summaryrefslogtreecommitdiff
path: root/auth1.c
diff options
context:
space:
mode:
Diffstat (limited to 'auth1.c')
-rw-r--r--auth1.c45
1 files changed, 6 insertions, 39 deletions
diff --git a/auth1.c b/auth1.c
index 6cb0b04b2..877e2e62d 100644
--- a/auth1.c
+++ b/auth1.c
@@ -10,7 +10,7 @@
10 */ 10 */
11 11
12#include "includes.h" 12#include "includes.h"
13RCSID("$OpenBSD: auth1.c,v 1.48 2003/04/08 20:21:28 itojun Exp $"); 13RCSID("$OpenBSD: auth1.c,v 1.49 2003/07/22 13:35:22 markus Exp $");
14 14
15#include "xmalloc.h" 15#include "xmalloc.h"
16#include "rsa.h" 16#include "rsa.h"
@@ -49,7 +49,7 @@ get_authname(int type)
49 case SSH_CMSG_AUTH_TIS: 49 case SSH_CMSG_AUTH_TIS:
50 case SSH_CMSG_AUTH_TIS_RESPONSE: 50 case SSH_CMSG_AUTH_TIS_RESPONSE:
51 return "challenge-response"; 51 return "challenge-response";
52#if defined(KRB4) || defined(KRB5) 52#ifdef KRB5
53 case SSH_CMSG_AUTH_KERBEROS: 53 case SSH_CMSG_AUTH_KERBEROS:
54 return "kerberos"; 54 return "kerberos";
55#endif 55#endif
@@ -81,7 +81,7 @@ do_authloop(Authctxt *authctxt)
81 81
82 /* If the user has no password, accept authentication immediately. */ 82 /* If the user has no password, accept authentication immediately. */
83 if (options.password_authentication && 83 if (options.password_authentication &&
84#if defined(KRB4) || defined(KRB5) 84#ifdef KRB5
85 (!options.kerberos_authentication || options.kerberos_or_local_passwd) && 85 (!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
86#endif 86#endif
87 PRIVSEP(auth_password(authctxt, ""))) { 87 PRIVSEP(auth_password(authctxt, ""))) {
@@ -120,7 +120,7 @@ do_authloop(Authctxt *authctxt)
120 /* Process the packet. */ 120 /* Process the packet. */
121 switch (type) { 121 switch (type) {
122 122
123#if defined(KRB4) || defined(KRB5) 123#ifdef KRB5
124 case SSH_CMSG_AUTH_KERBEROS: 124 case SSH_CMSG_AUTH_KERBEROS:
125 if (!options.kerberos_authentication) { 125 if (!options.kerberos_authentication) {
126 verbose("Kerberos authentication disabled."); 126 verbose("Kerberos authentication disabled.");
@@ -128,30 +128,7 @@ do_authloop(Authctxt *authctxt)
128 char *kdata = packet_get_string(&dlen); 128 char *kdata = packet_get_string(&dlen);
129 packet_check_eom(); 129 packet_check_eom();
130 130
131 if (kdata[0] == 4) { /* KRB_PROT_VERSION */ 131 if (kdata[0] != 4) { /* KRB_PROT_VERSION */
132#ifdef KRB4
133 KTEXT_ST tkt, reply;
134 tkt.length = dlen;
135 if (tkt.length < MAX_KTXT_LEN)
136 memcpy(tkt.dat, kdata, tkt.length);
137
138 if (PRIVSEP(auth_krb4(authctxt, &tkt,
139 &client_user, &reply))) {
140 authenticated = 1;
141 snprintf(info, sizeof(info),
142 " tktuser %.100s",
143 client_user);
144
145 packet_start(
146 SSH_SMSG_AUTH_KERBEROS_RESPONSE);
147 packet_put_string((char *)
148 reply.dat, reply.length);
149 packet_send();
150 packet_write_wait();
151 }
152#endif /* KRB4 */
153 } else {
154#ifdef KRB5
155 krb5_data tkt, reply; 132 krb5_data tkt, reply;
156 tkt.length = dlen; 133 tkt.length = dlen;
157 tkt.data = kdata; 134 tkt.data = kdata;
@@ -174,24 +151,14 @@ do_authloop(Authctxt *authctxt)
174 if (reply.length) 151 if (reply.length)
175 xfree(reply.data); 152 xfree(reply.data);
176 } 153 }
177#endif /* KRB5 */
178 } 154 }
179 xfree(kdata); 155 xfree(kdata);
180 } 156 }
181 break; 157 break;
182#endif /* KRB4 || KRB5 */
183
184#if defined(AFS) || defined(KRB5)
185 /* XXX - punt on backward compatibility here. */
186 case SSH_CMSG_HAVE_KERBEROS_TGT: 158 case SSH_CMSG_HAVE_KERBEROS_TGT:
187 packet_send_debug("Kerberos TGT passing disabled before authentication."); 159 packet_send_debug("Kerberos TGT passing disabled before authentication.");
188 break; 160 break;
189#ifdef AFS 161#endif
190 case SSH_CMSG_HAVE_AFS_TOKEN:
191 packet_send_debug("AFS token passing disabled before authentication.");
192 break;
193#endif /* AFS */
194#endif /* AFS || KRB5 */
195 162
196 case SSH_CMSG_AUTH_RHOSTS: 163 case SSH_CMSG_AUTH_RHOSTS:
197 if (!options.rhosts_authentication) { 164 if (!options.rhosts_authentication) {
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-27 02:25:54 +0000