本文整理汇总了C++中packet_start函数的典型用法代码示例。如果您正苦于以下问题:C++ packet_start函数的具体用法?C++ packet_start怎么用?C++ packet_start使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了packet_start函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: client_alive_check
static void
client_alive_check(void)
{
int channel_id;
/* timeout, check to see how many we have had */
if (packet_inc_alive_timeouts() > options.client_alive_count_max) {
logit("Timeout, client not responding.");
cleanup_exit(255);
}
/*
* send a bogus global/channel request with "wantreply",
* we should get back a failure
*/
if ((channel_id = channel_find_open()) == -1) {
packet_start(SSH2_MSG_GLOBAL_REQUEST);
packet_put_cstring("[email protected]");
packet_put_char(1); /* boolean: want reply */
} else {
channel_request_start(channel_id, "[email protected]", 1);
}
packet_send();
}示例2: server_input_global_request
static void
server_input_global_request(int type, u_int32_t seq, void *ctxt)
{
char *rtype;
int want_reply;
int success = 0, allocated_listen_port = 0;
rtype = packet_get_string(NULL);
want_reply = packet_get_char();
debug("server_input_global_request: rtype %s want_reply %d", rtype, want_reply);
/* -R style forwarding */
if (strcmp(rtype, "tcpip-forward") == 0) {
struct passwd *pw;
char *listen_address;
u_short listen_port;
pw = the_authctxt->pw;
if (pw == NULL || !the_authctxt->valid)
fatal("server_input_global_request: no/invalid user");
listen_address = packet_get_string(NULL);
listen_port = (u_short)packet_get_int();
debug("server_input_global_request: tcpip-forward listen %s port %d",
listen_address, listen_port);
/* check permissions */
if ((options.allow_tcp_forwarding & FORWARD_REMOTE) == 0 ||
no_port_forwarding_flag ||
(!want_reply && listen_port == 0)
#ifndef NO_IPPORT_RESERVED_CONCEPT
|| (listen_port != 0 && listen_port < IPPORT_RESERVED &&
pw->pw_uid != 0)
#endif
) {
success = 0;
packet_send_debug("Server has disabled port forwarding.");
} else {
/* Start listening on the port */
success = channel_setup_remote_fwd_listener(
listen_address, listen_port,
&allocated_listen_port, options.gateway_ports);
}
free(listen_address);
} else if (strcmp(rtype, "cancel-tcpip-forward") == 0) {
char *cancel_address;
u_short cancel_port;
cancel_address = packet_get_string(NULL);
cancel_port = (u_short)packet_get_int();
debug("%s: cancel-tcpip-forward addr %s port %d", __func__,
cancel_address, cancel_port);
success = channel_cancel_rport_listener(cancel_address,
cancel_port);
free(cancel_address);
} else if (strcmp(rtype, "[email protected].com") == 0) {
no_more_sessions = 1;
success = 1;
}
if (want_reply) {
packet_start(success ?
SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE);
if (success && allocated_listen_port > 0)
packet_put_int(allocated_listen_port);
packet_send();
packet_write_wait();
}
free(rtype);
}示例3: ssh_session
static int
ssh_session(void)
{
int type;
int interactive = 0;
int have_tty = 0;
struct winsize ws;
char *cp;
const char *display;
/* Enable compression if requested. */
if (options.compression) {
debug("Requesting compression at level %d.",
options.compression_level);
if (options.compression_level < 1 ||
options.compression_level > 9)
fatal("Compression level must be from 1 (fast) to "
"9 (slow, best).");
/* Send the request. */
packet_start(SSH_CMSG_REQUEST_COMPRESSION);
packet_put_int(options.compression_level);
packet_send();
packet_write_wait();
type = packet_read();
if (type == SSH_SMSG_SUCCESS)
packet_start_compression(options.compression_level);
else if (type == SSH_SMSG_FAILURE)
logit("Warning: Remote host refused compression.");
else
packet_disconnect("Protocol error waiting for "
"compression response.");
}
/* Allocate a pseudo tty if appropriate. */
if (tty_flag) {
debug("Requesting pty.");
/* Start the packet. */
packet_start(SSH_CMSG_REQUEST_PTY);
/* Store TERM in the packet. There is no limit on the
length of the string. */
cp = getenv("TERM");
if (!cp)
cp = "";
packet_put_cstring(cp);
/* Store window size in the packet. */
if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) < 0)
memset(&ws, 0, sizeof(ws));
packet_put_int((u_int)ws.ws_row);
packet_put_int((u_int)ws.ws_col);
packet_put_int((u_int)ws.ws_xpixel);
packet_put_int((u_int)ws.ws_ypixel);
/* Store tty modes in the packet. */
tty_make_modes(fileno(stdin), NULL);
/* Send the packet, and wait for it to leave. */
packet_send();
