diff options
-rw-r--r-- | ChangeLog | 12 | ||||
-rw-r--r-- | auth-bsdauth.c | 102 | ||||
-rw-r--r-- | auth-krb4.c | 74 | ||||
-rw-r--r-- | auth-rhosts.c | 22 | ||||
-rw-r--r-- | auth-skey.c | 8 | ||||
-rw-r--r-- | auth.c | 8 | ||||
-rw-r--r-- | auth.h | 6 | ||||
-rw-r--r-- | auth1.c | 20 | ||||
-rw-r--r-- | auth2-chall.c | 4 | ||||
-rw-r--r-- | auth2.c | 4 | ||||
-rw-r--r-- | authfile.c | 8 | ||||
-rw-r--r-- | bufaux.c | 8 | ||||
-rw-r--r-- | canohost.c | 10 | ||||
-rw-r--r-- | channels.c | 20 | ||||
-rw-r--r-- | cipher.c | 12 | ||||
-rw-r--r-- | clientloop.c | 16 | ||||
-rw-r--r-- | compat.c | 18 | ||||
-rw-r--r-- | compress.c | 14 | ||||
-rw-r--r-- | deattack.c | 6 | ||||
-rw-r--r-- | key.c | 8 | ||||
-rw-r--r-- | log.c | 4 | ||||
-rw-r--r-- | mac.c | 4 | ||||
-rw-r--r-- | match.c | 12 | ||||
-rw-r--r-- | misc.c | 6 | ||||
-rw-r--r-- | nchan.c | 10 | ||||
-rw-r--r-- | packet.c | 8 | ||||
-rw-r--r-- | readconf.c | 32 | ||||
-rw-r--r-- | rijndael.c | 351 | ||||
-rw-r--r-- | rijndael.h | 6 | ||||
-rw-r--r-- | scard.c | 16 | ||||
-rw-r--r-- | servconf.c | 20 | ||||
-rw-r--r-- | servconf.h | 8 | ||||
-rw-r--r-- | serverloop.c | 12 | ||||
-rw-r--r-- | session.c | 46 | ||||
-rw-r--r-- | sftp-client.c | 17 | ||||
-rw-r--r-- | sftp-glob.c | 22 | ||||
-rw-r--r-- | sftp-int.c | 20 | ||||
-rw-r--r-- | sftp-server.c | 10 | ||||
-rw-r--r-- | sftp.c | 6 | ||||
-rw-r--r-- | ssh-add.c | 18 | ||||
-rw-r--r-- | ssh-agent.c | 10 | ||||
-rw-r--r-- | ssh-keygen.c | 6 | ||||
-rw-r--r-- | ssh.c | 8 | ||||
-rw-r--r-- | sshconnect.c | 16 | ||||
-rw-r--r-- | sshconnect1.c | 200 | ||||
-rw-r--r-- | sshconnect2.c | 8 | ||||
-rw-r--r-- | sshd.8 | 4 | ||||
-rw-r--r-- | sshd.c | 20 | ||||
-rw-r--r-- | sshd_config | 4 | ||||
-rw-r--r-- | sshlogin.c | 4 | ||||
-rw-r--r-- | sshpty.c | 22 | ||||
-rw-r--r-- | sshtty.c | 4 | ||||
-rw-r--r-- | ttymodes.c | 4 | ||||
-rw-r--r-- | uidswap.c | 6 |
54 files changed, 666 insertions, 658 deletions
@@ -28,6 +28,16 @@ [auth-rsa.c] log fingerprint on successful public key authentication, simplify usage of key structs; ok markus@ + - deraadt@cvs.openbsd.org 2001/12/19 07:18:56 + [auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h] + [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c] + [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c] + [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c] + [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c] + [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c] + [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config] + [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c] + basic KNF done while i was looking for something else 20011219 - (stevesk) OpenBSD CVS sync X11 localhost display @@ -7056,4 +7066,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1700 2001/12/21 01:52:39 djm Exp $ +$Id: ChangeLog,v 1.1701 2001/12/21 03:45:46 djm Exp $ diff --git a/auth-bsdauth.c b/auth-bsdauth.c index 3732477d..b70d48f2 100644 --- a/auth-bsdauth.c +++ b/auth-bsdauth.