void
input_userauth_info_response_pam(int type, u_int32_t seqnr, void *ctxt)
{
Authctxt *authctxt = ctxt;
unsigned int nresp = 0, rlen = 0, i = 0;
char *resp;
if (authctxt == NULL)
fatal("input_userauth_info_response_pam: no authentication context");
nresp = packet_get_int(); /* Number of responses. */
debug("got %d responses", nresp);
if (nresp != context_pam2.num_expected)
fatal("%s: Received incorrect number of responses "
"(expected %d, received %u)", __func__,
context_pam2.num_expected, nresp);
if (nresp > 100)
fatal("%s: too many replies", __func__);
for (i = 0; i < nresp; i++) {
int j = context_pam2.prompts[i];
resp = packet_get_string(&rlen);
context_pam2.responses[j].resp_retcode = PAM_SUCCESS;
context_pam2.responses[j].resp = resp;
context_pam2.num_received++;
}
context_pam2.finished = 1;
packet_check_eom();
}
/*
* The 'gssapi_keyex' userauth mechanism.
*/
static int
userauth_gsskeyex(Authctxt *authctxt)
{
int authenticated = 0;
Buffer b;
gss_buffer_desc mic, gssbuf;
u_int len;
mic.value = packet_get_string(&len);
mic.length = len;
packet_check_eom();
ssh_gssapi_buildmic(&b, authctxt->user, authctxt->service,
"gssapi-keyex");
gssbuf.value = buffer_ptr(&b);
gssbuf.length = buffer_len(&b);
/* gss_kex_context is NULL with privsep, so we can't check it here */
if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gss_kex_context,
&gssbuf, &mic))))
authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user,
authctxt->pw));
buffer_free(&b);
free(mic.value);
return (authenticated);
}
/*
* Performs authentication of an incoming connection. Session key has already
* been exchanged and encryption is enabled.
*/
Authctxt *
do_authentication(void)
{
Authctxt *authctxt;
u_int ulen;
char *user, *style = NULL;
/* Get the name of the user that we wish to log in as. */
packet_read_expect(SSH_CMSG_USER);
/* Get the user name. */
user = packet_get_string(&ulen);
packet_check_eom();
if ((style = strchr(user, ':')) != NULL)
*style++ = '\0';
authctxt = authctxt_new();
authctxt->user = user;
authctxt->style = style;
/* Verify that the user is a valid user. */
if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL)
authctxt->valid = 1;
else {
debug("do_authentication: illegal user %s", user);
authctxt->pw = fakepw();
}
setproctitle("%s%s", authctxt->pw ? user : "******",
use_privsep ? " [net]" : "");
#ifdef USE_PAM
if (options.use_pam)
PRIVSEP(start_pam(user));
#endif
/*
* If we are not running as root, the user must have the same uid as
* the server. (Unless you are running Windows)
*/
#ifndef HAVE_CYGWIN
if (!use_privsep && getuid() != 0 && authctxt->pw &&
authctxt->pw->pw_uid != getuid())
packet_disconnect("Cannot change user when server not running as root.");
#endif
/*
* Loop until the user has been authenticated or the connection is
* closed, do_authloop() returns only if authentication is successful
*/
do_authloop(authctxt);
/* The user has been authenticated and accepted. */
packet_start(SSH_SMSG_SUCCESS);
packet_send();
packet_write_wait();
return (authctxt);
}
static Channel *
server_request_direct_tcpip(void)
{
Channel *c;
char *target, *originator;
u_short target_port, originator_port;
target = packet_get_string(NULL);
target_port = packet_get_int();
originator = packet_get_string(NULL);
originator_port = packet_get_int();
packet_check_eom();
debug("server_request_direct_tcpip: originator %s port %d, target %s "
"port %d", originator, originator_port, target, target_port);
/* XXX check permission */
c = channel_connect_to(target, target_port,
"direct-tcpip", "direct-tcpip");
xfree(originator);
xfree(target);
return c;
}
void
ssh_userauth2(const char *local_user, const char *server_user, char *host,
Sensitive *sensitive)
{
Authctxt authctxt;
int type;
if (options.challenge_response_authentication)
options.kbd_interactive_authentication = 1;
packet_start(SSH2_MSG_SERVICE_REQUEST);
packet_put_cstring("ssh-userauth");