packet_write_wait();
/* Read response from the server. */
type = packet_read();
if (type == SSH_SMSG_SUCCESS) {
interactive = 1;
have_tty = 1;
} else if (type == SSH_SMSG_FAILURE)
logit("Warning: Remote host failed or refused to "
"allocate a pseudo tty.");
else
packet_disconnect("Protocol error waiting for pty "
"request response.");
}
/* Request X11 forwarding if enabled and DISPLAY is set. */
display = getenv("DISPLAY");
if (options.forward_x11 && display != NULL) {
char *proto, *data;
/* Get reasonable local authentication information. */
client_x11_get_proto(display, options.xauth_location,
options.forward_x11_trusted,
options.forward_x11_timeout,
&proto, &data);
/* Request forwarding with authentication spoofing. */
debug("Requesting X11 forwarding with authentication "
"spoofing.");
x11_request_forwarding_with_spoofing(0, display, proto,
data, 0);
/* Read response from the server. */
type = packet_read();
if (type == SSH_SMSG_SUCCESS) {
interactive = 1;
} else if (type == SSH_SMSG_FAILURE) {
logit("Warning: Remote host denied X11 forwarding.");
} else {
packet_disconnect("Protocol error waiting for X11 "
"forwarding");
}
}
//.........这里部分代码省略.........
示例4: do_authentication
/*
* Performs authentication of an incoming connection. Session key has already
* been exchanged and encryption is enabled.
*/
void
do_authentication(Authctxt *authctxt)
{
u_int ulen;
char *user, *style = NULL;
/* Get the name of the user that we wish to log in as. */
packet_read_expect(SSH_CMSG_USER);
/* Get the user name. */
user = packet_get_cstring(&ulen);
packet_check_eom();
if ((style = strchr(user, ':')) != NULL)
*style++ = '\0';
authctxt->user = user;
authctxt->style = style;
/* Verify that the user is a valid user. */
if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL)
authctxt->valid = 1;
else {
debug("do_authentication: invalid user %s", user);
authctxt->pw = fakepw();
}
/* Configuration may have changed as a result of Match */
if (options.num_auth_methods != 0)
fatal("AuthenticationMethods is not supported with SSH "
"protocol 1");
setproctitle("%s%s", authctxt->valid ? user : "unknown",
use_privsep ? " [net]" : "");
#ifdef USE_PAM
if (options.use_pam)
PRIVSEP(start_pam(authctxt));
#endif
/*
* If we are not running as root, the user must have the same uid as
* the server.
*/
#ifndef HAVE_CYGWIN
if (!use_privsep && getuid() != 0 && authctxt->pw &&
authctxt->pw->pw_uid != getuid())
packet_disconnect("Cannot change user when server not running as root.");
#endif
/*
* Loop until the user has been authenticated or the connection is
* closed, do_authloop() returns only if authentication is successful
*/
do_authloop(authctxt);
/* The user has been authenticated and accepted. */
packet_start(SSH_SMSG_SUCCESS);
packet_send();
packet_write_wait();
}示例5: userauth_pubkey
static int
userauth_pubkey(Authctxt *authctxt)
{
Buffer b;
Key *key = NULL;
char *pkalg;
u_char *pkblob, *sig;
u_int alen, blen, slen;
int have_sig, pktype;
int authenticated = 0;
if (!authctxt->valid) {
debug2("userauth_pubkey: disabled because of invalid user");
return 0;
}
have_sig = packet_get_char();
if (datafellows & SSH_BUG_PKAUTH) {
debug2("userauth_pubkey: SSH_BUG_PKAUTH");
/* no explicit pkalg given */
pkblob = packet_get_string(&blen);
buffer_init(&b);
buffer_append(&b, pkblob, blen);
/* so we have to extract the pkalg from the pkblob */
pkalg = buffer_get_string(&b, &alen);
buffer_free(&b);
} else {
pkalg = packet_get_string(&alen);
pkblob = packet_get_string(&blen);
}
pktype = key_type_from_name(pkalg);
if (pktype == KEY_UNSPEC) {
/* this is perfectly legal */
logit("userauth_pubkey: unsupported public key algorithm: %s",
pkalg);
goto done;
}
key = key_from_blob(pkblob, blen);
if (key == NULL) {
error("userauth_pubkey: cannot decode key: %s", pkalg);
goto done;
}
if (key->type != pktype) {
error("userauth_pubkey: type mismatch for decoded key "
"(received %d, expected %d)", key->type, pktype);
goto done;
}
if (have_sig) {
sig = packet_get_string(&slen);
packet_check_eom();
buffer_init(&b);
if (datafellows & SSH_OLD_SESSIONID) {
buffer_append(&b, session_id2, session_id2_len);
} else {
buffer_put_string(&b, session_id2, session_id2_len);
}
/* reconstruct packet */
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
buffer_put_cstring(&b, authctxt->user);
buffer_put_cstring(&b,
datafellows & SSH_BUG_PKSERVICE ?
