- markus@cvs.openbsd.org 2002/06/04 19:42:35
[monitor.c] only allow enabled authentication methods; ok provos@
This commit is contained in:
parent
2e14bc71e6
commit
dcf6bfbfbd
|
@ -84,6 +84,9 @@
|
||||||
decriptor -> descriptor
|
decriptor -> descriptor
|
||||||
authentciated -> authenticated
|
authentciated -> authenticated
|
||||||
transmition -> transmission
|
transmition -> transmission
|
||||||
|
- markus@cvs.openbsd.org 2002/06/04 19:42:35
|
||||||
|
[monitor.c]
|
||||||
|
only allow enabled authentication methods; ok provos@
|
||||||
|
|
||||||
20020604
|
20020604
|
||||||
- (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed
|
- (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed
|
||||||
|
@ -768,4 +771,4 @@
|
||||||
- (stevesk) entropy.c: typo in debug message
|
- (stevesk) entropy.c: typo in debug message
|
||||||
- (djm) ssh-keygen -i needs seeded RNG; report from markus@
|
- (djm) ssh-keygen -i needs seeded RNG; report from markus@
|
||||||
|
|
||||||
$Id: ChangeLog,v 1.2166 2002/06/06 20:56:07 mouring Exp $
|
$Id: ChangeLog,v 1.2167 2002/06/06 20:57:17 mouring Exp $
|
||||||
|
|
24
monitor.c
24
monitor.c
|
@ -25,7 +25,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: monitor.c,v 1.11 2002/05/15 15:47:49 mouring Exp $");
|
RCSID("$OpenBSD: monitor.c,v 1.12 2002/06/04 19:42:35 markus Exp $");
|
||||||
|
|
||||||
#include <openssl/dh.h>
|
#include <openssl/dh.h>
|
||||||
|
|
||||||
|
@ -581,7 +581,8 @@ mm_answer_authpassword(int socket, Buffer *m)
|
||||||
|
|
||||||
passwd = buffer_get_string(m, &plen);
|
passwd = buffer_get_string(m, &plen);
|
||||||
/* Only authenticate if the context is valid */
|
/* Only authenticate if the context is valid */
|
||||||
authenticated = authctxt->valid && auth_password(authctxt, passwd);
|
authenticated = options.password_authentication &&
|
||||||
|
authctxt->valid && auth_password(authctxt, passwd);
|
||||||
memset(passwd, 0, strlen(passwd));
|
memset(passwd, 0, strlen(passwd));
|
||||||
xfree(passwd);
|
xfree(passwd);
|
||||||
|
|
||||||
|
@ -642,7 +643,8 @@ mm_answer_bsdauthrespond(int socket, Buffer *m)
|
||||||
fatal("%s: no bsd auth session", __FUNCTION__);
|
fatal("%s: no bsd auth session", __FUNCTION__);
|
||||||
|
|
||||||
response = buffer_get_string(m, NULL);
|
response = buffer_get_string(m, NULL);
|
||||||
authok = auth_userresponse(authctxt->as, response, 0);
|
authok = options.challenge_response_authentication &&
|
||||||
|
auth_userresponse(authctxt->as, response, 0);
|
||||||
authctxt->as = NULL;
|
authctxt->as = NULL;
|
||||||
debug3("%s: <%s> = <%d>", __FUNCTION__, response, authok);
|
debug3("%s: <%s> = <%d>", __FUNCTION__, response, authok);
|
||||||
xfree(response);
|
xfree(response);
|
||||||
|
@ -688,7 +690,8 @@ mm_answer_skeyrespond(int socket, Buffer *m)
|
||||||
|
|
||||||
response = buffer_get_string(m, NULL);
|
response = buffer_get_string(m, NULL);
|
||||||
|
|
||||||
authok = (authctxt->valid &&
|
authok = (options.challenge_response_authentication &&
|
||||||
|
authctxt->valid &&
|
||||||
skey_haskey(authctxt->pw->pw_name) == 0 &&
|
skey_haskey(authctxt->pw->pw_name) == 0 &&
|
||||||
skey_passcheck(authctxt->pw->pw_name, response) != -1);
|
skey_passcheck(authctxt->pw->pw_name, response) != -1);
|
||||||
|
|
||||||
|
@ -760,15 +763,18 @@ mm_answer_keyallowed(int socket, Buffer *m)
|
||||||
if (key != NULL && authctxt->pw != NULL) {
|
if (key != NULL && authctxt->pw != NULL) {
|
||||||
switch(type) {
|
switch(type) {
|
||||||
case MM_USERKEY:
|
case MM_USERKEY:
|
||||||
allowed = user_key_allowed(authctxt->pw, key);
|
allowed = options.pubkey_authentication &&
|
||||||
|
user_key_allowed(authctxt->pw, key);
|
||||||
break;
|
break;
|
||||||
case MM_HOSTKEY:
|
case MM_HOSTKEY:
|
||||||
allowed = hostbased_key_allowed(authctxt->pw,
|
allowed = options.hostbased_authentication &&
|
||||||
|
hostbased_key_allowed(authctxt->pw,
|
||||||
cuser, chost, key);
|
cuser, chost, key);
|
||||||
break;
|
break;
|
||||||
case MM_RSAHOSTKEY:
|
case MM_RSAHOSTKEY:
|
||||||
key->type = KEY_RSA1; /* XXX */
|
key->type = KEY_RSA1; /* XXX */
|
||||||
allowed = auth_rhosts_rsa_key_allowed(authctxt->pw,
|
allowed = options.rhosts_rsa_authentication &&
|
||||||
|
auth_rhosts_rsa_key_allowed(authctxt->pw,
|
||||||
cuser, chost, key);
|
cuser, chost, key);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
|
@ -958,7 +964,7 @@ mm_answer_keyverify(int socket, Buffer *m)
|
||||||
buffer_put_int(m, verified);
|
buffer_put_int(m, verified);
|
||||||
mm_request_send(socket, MONITOR_ANS_KEYVERIFY, m);
|
mm_request_send(socket, MONITOR_ANS_KEYVERIFY, m);
|
||||||
|
|
||||||
auth_method = "publickey";
|
auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased";
|
||||||
|
|
||||||
return (verified);
|
return (verified);
|
||||||
}
|
}
|
||||||
|
@ -1137,7 +1143,7 @@ mm_answer_rsa_keyallowed(int socket, Buffer *m)
|
||||||
|
|
||||||
debug3("%s entering", __FUNCTION__);
|
debug3("%s entering", __FUNCTION__);
|
||||||
|
|
||||||
if (authctxt->valid) {
|
if (options.rsa_authentication && authctxt->valid) {
|
||||||
if ((client_n = BN_new()) == NULL)
|
if ((client_n = BN_new()) == NULL)
|
||||||
fatal("%s: BN_new", __FUNCTION__);
|
fatal("%s: BN_new", __FUNCTION__);
|
||||||
buffer_get_bignum2(m, client_n);
|
buffer_get_bignum2(m, client_n);
|
||||||
|
|
Loading…
Reference in New Issue