diff options
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | monitor.c | 24 |
2 files changed, 19 insertions, 10 deletions
| @@ -84,6 +84,9 @@ | |||
| 84 | decriptor -> descriptor | 84 | decriptor -> descriptor |
| 85 | authentciated -> authenticated | 85 | authentciated -> authenticated |
| 86 | transmition -> transmission | 86 | transmition -> transmission |
| 87 | - markus@cvs.openbsd.org 2002/06/04 19:42:35 | ||
| 88 | [monitor.c] | ||
| 89 | only allow enabled authentication methods; ok provos@ | ||
| 87 | 90 | ||
| 88 | 20020604 | 91 | 20020604 |
| 89 | - (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed | 92 | - (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed |
| @@ -768,4 +771,4 @@ | |||
| 768 | - (stevesk) entropy.c: typo in debug message | 771 | - (stevesk) entropy.c: typo in debug message |
| 769 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ | 772 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ |
| 770 | 773 | ||
| 771 | $Id: ChangeLog,v 1.2166 2002/06/06 20:56:07 mouring Exp $ | 774 | $Id: ChangeLog,v 1.2167 2002/06/06 20:57:17 mouring Exp $ |
| @@ -25,7 +25,7 @@ | |||
| 25 | */ | 25 | */ |
| 26 | 26 | ||
| 27 | #include "includes.h" | 27 | #include "includes.h" |
| 28 | RCSID("$OpenBSD: monitor.c,v 1.11 2002/05/15 15:47:49 mouring Exp $"); | 28 | RCSID("$OpenBSD: monitor.c,v 1.12 2002/06/04 19:42:35 markus Exp $"); |
| 29 | 29 | ||
| 30 | #include <openssl/dh.h> | 30 | #include <openssl/dh.h> |
| 31 | 31 | ||
| @@ -581,7 +581,8 @@ mm_answer_authpassword(int socket, Buffer *m) | |||
| 581 | 581 | ||
| 582 | passwd = buffer_get_string(m, &plen); | 582 | passwd = buffer_get_string(m, &plen); |
| 583 | /* Only authenticate if the context is valid */ | 583 | /* Only authenticate if the context is valid */ |
| 584 | authenticated = authctxt->valid && auth_password(authctxt, passwd); | 584 | authenticated = options.password_authentication && |
| 585 | authctxt->valid && auth_password(authctxt, passwd); | ||
| 585 | memset(passwd, 0, strlen(passwd)); | 586 | memset(passwd, 0, strlen(passwd)); |
| 586 | xfree(passwd); | 587 | xfree(passwd); |
| 587 | 588 | ||
| @@ -642,7 +643,8 @@ mm_answer_bsdauthrespond(int socket, Buffer *m) | |||
| 642 | fatal("%s: no bsd auth session", __FUNCTION__); | 643 | fatal("%s: no bsd auth session", __FUNCTION__); |
| 643 | 644 | ||
| 644 | response = buffer_get_string(m, NULL); | 645 | response = buffer_get_string(m, NULL); |
| 645 | authok = auth_userresponse(authctxt->as, response, 0); | 646 | authok = options.challenge_response_authentication && |
| 647 | auth_userresponse(authctxt->as, response, 0); | ||
| 646 | authctxt->as = NULL; | 648 | authctxt->as = NULL; |
| 647 | debug3("%s: <%s> = <%d>", __FUNCTION__, response, authok); | 649 | debug3("%s: <%s> = <%d>", __FUNCTION__, response, authok); |
| 648 | xfree(response); | 650 | xfree(response); |
| @@ -688,7 +690,8 @@ mm_answer_skeyrespond(int socket, Buffer *m) | |||
| 688 | 690 | ||
| 689 | response = buffer_get_string(m, NULL); | 691 | response = buffer_get_string(m, NULL); |
| 690 | 692 | ||
| 691 | authok = (authctxt->valid && | 693 | authok = (options.challenge_response_authentication && |
| 694 | authctxt->valid && | ||
| 692 | skey_haskey(authctxt->pw->pw_name) == 0 && | 695 | skey_haskey(authctxt->pw->pw_name) == 0 && |
| 693 | skey_passcheck(authctxt->pw->pw_name, response) != -1); | 696 | skey_passcheck(authctxt->pw->pw_name, response) != -1); |
| 694 | 697 | ||
| @@ -760,15 +763,18 @@ mm_answer_keyallowed(int socket, Buffer *m) | |||
| 760 | if (key != NULL && authctxt->pw != NULL) { | 763 | if (key != NULL && authctxt->pw != NULL) { |
| 761 | switch(type) { | 764 | switch(type) { |
| 762 | case MM_USERKEY: | 765 | case MM_USERKEY: |
| 763 | allowed = user_key_allowed(authctxt->pw, key); | 766 | allowed = options.pubkey_authentication && |
| 767 | user_key_allowed(authctxt->pw, key); | ||
| 764 | break; | 768 | break; |
| 765 | case MM_HOSTKEY: | 769 | case MM_HOSTKEY: |
| 766 | allowed = hostbased_key_allowed(authctxt->pw, | 770 | allowed = options.hostbased_authentication && |
| 771 | hostbased_key_allowed(authctxt->pw, | ||
| 767 | cuser, chost, key); | 772 | cuser, chost, key); |
| 768 | break; | 773 | break; |
| 769 | case MM_RSAHOSTKEY: | 774 | case MM_RSAHOSTKEY: |
| 770 | key->type = KEY_RSA1; /* XXX */ | 775 | key->type = KEY_RSA1; /* XXX */ |
| 771 | allowed = auth_rhosts_rsa_key_allowed(authctxt->pw, | 776 | allowed = options.rhosts_rsa_authentication && |
| 777 | auth_rhosts_rsa_key_allowed(authctxt->pw, | ||
| 772 | cuser, chost, key); | 778 | cuser, chost, key); |
| 773 | break; | 779 | break; |
| 774 | default: | 780 | default: |
| @@ -958,7 +964,7 @@ mm_answer_keyverify(int socket, Buffer *m) | |||
| 958 | buffer_put_int(m, verified); | 964 | buffer_put_int(m, verified); |
| 959 | mm_request_send(socket, MONITOR_ANS_KEYVERIFY, m); | 965 | mm_request_send(socket, MONITOR_ANS_KEYVERIFY, m); |
| 960 | 966 | ||
| 961 | auth_method = "publickey"; | 967 | auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased"; |
| 962 | 968 | ||
| 963 | return (verified); | 969 | return (verified); |
| 964 | } | 970 | } |
| @@ -1137,7 +1143,7 @@ mm_answer_rsa_keyallowed(int socket, Buffer *m) | |||
| 1137 | 1143 | ||
| 1138 | debug3("%s entering", __FUNCTION__); | 1144 | debug3("%s entering", __FUNCTION__); |
| 1139 | 1145 | ||
| 1140 | if (authctxt->valid) { | 1146 | if (options.rsa_authentication && authctxt->valid) { |
| 1141 | if ((client_n = BN_new()) == NULL) | 1147 | if ((client_n = BN_new()) == NULL) |
| 1142 | fatal("%s: BN_new", __FUNCTION__); | 1148 | fatal("%s: BN_new", __FUNCTION__); |
| 1143 | buffer_get_bignum2(m, client_n); | 1149 | buffer_get_bignum2(m, client_n); |