"ssh-userauth" :
authctxt->service);
if (datafellows & SSH_BUG_PKAUTH) {
buffer_put_char(&b, have_sig);
} else {
buffer_put_cstring(&b, "publickey");
buffer_put_char(&b, have_sig);
buffer_put_cstring(&b, pkalg);
}
buffer_put_string(&b, pkblob, blen);
#ifdef DEBUG_PK
buffer_dump(&b);
#endif
/* test for correct signature */
authenticated = 0;
if (PRIVSEP(user_key_allowed(authctxt->pw, key)) &&
PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b),
buffer_len(&b))) == 1)
authenticated = 1;
buffer_free(&b);
xfree(sig);
} else {
debug("test whether pkalg/pkblob are acceptable");
packet_check_eom();
/* XXX fake reply and always send PK_OK ? */
/*
* XXX this allows testing whether a user is allowed
* to login: if you happen to have a valid pubkey this
* message is sent. the message is NEVER sent at all
* if a user is not allowed to login. is this an
* issue? -markus
*/
if (PRIVSEP(user_key_allowed(authctxt->pw, key))) {
packet_start(SSH2_MSG_USERAUTH_PK_OK);
packet_put_string(pkalg, alen);
packet_put_string(pkblob, blen);
packet_send();
packet_write_wait();
authctxt->postponed = 1;
//.........这里部分代码省略.........
示例6: userauth_gssapi
/*
* We only support those mechanisms that we know about (ie ones that we know
* how to check local user kuserok and the like)
*/
static int
userauth_gssapi(Authctxt *authctxt)
{
gss_OID_desc goid = {0, NULL};
Gssctxt *ctxt = NULL;
int mechs;
int present;
OM_uint32 ms;
u_int len;
u_char *doid = NULL;
if (!authctxt->valid || authctxt->user == NULL)
return (0);
mechs = packet_get_int();
if (mechs == 0) {
debug("Mechanism negotiation is not supported");
return (0);
}
do {
mechs--;
free(doid);
present = 0;
doid = packet_get_string(&len);
if (len > 2 && doid[0] == SSH_GSS_OIDTYPE &&
doid[1] == len - 2) {
goid.elements = doid + 2;
goid.length = len - 2;
ssh_gssapi_test_oid_supported(&ms, &goid, &present);
} else {
logit("Badly formed OID received");
}
} while (mechs > 0 && !present);
if (!present) {
free(doid);
authctxt->server_caused_failure = 1;
return (0);
}
if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) {
if (ctxt != NULL)
ssh_gssapi_delete_ctx(&ctxt);
free(doid);
authctxt->server_caused_failure = 1;
return (0);
}
authctxt->methoddata = (void *)ctxt;
packet_start(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE);
/* Return the OID that we received */
packet_put_string(doid, len);
packet_send();
free(doid);
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token);
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok);
authctxt->postponed = 1;
return (0);
}示例7: server_input_global_request
static int
server_input_global_request(int type, u_int32_t seq, void *ctxt)
{
char *rtype;
int want_reply;
int r, success = 0, allocated_listen_port = 0;
struct sshbuf *resp = NULL;
rtype = packet_get_string(NULL);
want_reply = packet_get_char();
debug("server_input_global_request: rtype %s want_reply %d", rtype, want_reply);
/* -R style forwarding */
if (strcmp(rtype, "tcpip-forward") == 0) {
struct passwd *pw;
struct Forward fwd;
pw = the_authctxt->pw;
if (pw == NULL || !the_authctxt->valid)
fatal("server_input_global_request: no/invalid user");
memset(&fwd, 0, sizeof(fwd));
fwd.listen_host = packet_get_string(NULL);
fwd.listen_port = (u_short)packet_get_int();
debug("server_input_global_request: tcpip-forward listen %s port %d",
fwd.listen_host, fwd.listen_port);
/* check permissions */
if ((options.allow_tcp_forwarding & FORWARD_REMOTE) == 0 ||
no_port_forwarding_flag ||
