_pid)) ||
( (client_proc = OpenProcess(PROCESS_DUP_HANDLE, FALSE, client_pid)) == NULL) || ( (client_proc = OpenProcess(PROCESS_DUP_HANDLE, FALSE, client_pid)) == NULL) ||
(FALSE == DuplicateHandle(GetCurrentProcess(), token, client_proc, &dup_token, TOKEN_QUERY | TOKEN_IMPERSONATE, FALSE, DUPLICATE_SAME_ACCESS)) || (FALSE == DuplicateHandle(GetCurrentProcess(), token, client_proc, &dup_token, TOKEN_QUERY | TOKEN_IMPERSONATE, FALSE, DUPLICATE_SAME_ACCESS)) ||
(sshbuf_put_u32(response, dup_token) != 0) ) { (sshbuf_put_u32(response, dup_token) != 0) ) {
debug("failed to authorize user"); debug("failed to authorize user");
goto done; goto done;
} }
{ {
wchar_t *tmp, *userW, *domW; wchar_t *tmp, *userW, *domW;
userW = wuser; userW = wuser;
domW = NULL;
if ((tmp = wcschr(userW, L'\\')) != NULL) { if ((tmp = wcschr(userW, L'\\')) != NULL) {
domW = userW; domW = userW;
userW = tmp + 1; userW = tmp + 1;
@ -348,41 +349,41 @@ int process_pubkeyauth_request(struct sshbuf* request, struct sshbuf* response,
domW = tmp + 1; domW = tmp + 1;
*tmp = L'\0'; *tmp = L'\0';
} }
LoadProfile(con, userW, domW); LoadProfile(con, userW, domW);
} }
r = 0; r = 0;
done: done:
/* TODO Fix this hacky protocol*/ /* TODO Fix this hacky protocol*/
if ((r == -1) && (sshbuf_put_u8(response, SSH_AGENT_FAILURE) == 0)) if ((r == -1) && (sshbuf_put_u8(response, SSH_AGENT_FAILURE) == 0))
r = 0; r = 0;
if (user) if (user)
free(user); free(user);
if (key) if (key)
sshkey_free(key); sshkey_free(key);
if (wuser_home) if (wuser_home)
CoTaskMemFree(wuser_home); CoTaskMemFree(wuser_home);
if (client_proc) if (client_proc)
CloseHandle(client_proc); CloseHandle(client_proc);
return r; return r;
} }
int process_authagent_request(struct sshbuf* request, struct sshbuf* response, struct agent_connection* con) { int process_authagent_request(struct sshbuf* request, struct sshbuf* response, struct agent_connection* con) {
char *opn; char *opn;
size_t opn_len; size_t opn_len;
if (sshbuf_get_string_direct(request, &opn, &opn_len) != 0) { if (sshbuf_get_string_direct(request, &opn, &opn_len) != 0) {
debug("invalid auth request"); debug("invalid auth request");
return -1; return -1;
} }
if (opn_len == strlen(PUBKEY_AUTH_REQUEST) && memcmp(opn, PUBKEY_AUTH_REQUEST, opn_len) == 0) if (opn_len == strlen(PUBKEY_AUTH_REQUEST) && memcmp(opn, PUBKEY_AUTH_REQUEST, opn_len) == 0)
return process_pubkeyauth_request(request, response, con); return process_pubkeyauth_request(request, response, con);
else if (opn_len == strlen(PASSWD_AUTH_REQUEST) && memcmp(opn, PASSWD_AUTH_REQUEST, opn_len) == 0) else if (opn_len == strlen(PASSWD_AUTH_REQUEST) && memcmp(opn, PASSWD_AUTH_REQUEST, opn_len) == 0)
return process_passwordauth_request(request, response, con); return process_passwordauth_request(request, response, con);
else { else {
debug("unknown auth request: %s", opn); debug("unknown auth request: %s", opn);
return -1; return -1;
} }
} }