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: auth-bsdauth.c,v 1.1 2001/05/18 14:13:28 markus Exp $"); +RCSID("$OpenBSD: auth-bsdauth.c,v 1.2 2001/12/19 07:18:56 deraadt Exp $"); #ifdef BSD_AUTH #include "xmalloc.h" @@ -36,74 +36,74 @@ bsdauth_init_ctx(Authctxt *authctxt) } static int -bsdauth_query(void *ctx, char **name, char **infotxt, +bsdauth_query(void *ctx, char **name, char **infotxt, u_int *numprompts, char ***prompts, u_int **echo_on) { - Authctxt *authctxt = ctx; - char *challenge = NULL; - - if (authctxt->as != NULL) { - debug2("bsdauth_query: try reuse session"); - challenge = auth_getitem(authctxt->as, AUTHV_CHALLENGE); - if (challenge == NULL) { - auth_close(authctxt->as); - authctxt->as = NULL; - } - } - - if (challenge == NULL) { - debug2("bsdauth_query: new bsd auth session"); - debug3("bsdauth_query: style %s", + Authctxt *authctxt = ctx; + char *challenge = NULL; + + if (authctxt->as != NULL) { + debug2("bsdauth_query: try reuse session"); + challenge = auth_getitem(authctxt->as, AUTHV_CHALLENGE); + if (challenge == NULL) { + auth_close(authctxt->as); + authctxt->as = NULL; + } + } + + if (challenge == NULL) { + debug2("bsdauth_query: new bsd auth session"); + debug3("bsdauth_query: style %s", authctxt->style ? authctxt->style : "<default>"); - authctxt->as = auth_userchallenge(authctxt->user, + authctxt->as = auth_userchallenge(authctxt->user, authctxt->style, "auth-ssh", &challenge); - if (authctxt->as == NULL) - challenge = NULL; - debug2("bsdauth_query: <%s>", challenge ? challenge : "empty"); - } - - if (challenge == NULL) - return -1; - - *name = xstrdup(""); - *infotxt = xstrdup(""); - *numprompts = 1; - *prompts = xmalloc(*numprompts * sizeof(char*)); - *echo_on = xmalloc(*numprompts * sizeof(u_int)); - (*echo_on)[0] = 0; - (*prompts)[0] = xstrdup(challenge); - - return 0; + if (authctxt->as == NULL) + challenge = NULL; + debug2("bsdauth_query: <%s>", challenge ? challenge : "empty"); + } + + if (challenge == NULL) + return -1; + + *name = xstrdup(""); + *infotxt = xstrdup(""); + *numprompts = 1; + *prompts = xmalloc(*numprompts * sizeof(char*)); + *echo_on = xmalloc(*numprompts * sizeof(u_int)); + (*echo_on)[0] = 0; + (*prompts)[0] = xstrdup(challenge); + + return 0; } static int bsdauth_respond(void *ctx, u_int numresponses, char **responses) { - Authctxt *authctxt = ctx; - int authok; - - if (authctxt->as == 0) - error("bsdauth_respond: no bsd auth session"); + Authctxt *authctxt = ctx; + int authok; + + if (authctxt->as == 0) + error("bsdauth_respond: no bsd auth session"); - if (numresponses != 1) - return -1; + if (numresponses != 1) + return -1; - authok = auth_userresponse(authctxt->as, responses[0], 0); - authctxt->as = NULL; - debug3("bsdauth_respond: <%s> = <%d>", responses[0], authok); + authok = auth_userresponse(authctxt->as, responses[0], 0); + authctxt->as = NULL; + debug3("bsdauth_respond: <%s> = <%d>", responses[0], authok); - return (authok == 0) ? -1 : 0; + return (authok == 0) ? -1 : 0; } static void bsdauth_free_ctx(void *ctx) { - Authctxt *authctxt = ctx; + Authctxt *authctxt = ctx; - if (authctxt && authctxt->as) { - auth_close(authctxt->as); - authctxt->as = NULL; - } + if (authctxt && authctxt->as) { + auth_close(authctxt->as); + authctxt->as = NULL; + } } KbdintDevice bsdauth_device = { diff --git a/auth-krb4.c b/auth-krb4.c index 031dcd30..f7a144f9 100644 --- a/auth-krb4.c +++ b/auth-krb4.