(!want_reply && fwd.listen_port == 0)
#ifndef NO_IPPORT_RESERVED_CONCEPT
|| (fwd.listen_port != 0 && fwd.listen_port < IPPORT_RESERVED &&
pw->pw_uid != 0)
#endif
) {
success = 0;
packet_send_debug("Server has disabled port forwarding.");
} else {
/* Start listening on the port */
success = channel_setup_remote_fwd_listener(&fwd,
&allocated_listen_port, &options.fwd_opts);
}
free(fwd.listen_host);
if ((resp = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new", __func__);
if ((r = sshbuf_put_u32(resp, allocated_listen_port)) != 0)
fatal("%s: sshbuf_put_u32: %s", __func__, ssh_err(r));
} else if (strcmp(rtype, "cancel-tcpip-forward") == 0) {
struct Forward fwd;
memset(&fwd, 0, sizeof(fwd));
fwd.listen_host = packet_get_string(NULL);
fwd.listen_port = (u_short)packet_get_int();
debug("%s: cancel-tcpip-forward addr %s port %d", __func__,
fwd.listen_host, fwd.listen_port);
success = channel_cancel_rport_listener(&fwd);
free(fwd.listen_host);
} else if (strcmp(rtype, "[email protected]") == 0) {
struct Forward fwd;
memset(&fwd, 0, sizeof(fwd));
fwd.listen_path = packet_get_string(NULL);
debug("server_input_global_request: streamlocal-forward listen path %s",
fwd.listen_path);
/* check permissions */
if ((options.allow_streamlocal_forwarding & FORWARD_REMOTE) == 0
|| no_port_forwarding_flag) {
success = 0;
packet_send_debug("Server has disabled port forwarding.");
} else {
/* Start listening on the socket */
success = channel_setup_remote_fwd_listener(
&fwd, NULL, &options.fwd_opts);
}
free(fwd.listen_path);
} else if (strcmp(rtype, "[email protected]") == 0) {
struct Forward fwd;
memset(&fwd, 0, sizeof(fwd));
fwd.listen_path = packet_get_string(NULL);
debug("%s: cancel-streamlocal-forward path %s", __func__,
fwd.listen_path);
success = channel_cancel_rport_listener(&fwd);
free(fwd.listen_path);
} else if (strcmp(rtype, "[email protected]") == 0) {
no_more_sessions = 1;
success = 1;
} else if (strcmp(rtype, "[email protected]") == 0) {
success = server_input_hostkeys_prove(&resp);
}
if (want_reply) {
packet_start(success ?
SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE);
if (success && resp != NULL)
ssh_packet_put_raw(active_state, sshbuf_ptr(resp),
sshbuf_len(resp));
packet_send();
//.........这里部分代码省略.........
示例8: kexgss_client
void
kexgss_client(Kex *kex) {
gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
gss_buffer_desc recv_tok, gssbuf, msg_tok, *token_ptr;
Gssctxt *ctxt;
OM_uint32 maj_status, min_status, ret_flags;
u_int klen, kout, slen = 0, hashlen, strlen;
DH *dh;
BIGNUM *dh_server_pub = NULL;
BIGNUM *shared_secret = NULL;
BIGNUM *p = NULL;
BIGNUM *g = NULL;
u_char *kbuf, *hash;
u_char *serverhostkey = NULL;
u_char *empty = "";
char *msg;
char *lang;
int type = 0;
int first = 1;
int nbits = 0, min = DH_GRP_MIN, max = DH_GRP_MAX;
/* Initialise our GSSAPI world */
ssh_gssapi_build_ctx(&ctxt);
if (ssh_gssapi_id_kex(ctxt, kex->name, kex->kex_type)
== GSS_C_NO_OID)
fatal("Couldn't identify host exchange");
if (ssh_gssapi_import_name(ctxt, kex->gss_host))
fatal("Couldn't import hostname");
if (kex->gss_client &&
ssh_gssapi_client_identity(ctxt, kex->gss_client))
fatal("Couldn't acquire client credentials");
switch (kex->kex_type) {
case KEX_GSS_GRP1_SHA1:
dh = dh_new_group1();
break;
case KEX_GSS_GRP14_SHA1:
dh = dh_new_group14();
break;
case KEX_GSS_GEX_SHA1:
debug("Doing group exchange\n");
nbits = dh_estimate(kex->we_need * 8);
packet_start(SSH2_MSG_KEXGSS_GROUPREQ);
packet_put_int(min);
packet_put_int(nbits);