packet_send();
debug("SSH2_MSG_SERVICE_REQUEST sent");
packet_write_wait();
type = packet_read();
if (type != SSH2_MSG_SERVICE_ACCEPT)
fatal("Server denied authentication request: %d", type);
if (packet_remaining() > 0) {
char *reply = packet_get_string(NULL);
debug2("service_accept: %s", reply);
xfree(reply);
} else {
debug2("buggy server: service_accept w/o service");
}
packet_check_eom();
debug("SSH2_MSG_SERVICE_ACCEPT received");
if (options.preferred_authentications == NULL)
options.preferred_authentications = authmethods_get();
/* setup authentication context */
memset(&authctxt, 0, sizeof(authctxt));
authctxt.agent = ssh_get_authentication_connection();
authctxt.server_user = server_user;
authctxt.local_user = local_user;
authctxt.host = host;
authctxt.service = "ssh-connection"; /* service name */
authctxt.success = 0;
authctxt.method = authmethod_lookup("none");
authctxt.authlist = NULL;
authctxt.sensitive = sensitive;
authctxt.info_req_seen = 0;
if (authctxt.method == NULL)
fatal("ssh_userauth2: internal error: cannot send userauth none request");
/* initial userauth request */
userauth_none(&authctxt);
dispatch_init(&input_userauth_error);
dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success);
dispatch_set(SSH2_MSG_USERAUTH_FAILURE, &input_userauth_failure);
dispatch_set(SSH2_MSG_USERAUTH_BANNER, &input_userauth_banner);
dispatch_run(DISPATCH_BLOCK, &authctxt.success, &authctxt); /* loop until success */
if (authctxt.agent != NULL)
ssh_close_authentication_connection(authctxt.agent);
debug("Authentication succeeded (%s).", authctxt.method->name);
}
int
auth_rsa_challenge_dialog(Key *key)
{
BIGNUM *challenge, *encrypted_challenge;
u_char response[16];
int i, success;
if ((encrypted_challenge = BN_new()) == NULL)
fatal("auth_rsa_challenge_dialog: BN_new() failed");
challenge = PRIVSEP(auth_rsa_generate_challenge(key));
/* Encrypt the challenge with the public key. */
rsa_public_encrypt(encrypted_challenge, challenge, key->rsa);
/* Send the encrypted challenge to the client. */
packet_start(SSH_SMSG_AUTH_RSA_CHALLENGE);
packet_put_bignum(encrypted_challenge);
packet_send();
BN_clear_free(encrypted_challenge);
packet_write_wait();
/* Wait for a response. */
packet_read_expect(SSH_CMSG_AUTH_RSA_RESPONSE);
for (i = 0; i < 16; i++)
response[i] = (u_char)packet_get_char();
packet_check_eom();
success = PRIVSEP(auth_rsa_verify_response(key, challenge, response));
BN_clear_free(challenge);
return (success);
}
static int
input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt)
{
Authctxt *authctxt = ctxt;
int authenticated;
if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))
fatal("No authentication or GSSAPI context");
/*
* We don't need to check the status, because we're only enabled in
* the dispatcher once the exchange is complete
*/
packet_check_eom();
authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user,
authctxt->pw));
authctxt->postponed = 0;
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL);
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC, NULL);
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL);
userauth_finish(authctxt, authenticated, "gssapi-with-mic", NULL);
return 0;
}
static int
server_input_channel_req(int type, u_int32_t seq, void *ctxt)
{
Channel *c;
int id, reply, success = 0;
char *rtype;
id = packet_get_int();
rtype = packet_get_string(NULL);
reply = packet_get_char();
debug("server_input_channel_req: channel %d request %s reply %d",
id, rtype, reply);
if ((c = channel_lookup(id)) == NULL)
packet_disconnect("server_input_channel_req: "
"unknown channel %d", id);
if (!strcmp(rtype, "*****@*****.**")) {
packet_check_eom();
chan_rcvd_eow(c);
} else if ((c->type == SSH_CHANNEL_LARVAL ||
c->type == SSH_CHANNEL_OPEN) && strcmp(c->ctype, "session") == 0)
success = session_input_channel_req(c, rtype);
if (reply && !(c->flags & CHAN_CLOSE_SENT)) {
packet_start(success ?
SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE);
packet_put_int(c->remote_id);
packet_send();
}
free(rtype);
return 0;
}
static int
userauth_kbdint(Authctxt *authctxt)
{
int authenticated = 0;
char *lang, *devs;
lang = packet_get_string(NULL);
devs = packet_get_string(NULL);
packet_check_eom();
debug("keyboard-interactive devs %s", devs);
if (options.challenge_response_authentication)
authenticated = auth2_challenge(authctxt, devs);
#ifdef USE_PAM
if (authenticated == 0 && options.pam_authentication_via_kbd_int)
authenticated = auth2_pam(authctxt);
#endif
xfree(devs);
xfree(lang);
#ifdef HAVE_CYGWIN
if (check_nt_auth(0, authctxt->pw) == 0)
return(0);
#endif
return authenticated;
}
static Channel *
server_request_direct_tcpip(void)
{
Channel *c = NULL;
char *target, *originator;
u_short target_port, originator_port;
target = packet_get_string(NULL);
target_port = packet_get_int();
originator = packet_get_string(NULL);
originator_port = packet_get_int();
packet_check_eom();
debug("server_request_direct_tcpip: originator %s port %d, target %s "
"port %d", originator, originator_port, target, target_port);
/* XXX fine grained permissions */
if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0 &&
!no_port_forwarding_flag) {
c = channel_connect_to_port(target, target_port,
"direct-tcpip", "direct-tcpip");
} else {
logit("refused local port forward: "
"originator %s port %d, target %s port %d",
originator, originator_port, target, target_port);
}
free(originator);
free(target);
return c;
}
/*ARGSUSED*/
static void
input_service_request(int type, u_int32_t seq, void *ctxt)
{
Authctxt *authctxt = ctxt;
u_int len;
int acceptit = 0;
char *service = packet_get_cstring(&len);
packet_check_eom();
if (authctxt == NULL)
fatal("input_service_request: no authctxt");
if (strcmp(service, "ssh-userauth") == 0) {
if (!authctxt->success) {
acceptit = 1;
/* now we can handle user-auth requests */
dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &input_userauth_request);
}
}
/* XXX all other service requests are denied */
if (acceptit) {
packet_start(SSH2_MSG_SERVICE_ACCEPT);
packet_put_cstring(service);
packet_send();
packet_write_wait();
} else {
debug("bad service request %s", service);
packet_disconnect("bad service request %s", service);
}
free(service);
}
static int
input_gssapi_errtok(int type, u_int32_t plen, void *ctxt)
{
Authctxt *authctxt = ctxt;
Gssctxt *gssctxt;
gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
gss_buffer_desc recv_tok;
OM_uint32 maj_status;
u_int len;
if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))
fatal("No authentication or GSSAPI context");
gssctxt = authctxt->methoddata;
recv_tok.value = packet_get_string(&len);
recv_tok.length = len;
packet_check_eom();
/* Push the error token into GSSAPI to see what it says */
maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok,
&send_tok, NULL));
free(recv_tok.value);
/* We can't return anything to the client, even if we wanted to */
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL);
/* The client will have already moved on to the next auth */
gss_release_buffer(&maj_status, &send_tok);
return 0;
}
/* ARGSUSED */
void
kex_input_kexinit(int type, u_int32_t seq, void *ctxt)
{
char *ptr;
u_int i, dlen;
Kex *kex = (Kex *)ctxt;
debug("SSH2_MSG_KEXINIT received");
if (kex == NULL)
fatal("kex_input_kexinit: no kex, cannot rekey");
ptr = packet_get_raw(&dlen);
buffer_append(&kex->peer, ptr, dlen);
/* discard packet */
for (i = 0; i < KEX_COOKIE_LEN; i++)
packet_get_char();
for (i = 0; i < PROPOSAL_MAX; i++)
free(packet_get_string(NULL));
/*
* XXX RFC4253 sec 7: "each side MAY guess" - currently no supported
* KEX method has the server move first, but a server might be using
* a custom method or one that we otherwise don't support. We should
* be prepared to remember first_kex_follows here so we can eat a
* packet later.
