diff options
author | Damien Miller <djm@mindrot.org> | 2003-09-02 22:51:17 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2003-09-02 22:51:17 +1000 |
commit | 1a0c0b96219b037865d624079a81ab7d88bbccc1 (patch) | |
tree | ad24303a17d1f49c98b66d5bfe014103019411af /auth1.c | |
parent | 55c47edc81accd3118fc0fda2c37765631c0aef0 (diff) |
- markus@cvs.openbsd.org 2003/08/28 12:54:34
[auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c]
[monitor_wrap.h readconf.c servconf.c session.c ssh_config.5]
[sshconnect1.c sshd.c sshd_config sshd_config.5]
remove kerberos support from ssh1, since it has been replaced with GSSAPI;
but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
Diffstat (limited to 'auth1.c')
-rw-r--r-- | auth1.c | 57 |
1 files changed, 1 insertions, 56 deletions
@@ -10,7 +10,7 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include "includes.h" | 12 | #include "includes.h" |
13 | RCSID("$OpenBSD: auth1.c,v 1.50 2003/08/13 08:46:30 markus Exp $"); | 13 | RCSID("$OpenBSD: auth1.c,v 1.52 2003/08/28 12:54:34 markus Exp $"); |
14 | 14 | ||
15 | #include "xmalloc.h" | 15 | #include "xmalloc.h" |
16 | #include "rsa.h" | 16 | #include "rsa.h" |
@@ -49,10 +49,6 @@ get_authname(int type) | |||
49 | case SSH_CMSG_AUTH_TIS: | 49 | case SSH_CMSG_AUTH_TIS: |
50 | case SSH_CMSG_AUTH_TIS_RESPONSE: | 50 | case SSH_CMSG_AUTH_TIS_RESPONSE: |
51 | return "challenge-response"; | 51 | return "challenge-response"; |
52 | #ifdef KRB5 | ||
53 | case SSH_CMSG_AUTH_KERBEROS: | ||
54 | return "kerberos"; | ||
55 | #endif | ||
56 | } | 52 | } |
57 | snprintf(buf, sizeof buf, "bad-auth-msg-%d", type); | 53 | snprintf(buf, sizeof buf, "bad-auth-msg-%d", type); |
58 | return buf; | 54 | return buf; |
@@ -119,47 +115,6 @@ do_authloop(Authctxt *authctxt) | |||
119 | 115 | ||
120 | /* Process the packet. */ | 116 | /* Process the packet. */ |
121 | switch (type) { | 117 | switch (type) { |
122 | |||
123 | #ifdef KRB5 | ||
124 | case SSH_CMSG_AUTH_KERBEROS: | ||
125 | if (!options.kerberos_authentication) { | ||
126 | verbose("Kerberos authentication disabled."); | ||
127 | } else { | ||
128 | char *kdata = packet_get_string(&dlen); | ||
129 | packet_check_eom(); | ||
130 | |||
131 | if (kdata[0] != 4) { /* KRB_PROT_VERSION */ | ||
132 | krb5_data tkt, reply; | ||
133 | tkt.length = dlen; | ||
134 | tkt.data = kdata; | ||
135 | |||
136 | if (PRIVSEP(auth_krb5(authctxt, &tkt, | ||
137 | &client_user, &reply))) { | ||
138 | authenticated = 1; | ||
139 | snprintf(info, sizeof(info), | ||
140 | " tktuser %.100s", | ||
141 | client_user); | ||
142 | |||
143 | /* Send response to client */ | ||
144 | packet_start( | ||
145 | SSH_SMSG_AUTH_KERBEROS_RESPONSE); | ||
146 | packet_put_string((char *) | ||
147 | reply.data, reply.length); | ||
148 | packet_send(); | ||
149 | packet_write_wait(); | ||
150 | |||
151 | if (reply.length) | ||
152 | xfree(reply.data); | ||
153 | } | ||
154 | } | ||
155 | xfree(kdata); | ||
156 | } | ||
157 | break; | ||
158 | case SSH_CMSG_HAVE_KERBEROS_TGT: | ||
159 | packet_send_debug("Kerberos TGT passing disabled before authentication."); | ||
160 | break; | ||
161 | #endif | ||
162 | |||
163 | case SSH_CMSG_AUTH_RHOSTS_RSA: | 118 | case SSH_CMSG_AUTH_RHOSTS_RSA: |
164 | if (!options.rhosts_rsa_authentication) { | 119 | if (!options.rhosts_rsa_authentication) { |
165 | verbose("Rhosts with RSA authentication disabled."); | 120 | verbose("Rhosts with RSA authentication disabled."); |
@@ -337,16 +292,6 @@ do_authentication(void) | |||
337 | if ((style = strchr(user, ':')) != NULL) | 292 | if ((style = strchr(user, ':')) != NULL) |
338 | *style++ = '\0'; | 293 | *style++ = '\0'; |
339 | 294 | ||
340 | #ifdef KRB5 | ||
341 | /* XXX - SSH.com Kerberos v5 braindeath. */ | ||
342 | if ((datafellows & SSH_BUG_K5USER) && | ||
343 | options.kerberos_authentication) { | ||
344 | char *p; | ||
345 | if ((p = strchr(user, '@')) != NULL) | ||
346 | *p = '\0'; | ||
347 | } | ||
348 | #endif | ||
349 | |||
350 | authctxt = authctxt_new(); | 295 | authctxt = authctxt_new(); |
351 | authctxt->user = user; | 296 | authctxt->user = user; |
352 | authctxt->style = style; | 297 | authctxt->style = style; |