packet_put_int(max);
packet_send();
packet_read_expect(SSH2_MSG_KEXGSS_GROUP);
if ((p = BN_new()) == NULL)
fatal("BN_new() failed");
packet_get_bignum2(p);
if ((g = BN_new()) == NULL)
fatal("BN_new() failed");
packet_get_bignum2(g);
packet_check_eom();
if (BN_num_bits(p) < min || BN_num_bits(p) > max)
fatal("GSSGRP_GEX group out of range: %d !< %d !< %d",
min, BN_num_bits(p), max);
dh = dh_new_group(g, p);
break;
default:
fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
}
/* Step 1 - e is dh->pub_key */
dh_gen_key(dh, kex->we_need * 8);
/* This is f, we initialise it now to make life easier */
dh_server_pub = BN_new();
if (dh_server_pub == NULL)
fatal("dh_server_pub == NULL");
token_ptr = GSS_C_NO_BUFFER;
do {
debug("Calling gss_init_sec_context");
maj_status = ssh_gssapi_init_ctx(ctxt,
kex->gss_deleg_creds, token_ptr, &send_tok,
&ret_flags);
if (GSS_ERROR(maj_status)) {
if (send_tok.length != 0) {
packet_start(SSH2_MSG_KEXGSS_CONTINUE);
packet_put_string(send_tok.value,
send_tok.length);
}
fatal("gss_init_context failed");
}
/* If we've got an old receive buffer get rid of it */
if (token_ptr != GSS_C_NO_BUFFER)
xfree(recv_tok.value);
//.........这里部分代码省略.........
示例9: userauth_pubkey
//.........这里部分代码省略.........
if (authctxt -> hTokenLsa_)
{
doOpenSSHVerify = 0;
/*
* This is part of openssh authorization needed for parsing
* 'options' block in key.
*/
authctxt -> pw -> pw_dir = GetHomeDir(authctxt -> user);
if (PRIVSEP(user_key_allowed(authctxt -> pw, key, 1))) // PRAGMA:TODO
{
authenticated = 1;
}
else
{
authenticated = 0;
}
buffer_free(&b);
free(sig);
}
}
}
if (doOpenSSHVerify)
{
/*
* If lsa fails, test for correct signature using openssh code.
*/
authctxt -> pw -> pw_dir = GetHomeDir(authctxt -> user);
if (PRIVSEP(user_key_allowed(authctxt->pw, key, 0)) //PRAGMA:TODO
&&
PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b), buffer_len(&b))) == 1)
{
authenticated = 1;
}
}
/*
* Original code.
*/
#else /* #ifdef WIN32_FIXME */
if (PRIVSEP(user_key_allowed(authctxt->pw, key, 1)) &&
PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b),
buffer_len(&b))) == 1) {
authenticated = 1;
/* Record the successful key to prevent reuse */
auth2_record_userkey(authctxt, key);
key = NULL; /* Don't free below */
}
buffer_free(&b);
free(sig);
#endif /* else #ifdef WIN32_FIXME. */
} else {
debug("test whether pkalg/pkblob are acceptable");
packet_check_eom();
/* XXX fake reply and always send PK_OK ? */
/*
* XXX this allows testing whether a user is allowed
* to login: if you happen to have a valid pubkey this
* message is sent. the message is NEVER sent at all
* if a user is not allowed to login. is this an
* issue? -markus
*/
#ifndef WIN32_FIXME
if (PRIVSEP(user_key_allowed(authctxt->pw, key, 0)))
#endif
{
packet_start(SSH2_MSG_USERAUTH_PK_OK);
packet_put_string(pkalg, alen);
packet_put_string(pkblob, blen);
packet_send();
packet_write_wait();
authctxt->postponed = 1;
}
}
if (authenticated != 1)
auth_clear_options();
done:
debug2("userauth_pubkey: authenticated %d pkalg %s", authenticated, pkalg);
if (key != NULL)
key_free(key);
free(pkalg);
free(pkblob);
return authenticated;
}示例10: userauth_gssapi
/*
* We only support those mechanisms that we know about (ie ones that we know
* how to check local user kuserok and the like
*/
static int
userauth_gssapi(Authctxt *authctxt)
{
gss_OID_desc oid = {0, NULL};
Gssctxt *ctxt = NULL;
int mechs;
gss_OID_set supported;
int present;
OM_uint32 ms;
u_int len;
char *doid = NULL;