* XXX2 - RFC4253 is kind of ambiguous on what first_kex_follows means
* for cases where the server *doesn't* go first. I guess we should
* ignore it when it is set for these cases, which is what we do now.
*/
(void) packet_get_char(); /* first_kex_follows */
(void) packet_get_int(); /* reserved */
packet_check_eom();
kex_kexinit_finish(kex);
}
static int
userauth_passwd(Authctxt *authctxt)
{
char *password, *newpass;
int authenticated = 0;
int change;
u_int len, newlen;
change = packet_get_char();
password = packet_get_string(&len);
if (change) {
/* discard new password from packet */
newpass = packet_get_string(&newlen);
memset(newpass, 0, newlen);
xfree(newpass);
}
packet_check_eom();
if (change)
logit("password change not supported");
else if (PRIVSEP(auth_password(authctxt, password)) == 1)
authenticated = 1;
#ifdef HAVE_CYGWIN
if (check_nt_auth(1, authctxt->pw) == 0)
authenticated = 0;
#endif
memset(password, 0, len);
xfree(password);
return authenticated;
}
/*ARGSUSED*/
static int
auth1_process_password(Authctxt *authctxt, char *info, size_t infolen)
{
int authenticated = 0;
char *password;
u_int dlen;
/*
* Read user password. It is in plain text, but was
* transmitted over the encrypted channel so it is
* not visible to an outside observer.
*/
password = packet_get_string(&dlen);
packet_check_eom();
/* Try authentication with the password. */
#ifndef ANDROID
authenticated = PRIVSEP(auth_password(authctxt, password));
#else
/* no password authentication in android */
authenticated = 0;
#endif
memset(password, 0, dlen);
xfree(password);
return (authenticated);
}
static Channel *
server_request_session(void)
{
Channel *c;
debug("input_session_request");
packet_check_eom();
if (no_more_sessions) {
packet_disconnect("Possible attack: attempt to open a session "
"after additional sessions disabled");
}
/*
* A server session has no fd to read or write until a
* CHANNEL_REQUEST for a shell is made, so we set the type to
* SSH_CHANNEL_LARVAL. Additionally, a callback for handling all
* CHANNEL_REQUEST messages is registered.
*/
c = channel_new("session", SSH_CHANNEL_LARVAL,
-1, -1, -1, /*window size*/0, CHAN_SES_PACKET_DEFAULT,
0, "server-session", 1);
if (session_open(the_authctxt, c->self) != 1) {
debug("session open failed, free channel %d", c->self);
channel_free(c);
return NULL;
}
channel_register_cleanup(c->self, session_close_by_channel, 0);
return c;
}
/* ARGSUSED */
void
kex_input_kexinit(int type, u_int32_t seq, void *ctxt)
{
char *ptr;
u_int i, dlen;
Kex *kex = (Kex *)ctxt;
debug("SSH2_MSG_KEXINIT received");
if (kex == NULL)
fatal("kex_input_kexinit: no kex, cannot rekey");
ptr = packet_get_raw(&dlen);
buffer_append(&kex->peer, ptr, dlen);
/* discard packet */
for (i = 0; i < KEX_COOKIE_LEN; i++)
packet_get_char();
for (i = 0; i < PROPOSAL_MAX; i++)
xfree(packet_get_string(NULL));
(void) packet_get_char();
(void) packet_get_int();
packet_check_eom();
kex_kexinit_finish(kex);
}
static int
input_gssapi_token(int type, u_int32_t plen, void *ctxt)
{
Authctxt *authctxt = ctxt;
Gssctxt *gssctxt;
gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
gss_buffer_desc recv_tok;
OM_uint32 maj_status, min_status, flags;
u_int len;
if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))
fatal("No authentication or GSSAPI context");
gssctxt = authctxt->methoddata;
recv_tok.value = packet_get_string(&len);
recv_tok.length = len; /* u_int vs. size_t */
packet_check_eom();
maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok,
&send_tok, &flags));
free(recv_tok.value);
if (GSS_ERROR(maj_status)) {
if (send_tok.length != 0) {
packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK);
packet_put_string(send_tok.value, send_tok.length);
packet_send();
}
authctxt->postponed = 0;
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
userauth_finish(authctxt, 0, "gssapi-with-mic", NULL);
} else {
if (send_tok.length != 0) {
packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
packet_put_string(send_tok.value, send_tok.length);
packet_send();
}
if (maj_status == GSS_S_COMPLETE) {
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
if (flags & GSS_C_INTEG_FLAG)
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC,
&input_gssapi_mic);
else
dispatch_set(
SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE,
&input_gssapi_exchange_complete);
}
}
#pragma clang diagnostic push
#pragma clang diagnostic ignored "-Wdeprecated-declarations"
gss_release_buffer(&min_status, &send_tok);
#pragma clang diagnostic pop
return 0;
}
static int
userauth_none(Authctxt *authctxt)
{
none_enabled = 0;
packet_check_eom();
if (options.permit_empty_passwd && options.password_authentication)
return (PRIVSEP(auth_password(authctxt, "")));
return (0);
}
static int
userauth_none(Authctxt *authctxt)
{
none_enabled = 0;
packet_check_eom();
userauth_banner();
#ifdef HAVE_CYGWIN
if (check_nt_auth(1, authctxt->pw) == 0)
return(0);
#endif
return (authctxt->valid ? PRIVSEP(auth_password(authctxt, "")) : 0);
}
static void
server_input_eof(int type, u_int32_t seq, void *ctxt)
{
/*
* Eof from the client. The stdin descriptor to the
* program will be closed when all buffered data has
* drained.
*/
debug("EOF received for stdin.");
packet_check_eom();
stdin_eof = 1;
}
static int
auth1_process_kerberos(Authctxt *authctxt)
{
int authenticated = 0;
u_int dlen;
char *client_user;
char *kdata = packet_get_string(&dlen);
packet_check_eom();
if (kdata[0] == 4) { /* KRB_PROT_VERSION */
#ifdef KRB4
KTEXT_ST tkt, reply;
tkt.length = dlen;
if (tkt.length < MAX_KTXT_LEN)
memcpy(tkt.dat, kdata, tkt.length);
if (PRIVSEP(auth_krb4(authctxt, &tkt, &client_user, &reply))) {
authenticated = 1;
packet_start(SSH_SMSG_AUTH_KERBEROS_RESPONSE);
packet_put_string((char *)
reply.dat, reply.length);
packet_send();
packet_write_wait();
free(client_user);
}
#endif /* KRB4 */
} else {
#ifdef KRB5
krb5_data tkt, reply;
tkt.length = dlen;
tkt.data = kdata;
if (PRIVSEP(auth_krb5(authctxt, &tkt, &client_user, &reply))) {
authenticated = 1;
/* Send response to client */
packet_start(SSH_SMSG_AUTH_KERBEROS_RESPONSE);
packet_put_string((char *)reply.data, reply.length);
packet_send();
packet_write_wait();
if (reply.length)
free(reply.data);
free(client_user);
}
#endif /* KRB5 */
}
free(kdata);
return authenticated;
}
static void
server_input_window_size(int type, u_int32_t seq, void *ctxt)
{
u_int row = packet_get_int();
u_int col = packet_get_int();
u_int xpixel = packet_get_int();
u_int ypixel = packet_get_int();
debug("Window change received.");
packet_check_eom();
if (fdin != -1)
pty_change_window_size(fdin, row, col, xpixel, ypixel);
}
static int
userauth_none(Authctxt *authctxt)
{
none_enabled = 0;
packet_check_eom();
#ifdef HAVE_CYGWIN
if (check_nt_auth(1, authctxt->pw) == 0)
return (0);
#endif
if (options.password_authentication)
return (PRIVSEP(auth_password(authctxt, "")));
return (0);
}
/*ARGSUSED*/
static int
auth1_process_tis_response(Authctxt *authctxt)
