diff options
| author | Ben Lindstrom <mouring@eviladmin.org> | 2002-06-06 20:57:17 +0000 |
|---|---|---|
| committer | Ben Lindstrom <mouring@eviladmin.org> | 2002-06-06 20:57:17 +0000 |
| commit | dcf6bfbfbdf1d201b9b9c2b0ceb0bba1ff3c8c1e (patch) | |
| tree | 5ff104f12754d44b1f4cf7fbdb11945019939903 /monitor.c | |
| parent | 2e14bc71e6f9b2235ea0f9aa4d5ae560acddfaea (diff) | |
- markus@cvs.openbsd.org 2002/06/04 19:42:35
[monitor.c]
only allow enabled authentication methods; ok provos@
Diffstat (limited to 'monitor.c')
| -rw-r--r-- | monitor.c | 24 |
1 files changed, 15 insertions, 9 deletions
| @@ -25,7 +25,7 @@ | |||
| 25 | */ | 25 | */ |
| 26 | 26 | ||
| 27 | #include "includes.h" | 27 | #include "includes.h" |
| 28 | RCSID("$OpenBSD: monitor.c,v 1.11 2002/05/15 15:47:49 mouring Exp $"); | 28 | RCSID("$OpenBSD: monitor.c,v 1.12 2002/06/04 19:42:35 markus Exp $"); |
| 29 | 29 | ||
| 30 | #include <openssl/dh.h> | 30 | #include <openssl/dh.h> |
| 31 | 31 | ||
| @@ -581,7 +581,8 @@ mm_answer_authpassword(int socket, Buffer *m) | |||
| 581 | 581 | ||
| 582 | passwd = buffer_get_string(m, &plen); | 582 | passwd = buffer_get_string(m, &plen); |
| 583 | /* Only authenticate if the context is valid */ | 583 | /* Only authenticate if the context is valid */ |
| 584 | authenticated = authctxt->valid && auth_password(authctxt, passwd); | 584 | authenticated = options.password_authentication && |
| 585 | authctxt->valid && auth_password(authctxt, passwd); | ||
| 585 | memset(passwd, 0, strlen(passwd)); | 586 | memset(passwd, 0, strlen(passwd)); |
| 586 | xfree(passwd); | 587 | xfree(passwd); |
| 587 | 588 | ||
| @@ -642,7 +643,8 @@ mm_answer_bsdauthrespond(int socket, Buffer *m) | |||
| 642 | fatal("%s: no bsd auth session", __FUNCTION__); | 643 | fatal("%s: no bsd auth session", __FUNCTION__); |
| 643 | 644 | ||
| 644 | response = buffer_get_string(m, NULL); | 645 | response = buffer_get_string(m, NULL); |
| 645 | authok = auth_userresponse(authctxt->as, response, 0); | 646 | authok = options.challenge_response_authentication && |
| 647 | auth_userresponse(authctxt->as, response, 0); | ||
| 646 | authctxt->as = NULL; | 648 | authctxt->as = NULL; |
| 647 | debug3("%s: <%s> = <%d>", __FUNCTION__, response, authok); | 649 | debug3("%s: <%s> = <%d>", __FUNCTION__, response, authok); |
| 648 | xfree(response); | 650 | xfree(response); |
| @@ -688,7 +690,8 @@ mm_answer_skeyrespond(int socket, Buffer *m) | |||
| 688 | 690 | ||
| 689 | response = buffer_get_string(m, NULL); | 691 | response = buffer_get_string(m, NULL); |
| 690 | 692 | ||
| 691 | authok = (authctxt->valid && | 693 | authok = (options.challenge_response_authentication && |
| 694 | authctxt->valid && | ||
| 692 | skey_haskey(authctxt->pw->pw_name) == 0 && | 695 | skey_haskey(authctxt->pw->pw_name) == 0 && |
| 693 | skey_passcheck(authctxt->pw->pw_name, response) != -1); | 696 | skey_passcheck(authctxt->pw->pw_name, response) != -1); |
| 694 | 697 | ||
| @@ -760,15 +763,18 @@ mm_answer_keyallowed(int socket, Buffer *m) | |||
| 760 | if (key != NULL && authctxt->pw != NULL) { | 763 | if (key != NULL && authctxt->pw != NULL) { |
| 761 | switch(type) { | 764 | switch(type) { |
| 762 | case MM_USERKEY: | 765 | case MM_USERKEY: |
| 763 | allowed = user_key_allowed(authctxt->pw, key); | 766 | allowed = options.pubkey_authentication && |
| 767 | user_key_allowed(authctxt->pw, key); | ||
| 764 | break; | 768 | break; |
| 765 | case MM_HOSTKEY: | 769 | case MM_HOSTKEY: |
| 766 | allowed = hostbased_key_allowed(authctxt->pw, | 770 | allowed = options.hostbased_authentication && |
| 771 | hostbased_key_allowed(authctxt->pw, | ||
| 767 | cuser, chost, key); | 772 | cuser, chost, key); |
| 768 | break; | 773 | break; |
| 769 | case MM_RSAHOSTKEY: | 774 | case MM_RSAHOSTKEY: |
| 770 | key->type = KEY_RSA1; /* XXX */ | 775 | key->type = KEY_RSA1; /* XXX */ |
| 771 | allowed = auth_rhosts_rsa_key_allowed(authctxt->pw, | 776 | allowed = options.rhosts_rsa_authentication && |
| 777 | auth_rhosts_rsa_key_allowed(authctxt->pw, | ||
| 772 | cuser, chost, key); | 778 | cuser, chost, key); |
| 773 | break; | 779 | break; |
| 774 | default: | 780 | default: |
| @@ -958,7 +964,7 @@ mm_answer_keyverify(int socket, Buffer *m) | |||
| 958 | buffer_put_int(m, verified); | 964 | buffer_put_int(m, verified); |
| 959 | mm_request_send(socket, MONITOR_ANS_KEYVERIFY, m); | 965 | mm_request_send(socket, MONITOR_ANS_KEYVERIFY, m); |
| 960 | 966 | ||
| 961 | auth_method = "publickey"; | 967 | auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased"; |
| 962 | 968 | ||
| 963 | return (verified); | 969 | return (verified); |
| 964 | } | 970 | } |
| @@ -1137,7 +1143,7 @@ mm_answer_rsa_keyallowed(int socket, Buffer *m) | |||
| 1137 | 1143 | ||
| 1138 | debug3("%s entering", __FUNCTION__); | 1144 | debug3("%s entering", __FUNCTION__); |
| 1139 | 1145 | ||
| 1140 | if (authctxt->valid) { | 1146 | if (options.rsa_authentication && authctxt->valid) { |
| 1141 | if ((client_n = BN_new()) == NULL) | 1147 | if ((client_n = BN_new()) == NULL) |
| 1142 | fatal("%s: BN_new", __FUNCTION__); | 1148 | fatal("%s: BN_new", __FUNCTION__); |
| 1143 | buffer_get_bignum2(m, client_n); | 1149 | buffer_get_bignum2(m, client_n); |