if (!authctxt->valid || authctxt->user == NULL)
return (0);
mechs = packet_get_int();
if (mechs == 0) {
debug("Mechanism negotiation is not supported");
return (0);
}
ssh_gssapi_supported_oids(&supported);
do {
mechs--;
if (doid)
xfree(doid);
doid = packet_get_string(&len);
if (doid[0] != SSH_GSS_OIDTYPE || doid[1] != len-2) {
logit("Mechanism OID received using the old encoding form");
oid.elements = doid;
oid.length = len;
} else {
oid.elements = doid + 2;
oid.length = len - 2;
}
gss_test_oid_set_member(&ms, &oid, supported, &present);
} while (mechs > 0 && !present);
gss_release_oid_set(&ms, &supported);
if (!present) {
xfree(doid);
return (0);
}
if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &oid)))) {
xfree(doid);
return (0);
}
authctxt->methoddata=(void *)ctxt;
packet_start(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE);
/* Return OID in same format as we received it*/
packet_put_string(doid, len);
packet_send();
xfree(doid);
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token);
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok);
authctxt->postponed = 1;
return (0);
}示例11: do_authloop
/*
* read packets, try to authenticate the user and
* return only if authentication is successful
*/
static void
do_authloop(Authctxt *authctxt)
{
int authenticated = 0;
u_int bits;
Key *client_host_key;
BIGNUM *n;
char *client_user, *password;
char info[1024];
u_int dlen;
u_int ulen;
int type = 0;
struct passwd *pw = authctxt->pw;
debug("Attempting authentication for %s%.100s.",
authctxt->valid ? "" : "illegal user ", authctxt->user);
/* If the user has no password, accept authentication immediately. */
if (options.password_authentication &&
#if defined(KRB4) || defined(KRB5)
(!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
#endif
PRIVSEP(auth_password(authctxt, ""))) {
auth_log(authctxt, 1, "without authentication", "");
return;
}
/* Indicate that authentication is needed. */
packet_start(SSH_SMSG_FAILURE);
packet_send();
packet_write_wait();
client_user = NULL;
for ( ;; ) {
/* default to fail */
authenticated = 0;
info[0] = '\0';
/* Get a packet from the client. */
authctxt->v1_auth_type = type = packet_read();
authctxt->v1_auth_name = get_authname(type);
authctxt->attempt++;
/* Process the packet. */
switch (type) {
#if defined(KRB4) || defined(KRB5)
case SSH_CMSG_AUTH_KERBEROS:
if (!options.kerberos_authentication) {
verbose("Kerberos authentication disabled.");
} else {
char *kdata = packet_get_string(&dlen);
packet_check_eom();
if (kdata[0] == 4) { /* KRB_PROT_VERSION */
#ifdef KRB4
KTEXT_ST tkt, reply;
tkt.length = dlen;
if (tkt.length < MAX_KTXT_LEN)
memcpy(tkt.dat, kdata, tkt.length);
if (PRIVSEP(auth_krb4(authctxt, &tkt,
&client_user, &reply))) {
authenticated = 1;
snprintf(info, sizeof(info),
" tktuser %.100s",
client_user);
packet_start(
SSH_SMSG_AUTH_KERBEROS_RESPONSE);
packet_put_string((char *)
reply.dat, reply.length);
packet_send();
packet_write_wait();
}
#endif /* KRB4 */
} else {
#ifdef KRB5
krb5_data tkt, reply;
tkt.length = dlen;
tkt.data = kdata;
if (PRIVSEP(auth_krb5(authctxt, &tkt,
&client_user, &reply))) {
authenticated = 1;
snprintf(info, sizeof(info),
" tktuser %.100s",
client_user);
/* Send response to client */
packet_start(
SSH_SMSG_AUTH_KERBEROS_RESPONSE);
packet_put_string((char *)
//.........这里部分代码省略.........
示例12: do_authentication
/*
* Performs authentication of an incoming connection. Session key has already
* been exchanged and encryption is enabled.
