diff options
Diffstat (limited to 'auth1.c')
-rw-r--r-- | auth1.c | 45 |
1 files changed, 6 insertions, 39 deletions
@@ -10,7 +10,7 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include "includes.h" | 12 | #include "includes.h" |
13 | RCSID("$OpenBSD: auth1.c,v 1.48 2003/04/08 20:21:28 itojun Exp $"); | 13 | RCSID("$OpenBSD: auth1.c,v 1.49 2003/07/22 13:35:22 markus Exp $"); |
14 | 14 | ||
15 | #include "xmalloc.h" | 15 | #include "xmalloc.h" |
16 | #include "rsa.h" | 16 | #include "rsa.h" |
@@ -49,7 +49,7 @@ get_authname(int type) | |||
49 | case SSH_CMSG_AUTH_TIS: | 49 | case SSH_CMSG_AUTH_TIS: |
50 | case SSH_CMSG_AUTH_TIS_RESPONSE: | 50 | case SSH_CMSG_AUTH_TIS_RESPONSE: |
51 | return "challenge-response"; | 51 | return "challenge-response"; |
52 | #if defined(KRB4) || defined(KRB5) | 52 | #ifdef KRB5 |
53 | case SSH_CMSG_AUTH_KERBEROS: | 53 | case SSH_CMSG_AUTH_KERBEROS: |
54 | return "kerberos"; | 54 | return "kerberos"; |
55 | #endif | 55 | #endif |
@@ -81,7 +81,7 @@ do_authloop(Authctxt *authctxt) | |||
81 | 81 | ||
82 | /* If the user has no password, accept authentication immediately. */ | 82 | /* If the user has no password, accept authentication immediately. */ |
83 | if (options.password_authentication && | 83 | if (options.password_authentication && |
84 | #if defined(KRB4) || defined(KRB5) | 84 | #ifdef KRB5 |
85 | (!options.kerberos_authentication || options.kerberos_or_local_passwd) && | 85 | (!options.kerberos_authentication || options.kerberos_or_local_passwd) && |
86 | #endif | 86 | #endif |
87 | PRIVSEP(auth_password(authctxt, ""))) { | 87 | PRIVSEP(auth_password(authctxt, ""))) { |
@@ -120,7 +120,7 @@ do_authloop(Authctxt *authctxt) | |||
120 | /* Process the packet. */ | 120 | /* Process the packet. */ |
121 | switch (type) { | 121 | switch (type) { |
122 | 122 | ||
123 | #if defined(KRB4) || defined(KRB5) | 123 | #ifdef KRB5 |
124 | case SSH_CMSG_AUTH_KERBEROS: | 124 | case SSH_CMSG_AUTH_KERBEROS: |
125 | if (!options.kerberos_authentication) { | 125 | if (!options.kerberos_authentication) { |
126 | verbose("Kerberos authentication disabled."); | 126 | verbose("Kerberos authentication disabled."); |
@@ -128,30 +128,7 @@ do_authloop(Authctxt *authctxt) | |||
128 | char *kdata = packet_get_string(&dlen); | 128 | char *kdata = packet_get_string(&dlen); |
129 | packet_check_eom(); | 129 | packet_check_eom(); |
130 | 130 | ||
131 | if (kdata[0] == 4) { /* KRB_PROT_VERSION */ | 131 | if (kdata[0] != 4) { /* KRB_PROT_VERSION */ |
132 | #ifdef KRB4 | ||
133 | KTEXT_ST tkt, reply; | ||
134 | tkt.length = dlen; | ||
135 | if (tkt.length < MAX_KTXT_LEN) | ||
136 | memcpy(tkt.dat, kdata, tkt.length); | ||
137 | |||
138 | if (PRIVSEP(auth_krb4(authctxt, &tkt, | ||
139 | &client_user, &reply))) { | ||
140 | authenticated = 1; | ||
141 | snprintf(info, sizeof(info), | ||
142 | " tktuser %.100s", | ||
143 | client_user); | ||
144 | |||
145 | packet_start( | ||
146 | SSH_SMSG_AUTH_KERBEROS_RESPONSE); | ||
147 | packet_put_string((char *) | ||
148 | reply.dat, reply.length); | ||
149 | packet_send(); | ||
150 | packet_write_wait(); | ||
151 | } | ||
152 | #endif /* KRB4 */ | ||
153 | } else { | ||
154 | #ifdef KRB5 | ||
155 | krb5_data tkt, reply; | 132 | krb5_data tkt, reply; |
156 | tkt.length = dlen; | 133 | tkt.length = dlen; |
157 | tkt.data = kdata; | 134 | tkt.data = kdata; |
@@ -174,24 +151,14 @@ do_authloop(Authctxt *authctxt) | |||
174 | if (reply.length) | 151 | if (reply.length) |
175 | xfree(reply.data); | 152 | xfree(reply.data); |
176 | } | 153 | } |
177 | #endif /* KRB5 */ | ||
178 | } | 154 | } |
179 | xfree(kdata); | 155 | xfree(kdata); |
180 | } | 156 | } |
181 | break; | 157 | break; |
182 | #endif /* KRB4 || KRB5 */ | ||
183 | |||
184 | #if defined(AFS) || defined(KRB5) | ||
185 | /* XXX - punt on backward compatibility here. */ | ||
186 | case SSH_CMSG_HAVE_KERBEROS_TGT: | 158 | case SSH_CMSG_HAVE_KERBEROS_TGT: |
187 | packet_send_debug("Kerberos TGT passing disabled before authentication."); | 159 | packet_send_debug("Kerberos TGT passing disabled before authentication."); |
188 | break; | 160 | break; |
189 | #ifdef AFS | 161 | #endif |
190 | case SSH_CMSG_HAVE_AFS_TOKEN: | ||
191 | packet_send_debug("AFS token passing disabled before authentication."); | ||
192 | break; | ||
193 | #endif /* AFS */ | ||
194 | #endif /* AFS || KRB5 */ | ||
195 | 162 | ||
196 | case SSH_CMSG_AUTH_RHOSTS: | 163 | case SSH_CMSG_AUTH_RHOSTS: |
197 | if (!options.rhosts_authentication) { | 164 | if (!options.rhosts_authentication) { |