summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog5
-rw-r--r--monitor.c24
2 files changed, 19 insertions, 10 deletions
diff --git a/ChangeLog b/ChangeLog
index a9085d7e4..6836a24cf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -84,6 +84,9 @@
84 decriptor -> descriptor 84 decriptor -> descriptor
85 authentciated -> authenticated 85 authentciated -> authenticated
86 transmition -> transmission 86 transmition -> transmission
87 - markus@cvs.openbsd.org 2002/06/04 19:42:35
88 [monitor.c]
89 only allow enabled authentication methods; ok provos@
87 90
8820020604 9120020604
89 - (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed 92 - (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed
@@ -768,4 +771,4 @@
768 - (stevesk) entropy.c: typo in debug message 771 - (stevesk) entropy.c: typo in debug message
769 - (djm) ssh-keygen -i needs seeded RNG; report from markus@ 772 - (djm) ssh-keygen -i needs seeded RNG; report from markus@
770 773
771$Id: ChangeLog,v 1.2166 2002/06/06 20:56:07 mouring Exp $ 774$Id: ChangeLog,v 1.2167 2002/06/06 20:57:17 mouring Exp $
diff --git a/monitor.c b/monitor.c
index 1e23d913a..6fe0afd7e 100644
--- a/monitor.c
+++ b/monitor.c
@@ -25,7 +25,7 @@
25 */ 25 */
26 26
27#include "includes.h" 27#include "includes.h"
28RCSID("$OpenBSD: monitor.c,v 1.11 2002/05/15 15:47:49 mouring Exp $"); 28RCSID("$OpenBSD: monitor.c,v 1.12 2002/06/04 19:42:35 markus Exp $");
29 29
30#include <openssl/dh.h> 30#include <openssl/dh.h>
31 31
@@ -581,7 +581,8 @@ mm_answer_authpassword(int socket, Buffer *m)
581 581
582 passwd = buffer_get_string(m, &plen); 582 passwd = buffer_get_string(m, &plen);
583 /* Only authenticate if the context is valid */ 583 /* Only authenticate if the context is valid */
584 authenticated = authctxt->valid && auth_password(authctxt, passwd); 584 authenticated = options.password_authentication &&
585 authctxt->valid && auth_password(authctxt, passwd);
585 memset(passwd, 0, strlen(passwd)); 586 memset(passwd, 0, strlen(passwd));
586 xfree(passwd); 587 xfree(passwd);
587 588
@@ -642,7 +643,8 @@ mm_answer_bsdauthrespond(int socket, Buffer *m)
642 fatal("%s: no bsd auth session", __FUNCTION__); 643 fatal("%s: no bsd auth session", __FUNCTION__);
643 644
644 response = buffer_get_string(m, NULL); 645 response = buffer_get_string(m, NULL);
645 authok = auth_userresponse(authctxt->as, response, 0); 646 authok = options.challenge_response_authentication &&
647 auth_userresponse(authctxt->as, response, 0);
646 authctxt->as = NULL; 648 authctxt->as = NULL;
647 debug3("%s: <%s> = <%d>", __FUNCTION__, response, authok); 649 debug3("%s: <%s> = <%d>", __FUNCTION__, response, authok);
648 xfree(response); 650 xfree(response);
@@ -688,7 +690,8 @@ mm_answer_skeyrespond(int socket, Buffer *m)
688 690
689 response = buffer_get_string(m, NULL); 691 response = buffer_get_string(m, NULL);
690 692
691 authok = (authctxt->valid && 693 authok = (options.challenge_response_authentication &&
694 authctxt->valid &&
692 skey_haskey(authctxt->pw->pw_name) == 0 && 695 skey_haskey(authctxt->pw->pw_name) == 0 &&
693 skey_passcheck(authctxt->pw->pw_name, response) != -1); 696 skey_passcheck(authctxt->pw->pw_name, response) != -1);
694 697
@@ -760,15 +763,18 @@ mm_answer_keyallowed(int socket, Buffer *m)
760 if (key != NULL && authctxt->pw != NULL) { 763 if (key != NULL && authctxt->pw != NULL) {
761 switch(type) { 764 switch(type) {
762 case MM_USERKEY: 765 case MM_USERKEY:
763 allowed = user_key_allowed(authctxt->pw, key); 766 allowed = options.pubkey_authentication &&
767 user_key_allowed(authctxt->pw, key);
764 break; 768 break;
765 case MM_HOSTKEY: 769 case MM_HOSTKEY:
766 allowed = hostbased_key_allowed(authctxt->pw, 770 allowed = options.hostbased_authentication &&
771 hostbased_key_allowed(authctxt->pw,
767 cuser, chost, key); 772 cuser, chost, key);
768 break; 773 break;
769 case MM_RSAHOSTKEY: 774 case MM_RSAHOSTKEY:
770 key->type = KEY_RSA1; /* XXX */ 775 key->type = KEY_RSA1; /* XXX */
771 allowed = auth_rhosts_rsa_key_allowed(authctxt->pw, 776 allowed = options.rhosts_rsa_authentication &&
777 auth_rhosts_rsa_key_allowed(authctxt->pw,
772 cuser, chost, key); 778 cuser, chost, key);
773 break; 779 break;
774 default: 780 default:
@@ -958,7 +964,7 @@ mm_answer_keyverify(int socket, Buffer *m)
958 buffer_put_int(m, verified); 964 buffer_put_int(m, verified);
959 mm_request_send(socket, MONITOR_ANS_KEYVERIFY, m); 965 mm_request_send(socket, MONITOR_ANS_KEYVERIFY, m);
960 966
961 auth_method = "publickey"; 967 auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased";
962 968
963 return (verified); 969 return (verified);
964} 970}
@@ -1137,7 +1143,7 @@ mm_answer_rsa_keyallowed(int socket, Buffer *m)
1137 1143
1138 debug3("%s entering", __FUNCTION__); 1144 debug3("%s entering", __FUNCTION__);
1139 1145
1140 if (authctxt->valid) { 1146 if (options.rsa_authentication && authctxt->valid) {
1141 if ((client_n = BN_new()) == NULL) 1147 if ((client_n = BN_new()) == NULL)
1142 fatal("%s: BN_new", __FUNCTION__); 1148 fatal("%s: BN_new", __FUNCTION__);
1143 buffer_get_bignum2(m, client_n); 1149 buffer_get_bignum2(m, client_n);