*/
Authctxt *
do_authentication(void)
{
Authctxt *authctxt;
u_int ulen;
char *user, *style = NULL;
/* Get the name of the user that we wish to log in as. */
packet_read_expect(SSH_CMSG_USER);
/* Get the user name. */
user = packet_get_string(&ulen);
packet_check_eom();
if ((style = strchr(user, ':')) != NULL)
*style++ = '\0';
#ifdef KRB5
/* XXX - SSH.com Kerberos v5 braindeath. */
if ((datafellows & SSH_BUG_K5USER) &&
options.kerberos_authentication) {
char *p;
if ((p = strchr(user, '@')) != NULL)
*p = '\0';
}
#endif
authctxt = authctxt_new();
authctxt->user = user;
authctxt->style = style;
#ifdef HAVE_BSM
fatal_add_cleanup(audit_failed_login_cleanup, authctxt);
#endif /* HAVE_BSM */
/* Verify that the user is a valid user. */
if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL) {
authctxt->valid = 1;
} else {
authctxt->valid = 0;
debug("do_authentication: illegal user %s", user);
}
setproctitle("%s%s", authctxt->pw ? user : "unknown",
use_privsep ? " [net]" : "");
#if 0
#ifdef USE_PAM
PRIVSEP(start_pam(authctxt->pw == NULL ? "NOUSER" : user));
#endif
#endif
/*
* If we are not running as root, the user must have the same uid as
* the server. (Unless you are running Windows)
*/
#ifndef HAVE_CYGWIN
if (!use_privsep && getuid() != 0 && authctxt->pw &&
authctxt->pw->pw_uid != getuid())
packet_disconnect("Cannot change user when server not running as root.");
#endif
/*
* Loop until the user has been authenticated or the connection is
* closed, do_authloop() returns only if authentication is successful
*/
do_authloop(authctxt);
/* The user has been authenticated and accepted. */
packet_start(SSH_SMSG_SUCCESS);
packet_send();
packet_write_wait();
return (authctxt);
}示例13: input_userauth_passwd_changereq
/*
* parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST
*/
void
input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
{
Authctxt *authctxt = ctxt;
char *info, *lang, *password = NULL, *retype = NULL;
char prompt[150];
debug2("input_userauth_passwd_changereq");
if (authctxt == NULL)
fatal("input_userauth_passwd_changereq: "
"no authentication context");
info = packet_get_utf8_string(NULL);
if (strlen(info) != 0) {
info = g11n_filter_string(info);
log("%s", info);
}
xfree(info);
lang = packet_get_string(NULL);
xfree(lang);
packet_start(SSH2_MSG_USERAUTH_REQUEST);
packet_put_cstring(authctxt->server_user);
packet_put_cstring(authctxt->service);
packet_put_cstring(authctxt->method->name);
packet_put_char(1); /* additional info */
snprintf(prompt, sizeof(prompt),
gettext("Enter %[email protected]%.128s's old password: "),
authctxt->server_user, authctxt->host);
password = read_passphrase(prompt, 0);
packet_put_cstring(password);
memset(password, 0, strlen(password));
xfree(password);
password = NULL;
while (password == NULL) {
snprintf(prompt, sizeof(prompt),
gettext("Enter %[email protected]%.128s's new password: "),
authctxt->server_user, authctxt->host);
password = read_passphrase(prompt, RP_ALLOW_EOF);
if (password == NULL) {
/* bail out */
return;
}
snprintf(prompt, sizeof(prompt),
gettext("Retype %[email protected]%.128s's new password: "),
authctxt->server_user, authctxt->host);
retype = read_passphrase(prompt, 0);
if (strcmp(password, retype) != 0) {
memset(password, 0, strlen(password));
xfree(password);
log("Mismatch; try again, EOF to quit.");
password = NULL;
}
memset(retype, 0, strlen(retype));
xfree(retype);
}
packet_put_cstring(password);
memset(password, 0, strlen(password));
xfree(password);
packet_add_padding(64);
packet_send();
dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ,
&input_userauth_passwd_changereq);
}示例14: sizeof
struct packet *new_tcp_packet(int socket_fd,
int address_family,
enum direction_t direction,
enum ip_ecn_t ecn,
const char *flags,
u32 start_sequence,
u16 tcp_payload_bytes,
u32 ack_sequence,
s32 window,
const struct tcp_options *tcp_options,
char **error)
{
struct packet *packet = NULL; /* the newly-allocated result packet */
/* Calculate lengths in bytes of all sections of the packet */
const int ip_option_bytes = 0;
const int tcp_option_bytes = tcp_options ? tcp_options->length : 0;
const int ip_header_bytes = (ip_header_len(address_family) +
ip_option_bytes);
const int tcp_header_bytes = sizeof(struct tcp) + tcp_option_bytes;
const int ip_bytes =
ip_header_bytes + tcp_header_bytes + tcp_payload_bytes;
/* Sanity-check all the various lengths */