{
int authenticated = 0;
char *response;
u_int dlen;
response = packet_get_string(&dlen);
packet_check_eom();
authenticated = verify_response(authctxt, response);
memset(response, 'r', dlen);
free(response);
return (authenticated);
}
static void
input_gssapi_token(int type, u_int32_t plen, void *ctxt)
{
Authctxt *authctxt = ctxt;
Gssctxt *gssctxt;
gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
gss_buffer_desc recv_tok;
OM_uint32 maj_status, min_status;
u_int len;
if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))
fatal("No authentication or GSSAPI context");
gssctxt = authctxt->methoddata;
recv_tok.value = packet_get_string(&len);
recv_tok.length = len; /* u_int vs. size_t */
packet_check_eom();
maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok,
&send_tok, NULL));
xfree(recv_tok.value);
if (GSS_ERROR(maj_status)) {
if (send_tok.length != 0) {
packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK);
packet_put_string(send_tok.value, send_tok.length);
packet_send();
}
authctxt->postponed = 0;
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
userauth_finish(authctxt, 0, "gssapi");
} else {
if (send_tok.length != 0) {
packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
packet_put_string(send_tok.value, send_tok.length);
packet_send();
}
if (maj_status == GSS_S_COMPLETE) {
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE,
&input_gssapi_exchange_complete);
}
}
gss_release_buffer(&min_status, &send_tok);
}
static void
server_input_stdin_data(int type, u_int32_t seq, void *ctxt)
{
char *data;
u_int data_len;
/* Stdin data from the client. Append it to the buffer. */
/* Ignore any data if the client has closed stdin. */
if (fdin == -1)
return;
data = packet_get_string(&data_len);
packet_check_eom();
buffer_append(&stdin_buffer, data, data_len);
explicit_bzero(data, data_len);
free(data);
}
/*ARGSUSED*/
static int
auth1_process_rsa(Authctxt *authctxt)
{
int authenticated = 0;
BIGNUM *n;
/* RSA authentication requested. */
if ((n = BN_new()) == NULL)
fatal("do_authloop: BN_new failed");
packet_get_bignum(n);
packet_check_eom();
authenticated = auth_rsa(authctxt, n);
BN_clear_free(n);
return (authenticated);
}
static void
userauth_none(Authctxt *authctxt)
{
none_enabled = 0;
if (!authctxt || !authctxt->method)
fatal("%s: missing context", __func__);
packet_check_eom();
userauth_banner();
#ifdef HAVE_CYGWIN
if (check_nt_auth(1, authctxt->pw) == 0)
return(0);
#endif
authctxt->method->authenticated = PRIVSEP(auth_password(authctxt, ""));
}
void PTYPars::read_from_packet (CoreConnection* con)
{
u_int len;
int n_bytes;
#if 0 // FIXME
if (s->ttyfd != -1) {
packet_disconnect("Protocol error: you already have a pty.");
return 0;
}
#endif
const char* term2 = con-> packet_get_string(&len);
term = term2;
xfree ((void*) term2);
col = con-> packet_get_int();
row = con-> packet_get_int();
xpixel = con-> packet_get_int();
ypixel = con-> packet_get_int();
#if 0
/* Allocate a pty and open it. */
debug("Allocating pty.");
if (!PRIVSEP(pty_allocate(&s->ptyfd, &s->ttyfd, s->tty,
sizeof(s->tty)))) {
if (s->term)
xfree(s->term);
s->term = NULL;
s->ptyfd = -1;
s->ttyfd = -1;
error("session_pty_req: session %d alloc failed", s->self);
return 0;
}
debug("session_pty_req: session %d alloc %s", s->self, s->tty);
#endif
PTY::tty_parse_modes(con, &n_bytes);
#if 0
/* Set window size from the packet. */
pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
#endif
packet_check_eom (con);
}