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-krb4.c,v 1.24 2001/06/26 16:15:22 dugsong Exp $"); +RCSID("$OpenBSD: auth-krb4.c,v 1.25 2001/12/19 07:18:56 deraadt Exp $"); #include "ssh.h" #include "ssh1.h" @@ -49,7 +49,7 @@ krb4_init(void *context) const char *tkt_root = TKT_ROOT; struct stat st; int fd; - + if (!authctxt->krb4_ticket_file) { /* Set unique ticket string manually since we're still root. */ authctxt->krb4_ticket_file = xmalloc(MAXPATHLEN); @@ -79,13 +79,13 @@ krb4_init(void *context) } /* Failure - cancel cleanup function, leaving ticket for inspection. */ log("WARNING: bad ticket file %s", authctxt->krb4_ticket_file); - + fatal_remove_cleanup(krb4_cleanup_proc, authctxt); cleanup_registered = 0; - + xfree(authctxt->krb4_ticket_file); authctxt->krb4_ticket_file = NULL; - + return (0); } @@ -103,10 +103,10 @@ auth_krb4_password(Authctxt *authctxt, const char *password) char localhost[MAXHOSTNAMELEN], phost[INST_SZ], realm[REALM_SZ]; u_int32_t faddr; int r; - + if ((pw = authctxt->pw) == NULL) return (0); - + /* * Try Kerberos password authentication only for non-root * users and only if Kerberos is installed. @@ -128,7 +128,7 @@ auth_krb4_password(Authctxt *authctxt, const char *password) } /* Successful authentication. */ chown(tkt_string(), pw->pw_uid, pw->pw_gid); - + /* * Now that we have a TGT, try to get a local * "rcmd" ticket to ensure that we are not talking @@ -138,7 +138,7 @@ auth_krb4_password(Authctxt *authctxt, const char *password) strlcpy(phost, (char *)krb_get_phost(localhost), sizeof(phost)); r = krb_mk_req(&tkt, KRB4_SERVICE_NAME, phost, realm, 33); - + if (r == KSUCCESS) { if ((hp = gethostbyname(localhost)) == NULL) { log("Couldn't get local host address!"); @@ -146,7 +146,7 @@ auth_krb4_password(Authctxt *authctxt, const char *password) } memmove((void *)&faddr, (void *)hp->h_addr, sizeof(faddr)); - + /* Verify our "rcmd" ticket. */ r = krb_rd_req(&tkt, KRB4_SERVICE_NAME, phost, faddr, &adata, ""); @@ -186,13 +186,13 @@ auth_krb4_password(Authctxt *authctxt, const char *password) } else /* Logging in as root or no local Kerberos realm. */ debug("Unable to authenticate to Kerberos."); - + failure: krb4_cleanup_proc(authctxt); - + if (!options.kerberos_or_local_passwd) return (0); - + /* Fall back to ordinary passwd authentication. */ return (-1); } @@ -220,9 +220,9 @@ auth_krb4(Authctxt *authctxt, KTEXT auth, char **client) socklen_t slen; u_int cksum; int r, s; - + s = packet_get_connection_in(); - + slen = sizeof(local); memset(&local, 0, sizeof(local)); if (getsockname(s, (struct sockaddr *) & local, &slen) < 0) @@ -235,7 +235,7 @@ auth_krb4(Authctxt *authctxt, KTEXT auth, char **client) } instance[0] = '*'; instance[1] = 0; - + /* Get the encrypted request, challenge, and session key. */ if ((r = krb_rd_req(auth, KRB4_SERVICE_NAME, instance, 0, &adat, ""))) { @@ -243,11 +243,11 @@ auth_krb4(Authctxt *authctxt, KTEXT auth, char **client) return (0); } des_key_sched((des_cblock *) adat.session, schedule); - + *client = xmalloc(MAX_K_NAME_SZ); (void) snprintf(*client, MAX_K_NAME_SZ, "%s%s%s@%s", adat.pname, *adat.pinst ? "." : "", adat.pinst, adat.prealm); - + /* Check ~/.klogin authorization now. */ if (kuserok(&adat, authctxt->user) != KSUCCESS) { log("Kerberos v4 .klogin authorization failed for %s to " @@ -259,7 +259,7 @@ auth_krb4(Authctxt *authctxt, KTEXT auth, char **client) session key. */ cksum = adat.checksum + 1; cksum = htonl(cksum); - + /* If we can't successfully encrypt the checksum, we