if (ip_option_bytes & 0x3) {
asprintf(error, "IP options are not padded correctly "
"to ensure IP header is a multiple of 4 bytes: "
"%d excess bytes", ip_option_bytes & 0x3);
printf("1\n");
return NULL;
}
if (tcp_option_bytes & 0x3) {
asprintf(error,
"TCP options are not padded correctly "
"to ensure TCP header is a multiple of 4 bytes: "
"%d excess bytes", tcp_option_bytes & 0x3);
printf("2\n");
return NULL;
}
assert((tcp_header_bytes & 0x3) == 0);
assert((ip_header_bytes & 0x3) == 0);
if (tcp_header_bytes > MAX_TCP_HEADER_BYTES) {
asprintf(error, "TCP header too large");
return NULL;
}
if (ip_bytes > MAX_TCP_DATAGRAM_BYTES) {
asprintf(error, "TCP segment too large");
return NULL;
}
if (!is_tcp_flags_spec_valid(flags, error)){
return NULL;
}
/* Allocate and zero out a packet object of the desired size */
packet = packet_new(ip_bytes);
memset(packet->buffer, 0, ip_bytes);
packet->ip_bytes = ip_bytes;
packet->direction = direction;
packet->socket_script_fd = socket_fd;
packet->flags = 0;
packet->ecn = ecn;
/* Set IP header fields */
set_packet_ip_header(packet, address_family, ip_bytes, direction, ecn,
IPPROTO_TCP);
/* Find the start of TCP sections of the packet */
packet->tcp = (struct tcp *) (packet_start(packet) + ip_header_bytes);
u8 *tcp_option_start = (u8 *) (packet->tcp + 1);
/* Set TCP header fields */
packet->tcp->src_port = htons(0);
packet->tcp->dst_port = htons(0);
packet->tcp->seq = htonl(start_sequence);
packet->tcp->ack_seq = htonl(ack_sequence);
packet->tcp->doff = tcp_header_bytes / 4;
if (window == -1) {
if (direction == DIRECTION_INBOUND) {
asprintf(error, "window must be specified"
" for inbound packets");
return NULL;
}
packet->tcp->window = 0;
packet->flags |= FLAG_WIN_NOCHECK;
} else {
packet->tcp->window = htons(window);
}
packet->tcp->check = 0;
packet->tcp->urg_ptr = 0;
packet->tcp->fin = is_tcp_flag_set('F', flags);
packet->tcp->syn = is_tcp_flag_set('S', flags);
packet->tcp->rst = is_tcp_flag_set('R', flags);
packet->tcp->psh = is_tcp_flag_set('P', flags);
//.........这里部分代码省略.........
示例15: do_authloop
/*
* read packets, try to authenticate the user and
* return only if authentication is successful
*/
static void
do_authloop(Authctxt *authctxt)
{
int authenticated = 0;
int type = 0;
const struct AuthMethod1 *meth;
debug("Attempting authentication for %s%.100s.",
authctxt->valid ? "" : "invalid user ", authctxt->user);
/* If the user has no password, accept authentication immediately. */
if (options.permit_empty_passwd && options.password_authentication &&
#if defined(KRB4) || defined(KRB5)
(!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
#endif
PRIVSEP(auth_password(authctxt, __UNCONST("")))) {
#ifdef USE_PAM
if (options.use_pam && PRIVSEP(do_pam_account()))
#endif
{
auth_log(authctxt, 1, 0, "without authentication",
NULL);
return;
}
return;
}
/* Indicate that authentication is needed. */
packet_start(SSH_SMSG_FAILURE);
packet_send();
packet_write_wait();
for (;;) {
/* default to fail */
authenticated = 0;
/* Get a packet from the client. */
type = packet_read();
if (authctxt->failures >= options.max_authtries)
goto skip;
if ((meth = lookup_authmethod1(type)) == NULL) {
logit("Unknown message during authentication: "
"type %d", type);
goto skip;
}
if (!*(meth->enabled)) {
verbose("%s authentication disabled.", meth->name);
goto skip;
}
authenticated = meth->method(authctxt);
if (authenticated == -1)
continue; /* "postponed" */
#ifdef BSD_AUTH
if (authctxt->as) {
auth_close(authctxt->as);
authctxt->as = NULL;
}
#endif
if (!authctxt->valid && authenticated)
fatal("INTERNAL ERROR: authenticated invalid user %s",
authctxt->user);
/* Special handling for root */
if (authenticated && authctxt->pw->pw_uid == 0 &&
!auth_root_allowed(meth->name))
authenticated = 0;
#ifdef USE_PAM
if (options.use_pam && authenticated &&
!PRIVSEP(do_pam_account())) {
char *msg;
size_t len;
error("Access denied for user %s by PAM account "
"configuration", authctxt->user);
len = buffer_len(&loginmsg);
buffer_append(&loginmsg, "\0", 1);
msg = (char *)buffer_ptr(&loginmsg);
/* strip trailing newlines */
if (len > 0)
while (len > 0 && msg[--len] == '\n')
msg[len] = '\0';
else
msg = __UNCONST("Access denied.");
packet_disconnect("%s", msg);
}
#endif
skip:
/* Log before sending the reply */
auth_log(authctxt, authenticated, 0, get_authname(type), NULL);
//.........这里部分代码省略.........