send back an empty message, admitting our failure. */ if ((r = krb_mk_priv((u_char *) & cksum, reply.dat, sizeof(cksum) + 1, @@ -269,10 +269,10 @@ auth_krb4(Authctxt *authctxt, KTEXT auth, char **client) reply.length = 0; } else reply.length = r; - + /* Clear session key. */ memset(&adat.session, 0, sizeof(&adat.session)); - + packet_start(SSH_SMSG_AUTH_KERBEROS_RESPONSE); packet_put_string((char *) reply.dat, reply.length); packet_send(); @@ -287,19 +287,19 @@ auth_krb4_tgt(Authctxt *authctxt, const char *string) { CREDENTIALS creds; struct passwd *pw; - + if ((pw = authctxt->pw) == NULL) goto failure; - + temporarily_use_uid(pw); - + if (!radix_to_creds(string, &creds)) { log("Protocol error decoding Kerberos v4 TGT"); goto failure; } if (strncmp(creds.service, "", 1) == 0) /* backward compatibility */ strlcpy(creds.service, "krbtgt", sizeof creds.service); - + if (strcmp(creds.service, "krbtgt")) { log("Kerberos v4 TGT (%s%s%s@%s) rejected for %s", creds.pname, creds.pinst[0] ? "." : "", creds.pinst, @@ -308,10 +308,10 @@ auth_krb4_tgt(Authctxt *authctxt, const char *string) } if (!krb4_init(authctxt)) goto failure; - + if (in_tkt(creds.pname, creds.pinst) != KSUCCESS) goto failure; - + if (save_credentials(creds.service, creds.instance, creds.realm, creds.session, creds.lifetime, creds.kvno, &creds.ticket_st, creds.issue_date) != KSUCCESS) { @@ -320,20 +320,20 @@ auth_krb4_tgt(Authctxt *authctxt, const char *string) } /* Successful authentication, passed all checks. */ chown(tkt_string(), pw->pw_uid, pw->pw_gid); - + debug("Kerberos v4 TGT accepted (%s%s%s@%s)", creds.pname, creds.pinst[0] ? "." : "", creds.pinst, creds.realm); memset(&creds, 0, sizeof(creds)); - + restore_uid(); - + return (1); - + failure: krb4_cleanup_proc(authctxt); memset(&creds, 0, sizeof(creds)); restore_uid(); - + return (0); } @@ -343,22 +343,22 @@ auth_afs_token(Authctxt *authctxt, const char *token_string) CREDENTIALS creds; struct passwd *pw; uid_t uid; - + if ((pw = authctxt->pw) == NULL) return (0); - + if (!radix_to_creds(token_string, &creds)) { log("Protocol error decoding AFS token"); return (0); } if (strncmp(creds.service, "", 1) == 0) /* backward compatibility */ strlcpy(creds.service, "afs", sizeof creds.service); - + if (strncmp(creds.pname, "AFS ID ", 7) == 0) uid = atoi(creds.pname + 7); else uid = pw->pw_uid; - + if (kafs_settoken(creds.realm, uid, &creds)) { log("AFS token (%s@%s) rejected for %s", creds.pname, creds.realm, pw->pw_name); @@ -367,7 +367,7 @@ auth_afs_token(Authctxt *authctxt, const char *token_string) } debug("AFS token accepted (%s@%s)", creds.pname, creds.realm); memset(&creds, 0, sizeof(creds)); - + return (1); } #endif /* AFS */ diff --git a/auth-rhosts.c b/auth-rhosts.c index 9ba64dbc..cbceb631 100644 --- a/auth-rhosts.c +++ b/auth-rhosts.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rhosts.c,v 1.24 2001/06/23 15:12:17 itojun Exp $"); +RCSID("$OpenBSD: auth-rhosts.c,v 1.25 2001/12/19 07:18:56 deraadt Exp $"); #include "packet.h" #include "xmalloc.h" @@ -186,7 +186,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, * servers. */ for (rhosts_file_index = 0; rhosts_files[rhosts_file_index]; - rhosts_file_index++) { + rhosts_file_index++) { /* Check users .rhosts or .shosts. */ snprintf(buf, sizeof buf, "%.500s/%.100s", pw->pw_dir, rhosts_files[rhosts_file_index]); @@ -204,16 +204,16 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, /* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */ if (pw->pw_uid != 0) { - if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr, client_user, - pw->pw_name)) { + if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr, + client_user, pw->pw_name)) { packet_send_debug("Accepted for %.100s [%.100s] by /etc/hosts.equiv.", - hostname, ipaddr); + hostname, ipaddr); return 1; } - if (check_rhosts_file(_PATH_SSH_HOSTS_EQUIV, hostname, ipaddr, client_user, - pw->pw_name)) { + if (check_rhosts_file(_PATH_SSH_HOSTS_EQUIV, hostname, ipaddr, + client_user, pw->pw_name)) { packet_send_debug("Accepted for %.100s [%.100s] by %.100s.", - hostname, ipaddr, _PATH_SSH_HOSTS_EQUIV); + hostname, ipaddr, _PATH_SSH_HOSTS_EQUIV); return 1; } } @@ -230,7 +230,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, } if (options.strict_modes && ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || - (st.st_mode & 022) != 0)) { + (st.st_mode & 022) != 0)) { log("Rhosts authentication refused for %.100s: bad ownership or modes for home directory.", pw->pw_name); packet_send_debug("Rhosts authentication refused for %.100s: bad ownership or modes for home directory.", @@ -242,7 +242,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, /* Check all .rhosts files (currently .shosts and .rhosts). */ for (rhosts_file_index = 0; rhosts_files[rhosts_file_index]; - rhosts_file_index++) { + rhosts_file_index++) { /* Check users .rhosts or .shosts. */ snprintf(buf, sizeof buf, "%.500s/%.100s", pw->pw_dir, rhosts_files[rhosts_file_index]); @@ -257,7 +257,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, */ if (options.strict_modes && ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || - (st.st_mode & 022) != 0)) { + (st.st_mode & 022) != 0)) { log("Rhosts authentication refused for %.100s: bad modes for %.200s", pw->pw_name, buf); packet_send_debug("Bad file modes for %.200s", buf); diff --git a/auth-skey.c b/auth-skey.c index f921fc1b..6dc71223 100644 --- a/auth-skey.c +++ b/auth-skey.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: auth-skey.c,v 1.12 2001/05/18 14:13:28 markus Exp $"); +RCSID("$OpenBSD: auth-skey.c,v 1.13 2001/12/19 07:18:56 deraadt Exp $"); #ifdef SKEY @@ -40,7 +40,7 @@ skey_init_ctx(Authctxt *authctxt) #define PROMPT "\nS/Key Password: " static int -skey_query(void *ctx, char **name, char **infotxt, +skey_query(void *ctx, char **name, char **infotxt, u_int* numprompts, char ***prompts, u_int **echo_on) { Authctxt *authctxt = ctx; @@ -72,9 +72,9 @@ static int skey_respond(void *ctx, u_int numresponses, char **responses) { Authctxt *authctxt = ctx; - + if (authctxt->valid && - numresponses == 1 && + numresponses == 1 && skey_haskey(authctxt->pw->pw_name) == 0 && skey_passcheck(authctxt->pw->pw_name, responses[0]) != -1) return 0; @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth.c,v 1.30 2001/11/17 19:14:34 stevesk Exp $"); +RCSID("$OpenBSD: auth.c,v 1.31 2001/12/19 07:18:56 deraadt Exp $"); #ifdef HAVE_LOGIN_H #include <login.h> @@ -272,7 +272,7 @@ expand_filename(const char *filename, struct passwd *pw) } if (cp[0] == '%' && cp[1] == 'u') { buffer_append(&buffer, pw->pw_name, - strlen(pw->pw_name)); + strlen(pw->pw_name)); cp++; continue; } @@ -326,7 +326,7 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, if (options.strict_modes && (stat(user_hostfile, &st) == 0) && ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || - (st.st_mode & 022) != 0)) { + (st.st_mode & 022) != 0)) { log("Authentication refused for %.100s: " "bad owner or modes for %.200s", pw->pw_name, user_hostfile); @@ -399,7 +399,7 @@ secure_filename(FILE *f, const char *file, struct passwd *pw, if (stat(buf, &st) < 0 || (st.st_uid != 0 && st.st_uid != uid) || (st.st_mode & 022) != 0) { - snprintf(err, errlen, + snprintf(err, errlen, "bad ownership or modes for directory %s", buf); return -1; } @@ -21,7 +21,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $OpenBSD: auth.h,v 1.24 2001/12/18 10:04:21 jakob Exp $ + * $OpenBSD: auth.h,v 1.25 2001/12/19 07:18:56 deraadt Exp $ */ #ifndef AUTH_H #define AUTH_H @@ -71,8 +71,8 @@ struct Authctxt { /* * Keyboard interactive device: - * init_ctx returns: non NULL upon success - * query returns: 0 - success, otherwise failure + * init_ctx returns: non NULL upon success + * query returns: 0 - success, otherwise failure * respond returns: 0 - success, 1 - need further interaction, * otherwise - failure */ @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth1.c,v 1.26 2001/12/05 03:56:39 itojun Exp $"); +RCSID("$OpenBSD: auth1.c,v 1.27 2001/12/19 07:18:56 deraadt Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -77,7 +77,7 @@ do_authloop(Authctxt *authctxt) struct passwd *pw = authctxt->pw; debug("Attempting authentication for %s%.100s.", - authctxt->valid ? "" : "illegal user ", authctxt->user); + authctxt->valid ? "" : "illegal user ", authctxt->user); /* If the user has no password, accept authentication immediately. */ if (options.password_authentication && @@ -120,17 +120,17 @@ do_authloop(Authctxt *authctxt) verbose("Kerberos authentication disabled."); } else { char *kdata = packet_get_string(&dlen); - + packet_integrity_check(plen, 4 + dlen, type); - + if (kdata[0] == 4) { /* KRB_PROT_VERSION */ #ifdef KRB4 KTEXT_ST tkt; - + tkt.length = dlen; if (tkt.length < MAX_KTXT_LEN) memcpy(tkt.dat, kdata, tkt.length); - + if (auth_krb4(authctxt, &tkt, &client_user)) { authenticated = 1; snprintf(info, sizeof(info), @@ -143,7 +143,7 @@ do_authloop(Authctxt *authctxt) krb5_data tkt; tkt.length = dlen; tkt.data = kdata; - + if (auth_krb5(authctxt, &tkt, &client_user)) { authenticated = 1; snprintf(info, sizeof(info), @@ -156,7 +156,7 @@ do_authloop(Authctxt *authctxt) } break; #endif /* KRB4 || KRB5 */ - + #if defined(AFS) || defined(KRB5) /* XXX - punt on backward compatibility here. */ case SSH_CMSG_HAVE_KERBEROS_TGT: @@ -168,7 +168,7 @@ do_authloop(Authctxt *authctxt) break; #endif /* AFS */ #endif /* AFS || KRB5 */ - + case SSH_CMSG_AUTH_RHOSTS: if (!options.rhosts_authentication) { verbose("Rhosts authentication disabled."); @@ -381,7 +381,7 @@ do_authentication(void) /* XXX - SSH.com Kerberos v5 braindeath. */ if ((p = strchr(user, '@')) != NULL) *p = '\0'; - + authctxt = authctxt_new(); authctxt->user = user; authctxt->style = style; diff --git a/auth2-chall.c b/auth2-chall.c index 4b97e47b..8ad1efcd 100644 --- a/auth2-chall.c +++ b/auth2-chall.c @@ -23,7 +23,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSI |