1a04a10f8SKris Kennaway /* 2a04a10f8SKris Kennaway * Copyright (c) 2000 Markus Friedl. All rights reserved. 3a04a10f8SKris Kennaway * 4a04a10f8SKris Kennaway * Redistribution and use in source and binary forms, with or without 5a04a10f8SKris Kennaway * modification, are permitted provided that the following conditions 6a04a10f8SKris Kennaway * are met: 7a04a10f8SKris Kennaway * 1. Redistributions of source code must retain the above copyright 8a04a10f8SKris Kennaway * notice, this list of conditions and the following disclaimer. 9a04a10f8SKris Kennaway * 2. Redistributions in binary form must reproduce the above copyright 10a04a10f8SKris Kennaway * notice, this list of conditions and the following disclaimer in the 11a04a10f8SKris Kennaway * documentation and/or other materials provided with the distribution. 12a04a10f8SKris Kennaway * 13a04a10f8SKris Kennaway * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 14a04a10f8SKris Kennaway * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 15a04a10f8SKris Kennaway * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 16a04a10f8SKris Kennaway * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 17a04a10f8SKris Kennaway * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 18a04a10f8SKris Kennaway * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 19a04a10f8SKris Kennaway * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 20a04a10f8SKris Kennaway * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 21a04a10f8SKris Kennaway * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22a04a10f8SKris Kennaway * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23a04a10f8SKris Kennaway */ 24c2d3a559SKris Kennaway 25a04a10f8SKris Kennaway #include "includes.h" 2621e764dfSDag-Erling Smørgrav RCSID("$OpenBSD: auth2.c,v 1.107 2004/07/28 09:40:29 markus Exp $"); 275b400a39SDag-Erling Smørgrav RCSID("$FreeBSD$"); 28a04a10f8SKris Kennaway 299be00009SDag-Erling Smørgrav #include "canohost.h" 30ca3176e7SBrian Feldman #include "ssh2.h" 31a04a10f8SKris Kennaway #include "xmalloc.h" 32a04a10f8SKris Kennaway #include "packet.h" 33ca3176e7SBrian Feldman #include "log.h" 34a04a10f8SKris Kennaway #include "servconf.h" 35a04a10f8SKris Kennaway #include "compat.h" 36a04a10f8SKris Kennaway #include "auth.h" 37a04a10f8SKris Kennaway #include "dispatch.h" 38ca3176e7SBrian Feldman #include "pathnames.h" 3980628bacSDag-Erling Smørgrav #include "monitor_wrap.h" 40aa49c926SDag-Erling Smørgrav #include "buffer.h" 41a04a10f8SKris Kennaway 42cf2b5f3bSDag-Erling Smørgrav #ifdef GSSAPI 43cf2b5f3bSDag-Erling Smørgrav #include "ssh-gss.h" 44cf2b5f3bSDag-Erling Smørgrav #endif 45cf2b5f3bSDag-Erling Smørgrav 46a04a10f8SKris Kennaway /* import */ 47a04a10f8SKris Kennaway extern ServerOptions options; 48ca3176e7SBrian Feldman extern u_char *session_id2; 49cf2b5f3bSDag-Erling Smørgrav extern u_int session_id2_len; 50aa49c926SDag-Erling Smørgrav extern Buffer loginmsg; 51a04a10f8SKris Kennaway 5280628bacSDag-Erling Smørgrav /* methods */ 5380628bacSDag-Erling Smørgrav 5480628bacSDag-Erling Smørgrav extern Authmethod method_none; 5580628bacSDag-Erling Smørgrav extern Authmethod method_pubkey; 5680628bacSDag-Erling Smørgrav extern Authmethod method_passwd; 5780628bacSDag-Erling Smørgrav extern Authmethod method_kbdint; 5880628bacSDag-Erling Smørgrav extern Authmethod method_hostbased; 59cf2b5f3bSDag-Erling Smørgrav #ifdef GSSAPI 60cf2b5f3bSDag-Erling Smørgrav extern Authmethod method_gssapi; 61cf2b5f3bSDag-Erling Smørgrav #endif 6280628bacSDag-Erling Smørgrav 6380628bacSDag-Erling Smørgrav Authmethod *authmethods[] = { 6480628bacSDag-Erling Smørgrav &method_none, 6580628bacSDag-Erling Smørgrav &method_pubkey, 66cf2b5f3bSDag-Erling Smørgrav #ifdef GSSAPI 67cf2b5f3bSDag-Erling Smørgrav &method_gssapi, 68cf2b5f3bSDag-Erling Smørgrav #endif 6980628bacSDag-Erling Smørgrav &method_passwd, 7080628bacSDag-Erling Smørgrav &method_kbdint, 7180628bacSDag-Erling Smørgrav &method_hostbased, 7280628bacSDag-Erling Smørgrav NULL 7309958426SBrian Feldman }; 7409958426SBrian Feldman 75a04a10f8SKris Kennaway /* protocol */ 76a04a10f8SKris Kennaway 77af12a3e7SDag-Erling Smørgrav static void input_service_request(int, u_int32_t, void *); 78af12a3e7SDag-Erling Smørgrav static void input_userauth_request(int, u_int32_t, void *); 79a04a10f8SKris Kennaway 80a04a10f8SKris Kennaway /* helper */ 81af12a3e7SDag-Erling Smørgrav static Authmethod *authmethod_lookup(const char *); 82af12a3e7SDag-Erling Smørgrav static char *authmethods_get(void); 8380628bacSDag-Erling Smørgrav int user_key_allowed(struct passwd *, Key *); 84a04a10f8SKris Kennaway 85a04a10f8SKris Kennaway /* 8609958426SBrian Feldman * loop until authctxt->success == TRUE 87a04a10f8SKris Kennaway */ 88a04a10f8SKris Kennaway 891ec0d754SDag-Erling Smørgrav void 901ec0d754SDag-Erling Smørgrav do_authentication2(Authctxt *authctxt) 91a04a10f8SKris Kennaway { 92af12a3e7SDag-Erling Smørgrav /* challenge-response is implemented via keyboard interactive */ 93af12a3e7SDag-Erling Smørgrav if (options.challenge_response_authentication) 94ca3176e7SBrian Feldman options.kbd_interactive_authentication = 1; 95ca3176e7SBrian Feldman 96af12a3e7SDag-Erling Smørgrav dispatch_init(&dispatch_protocol_error); 97a04a10f8SKris Kennaway dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request); 9809958426SBrian Feldman dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt); 99a04a10f8SKris Kennaway } 100a04a10f8SKris Kennaway 101af12a3e7SDag-Erling Smørgrav static void 102af12a3e7SDag-Erling Smørgrav input_service_request(int type, u_int32_t seq, void *ctxt) 103a04a10f8SKris Kennaway { 10409958426SBrian Feldman Authctxt *authctxt = ctxt; 105ca3176e7SBrian Feldman u_int len; 106f388f5efSDag-Erling Smørgrav int acceptit = 0; 107a04a10f8SKris Kennaway char *service = packet_get_string(&len); 108af12a3e7SDag-Erling Smørgrav packet_check_eom(); 109a04a10f8SKris Kennaway 11009958426SBrian Feldman if (authctxt == NULL) 11109958426SBrian Feldman fatal("input_service_request: no authctxt"); 11209958426SBrian Feldman 113a04a10f8SKris Kennaway if (strcmp(service, "ssh-userauth") == 0) { 11409958426SBrian Feldman if (!authctxt->success) { 115f388f5efSDag-Erling Smørgrav acceptit = 1; 116a04a10f8SKris Kennaway /* now we can handle user-auth requests */ 117a04a10f8SKris Kennaway dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &input_userauth_request); 118a04a10f8SKris Kennaway } 119a04a10f8SKris Kennaway } 120a04a10f8SKris Kennaway /* XXX all other service requests are denied */ 121a04a10f8SKris Kennaway 122f388f5efSDag-Erling Smørgrav if (acceptit) { 123a04a10f8SKris Kennaway packet_start(SSH2_MSG_SERVICE_ACCEPT); 124a04a10f8SKris Kennaway packet_put_cstring(service); 125a04a10f8SKris Kennaway packet_send(); 126a04a10f8SKris Kennaway packet_write_wait(); 127a04a10f8SKris Kennaway } else { 128a04a10f8SKris Kennaway debug("bad service request %s", service); 129a04a10f8SKris Kennaway packet_disconnect("bad service request %s", service); 130a04a10f8SKris Kennaway } 131a04a10f8SKris Kennaway xfree(service); 132a04a10f8SKris Kennaway } 133a04a10f8SKris Kennaway 134af12a3e7SDag-Erling Smørgrav static void 135af12a3e7SDag-Erling Smørgrav input_userauth_request(int type, u_int32_t seq, void *ctxt) 136a04a10f8SKris Kennaway { 13709958426SBrian Feldman Authctxt *authctxt = ctxt; 13809958426SBrian Feldman Authmethod *m = NULL; 139ca3176e7SBrian Feldman char *user, *service, *method, *style = NULL; 140a04a10f8SKris Kennaway int authenticated = 0; 1415b400a39SDag-Erling Smørgrav #ifdef HAVE_LOGIN_CAP 1425b400a39SDag-Erling Smørgrav login_cap_t *lc; 1435b400a39SDag-Erling Smørgrav const char *from_host, *from_ip; 1445b400a39SDag-Erling Smørgrav 145cf2b5f3bSDag-Erling Smørgrav from_host = get_canonical_hostname(options.use_dns); 1465b400a39SDag-Erling Smørgrav from_ip = get_remote_ipaddr(); 1475b400a39SDag-Erling Smørgrav #endif 148a04a10f8SKris Kennaway 14909958426SBrian Feldman if (authctxt == NULL) 15009958426SBrian Feldman fatal("input_userauth_request: no authctxt"); 151a04a10f8SKris Kennaway 15209958426SBrian Feldman user = packet_get_string(NULL); 15309958426SBrian Feldman service = packet_get_string(NULL); 15409958426SBrian Feldman method = packet_get_string(NULL); 155a04a10f8SKris Kennaway debug("userauth-request for user %s service %s method %s", user, service, method); 156ca3176e7SBrian Feldman debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); 157a04a10f8SKris Kennaway 158ca3176e7SBrian Feldman if ((style = strchr(user, ':')) != NULL) 159ca3176e7SBrian Feldman *style++ = 0; 160ca3176e7SBrian Feldman 161ca3176e7SBrian Feldman if (authctxt->attempt++ == 0) { 16209958426SBrian Feldman /* setup auth context */ 16380628bacSDag-Erling Smørgrav authctxt->pw = PRIVSEP(getpwnamallow(user)); 1645962c0e9SDag-Erling Smørgrav authctxt->user = xstrdup(user); 16580628bacSDag-Erling Smørgrav if (authctxt->pw && strcmp(service, "ssh-connection")==0) { 16609958426SBrian Feldman authctxt->valid = 1; 16709958426SBrian Feldman debug2("input_userauth_request: setting up authctxt for %s", user); 16809958426SBrian Feldman } else { 16921e764dfSDag-Erling Smørgrav logit("input_userauth_request: invalid user %s", user); 170cf2b5f3bSDag-Erling Smørgrav authctxt->pw = fakepw(); 171aa49c926SDag-Erling Smørgrav #ifdef SSH_AUDIT_EVENTS 172aa49c926SDag-Erling Smørgrav PRIVSEP(audit_event(SSH_INVALID_USER)); 173aa49c926SDag-Erling Smørgrav #endif 174a04a10f8SKris Kennaway } 175b74df5b2SDag-Erling Smørgrav #ifdef USE_PAM 176b74df5b2SDag-Erling Smørgrav if (options.use_pam) 177b74df5b2SDag-Erling Smørgrav PRIVSEP(start_pam(authctxt)); 178b74df5b2SDag-Erling Smørgrav #endif 17921e764dfSDag-Erling Smørgrav setproctitle("%s%s", authctxt->valid ? user : "unknown", 18080628bacSDag-Erling Smørgrav use_privsep ? " [net]" : ""); 18109958426SBrian Feldman authctxt->service = xstrdup(service); 182af12a3e7SDag-Erling Smørgrav authctxt->style = style ? xstrdup(style) : NULL; 18380628bacSDag-Erling Smørgrav if (use_privsep) 18480628bacSDag-Erling Smørgrav mm_inform_authserv(service, style); 185af12a3e7SDag-Erling Smørgrav } else if (strcmp(user, authctxt->user) != 0 || 18609958426SBrian Feldman strcmp(service, authctxt->service) != 0) { 187af12a3e7SDag-Erling Smørgrav packet_disconnect("Change of username or service not allowed: " 188af12a3e7SDag-Erling Smørgrav "(%s,%s) -> (%s,%s)", 189af12a3e7SDag-Erling Smørgrav authctxt->user, authctxt->service, user, service); 190a04a10f8SKris Kennaway } 1915b400a39SDag-Erling Smørgrav 1925b400a39SDag-Erling Smørgrav #ifdef HAVE_LOGIN_CAP 1935b400a39SDag-Erling Smørgrav if (authctxt->pw != NULL) { 1945b400a39SDag-Erling Smørgrav lc = login_getpwclass(authctxt->pw); 1955b400a39SDag-Erling Smørgrav if (lc == NULL) 1965b400a39SDag-Erling Smørgrav lc = login_getclassbyname(NULL, authctxt->pw); 1975b400a39SDag-Erling Smørgrav if (!auth_hostok(lc, from_host, from_ip)) { 198cf2b5f3bSDag-Erling Smørgrav logit("Denied connection for %.200s from %.200s [%.200s].", 1995b400a39SDag-Erling Smørgrav authctxt->pw->pw_name, from_host, from_ip); 2005b400a39SDag-Erling Smørgrav packet_disconnect("Sorry, you are not allowed to connect."); 2015b400a39SDag-Erling Smørgrav } 2025b400a39SDag-Erling Smørgrav if (!auth_timeok(lc, time(NULL))) { 203cf2b5f3bSDag-Erling Smørgrav logit("LOGIN %.200s REFUSED (TIME) FROM %.200s", 2045b400a39SDag-Erling Smørgrav authctxt->pw->pw_name, from_host); 2055b400a39SDag-Erling Smørgrav packet_disconnect("Logins not available right now."); 2065b400a39SDag-Erling Smørgrav } 2075b400a39SDag-Erling Smørgrav login_close(lc); 2085b400a39SDag-Erling Smørgrav lc = NULL; 2095b400a39SDag-Erling Smørgrav } 2105b400a39SDag-Erling Smørgrav #endif /* HAVE_LOGIN_CAP */ 2115b400a39SDag-Erling Smørgrav 212ca3176e7SBrian Feldman /* reset state */ 213af12a3e7SDag-Erling Smørgrav auth2_challenge_stop(authctxt); 214cf2b5f3bSDag-Erling Smørgrav 215cf2b5f3bSDag-Erling Smørgrav #ifdef GSSAPI 216cf2b5f3bSDag-Erling Smørgrav dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); 217cf2b5f3bSDag-Erling Smørgrav dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL); 218cf2b5f3bSDag-Erling Smørgrav #endif 219cf2b5f3bSDag-Erling Smørgrav 220ca3176e7SBrian Feldman authctxt->postponed = 0; 22103e72be8SBrian Feldman 222ca3176e7SBrian Feldman /* try to authenticate user */ 22309958426SBrian Feldman m = authmethod_lookup(method); 22409958426SBrian Feldman if (m != NULL) { 22509958426SBrian Feldman debug2("input_userauth_request: try method %s", method); 22609958426SBrian Feldman authenticated = m->userauth(authctxt); 22709958426SBrian Feldman } 228ca3176e7SBrian Feldman userauth_finish(authctxt, authenticated, method); 22909958426SBrian Feldman 23009958426SBrian Feldman xfree(service); 23109958426SBrian Feldman xfree(user); 23209958426SBrian Feldman xfree(method); 23309958426SBrian Feldman } 23409958426SBrian Feldman 235ca3176e7SBrian Feldman void 236ca3176e7SBrian Feldman userauth_finish(Authctxt *authctxt, int authenticated, char *method) 237ca3176e7SBrian Feldman { 238af12a3e7SDag-Erling Smørgrav char *methods; 239af12a3e7SDag-Erling Smørgrav 240ca3176e7SBrian Feldman if (!authctxt->valid && authenticated) 241ca3176e7SBrian Feldman fatal("INTERNAL ERROR: authenticated invalid user %s", 242ca3176e7SBrian Feldman authctxt->user); 243ca3176e7SBrian Feldman 244ca3176e7SBrian Feldman /* Special handling for root */ 245e73e9afaSDag-Erling Smørgrav if (authenticated && authctxt->pw->pw_uid == 0 && 246aa49c926SDag-Erling Smørgrav !auth_root_allowed(method)) { 247ca3176e7SBrian Feldman authenticated = 0; 248aa49c926SDag-Erling Smørgrav #ifdef SSH_AUDIT_EVENTS 249aa49c926SDag-Erling Smørgrav PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED)); 250aa49c926SDag-Erling Smørgrav #endif 251aa49c926SDag-Erling Smørgrav } 252ca3176e7SBrian Feldman 253989dd127SDag-Erling Smørgrav #ifdef USE_PAM 254aa49c926SDag-Erling Smørgrav if (options.use_pam && authenticated) { 255aa49c926SDag-Erling Smørgrav if (!PRIVSEP(do_pam_account())) { 256aa49c926SDag-Erling Smørgrav /* if PAM returned a message, send it to the user */ 257aa49c926SDag-Erling Smørgrav if (buffer_len(&loginmsg) > 0) { 258aa49c926SDag-Erling Smørgrav buffer_append(&loginmsg, "\0", 1); 259aa49c926SDag-Erling Smørgrav userauth_send_banner(buffer_ptr(&loginmsg)); 260aa49c926SDag-Erling Smørgrav packet_write_wait(); 261aa49c926SDag-Erling Smørgrav } 262aa49c926SDag-Erling Smørgrav fatal("Access denied for user %s by PAM account " 263aa49c926SDag-Erling Smørgrav "configuration", authctxt->user); 264aa49c926SDag-Erling Smørgrav } 265aa49c926SDag-Erling Smørgrav } 266cf2b5f3bSDag-Erling Smørgrav #endif 267989dd127SDag-Erling Smørgrav 268f388f5efSDag-Erling Smørgrav #ifdef _UNICOS 269f388f5efSDag-Erling Smørgrav if (authenticated && cray_access_denied(authctxt->user)) { 270f388f5efSDag-Erling Smørgrav authenticated = 0; 271f388f5efSDag-Erling Smørgrav fatal("Access denied for user %s.",authctxt->user); 272f388f5efSDag-Erling Smørgrav } 273f388f5efSDag-Erling Smørgrav #endif /* _UNICOS */ 274f388f5efSDag-Erling Smørgrav 275ca3176e7SBrian Feldman /* Log before sending the reply */ 276ca3176e7SBrian Feldman auth_log(authctxt, authenticated, method, " ssh2"); 277ca3176e7SBrian Feldman 278af12a3e7SDag-Erling Smørgrav if (authctxt->postponed) 279af12a3e7SDag-Erling Smørgrav return; 280af12a3e7SDag-Erling Smørgrav 281af12a3e7SDag-Erling Smørgrav /* XXX todo: check if multiple auth methods are needed */ 282af12a3e7SDag-Erling Smørgrav if (authenticated == 1) { 283af12a3e7SDag-Erling Smørgrav /* turn off userauth */ 284af12a3e7SDag-Erling Smørgrav dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore); 285af12a3e7SDag-Erling Smørgrav packet_start(SSH2_MSG_USERAUTH_SUCCESS); 286af12a3e7SDag-Erling Smørgrav packet_send(); 287af12a3e7SDag-Erling Smørgrav packet_write_wait(); 288af12a3e7SDag-Erling Smørgrav /* now we can break out */ 289af12a3e7SDag-Erling Smørgrav authctxt->success = 1; 290af12a3e7SDag-Erling Smørgrav } else { 291aa49c926SDag-Erling Smørgrav if (authctxt->failures++ > options.max_authtries) { 292aa49c926SDag-Erling Smørgrav #ifdef SSH_AUDIT_EVENTS 293aa49c926SDag-Erling Smørgrav PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES)); 294aa49c926SDag-Erling Smørgrav #endif 295af12a3e7SDag-Erling Smørgrav packet_disconnect(AUTH_FAIL_MSG, authctxt->user); 296aa49c926SDag-Erling Smørgrav } 297af12a3e7SDag-Erling Smørgrav methods = authmethods_get(); 298af12a3e7SDag-Erling Smørgrav packet_start(SSH2_MSG_USERAUTH_FAILURE); 299af12a3e7SDag-Erling Smørgrav packet_put_cstring(methods); 300af12a3e7SDag-Erling Smørgrav packet_put_char(0); /* XXX partial success, unused */ 301af12a3e7SDag-Erling Smørgrav packet_send(); 302af12a3e7SDag-Erling Smørgrav packet_write_wait(); 303af12a3e7SDag-Erling Smørgrav xfree(methods); 304af12a3e7SDag-Erling Smørgrav } 305ca3176e7SBrian Feldman } 30609958426SBrian Feldman 30709958426SBrian Feldman #define DELIM "," 30809958426SBrian Feldman 309af12a3e7SDag-Erling Smørgrav static char * 31009958426SBrian Feldman authmethods_get(void) 311a04a10f8SKris Kennaway { 312af12a3e7SDag-Erling Smørgrav Buffer b; 31309958426SBrian Feldman char *list; 31480628bacSDag-Erling Smørgrav int i; 315a04a10f8SKris Kennaway 316af12a3e7SDag-Erling Smørgrav buffer_init(&b); 31780628bacSDag-Erling Smørgrav for (i = 0; authmethods[i] != NULL; i++) { 31880628bacSDag-Erling Smørgrav if (strcmp(authmethods[i]->name, "none") == 0) 31909958426SBrian Feldman continue; 32080628bacSDag-Erling Smørgrav if (authmethods[i]->enabled != NULL && 32180628bacSDag-Erling Smørgrav *(authmethods[i]->enabled) != 0) { 322af12a3e7SDag-Erling Smørgrav if (buffer_len(&b) > 0) 323af12a3e7SDag-Erling Smørgrav buffer_append(&b, ",", 1); 32480628bacSDag-Erling Smørgrav buffer_append(&b, authmethods[i]->name, 32580628bacSDag-Erling Smørgrav strlen(authmethods[i]->name)); 32609958426SBrian Feldman } 32709958426SBrian Feldman } 328af12a3e7SDag-Erling Smørgrav buffer_append(&b, "\0", 1); 329af12a3e7SDag-Erling Smørgrav list = xstrdup(buffer_ptr(&b)); 330af12a3e7SDag-Erling Smørgrav buffer_free(&b); 33109958426SBrian Feldman return list; 33209958426SBrian Feldman } 33309958426SBrian Feldman 334af12a3e7SDag-Erling Smørgrav static Authmethod * 33509958426SBrian Feldman authmethod_lookup(const char *name) 33609958426SBrian Feldman { 33780628bacSDag-Erling Smørgrav int i; 33880628bacSDag-Erling Smørgrav 33909958426SBrian Feldman if (name != NULL) 34080628bacSDag-Erling Smørgrav for (i = 0; authmethods[i] != NULL; i++) 34180628bacSDag-Erling Smørgrav if (authmethods[i]->enabled != NULL && 34280628bacSDag-Erling Smørgrav *(authmethods[i]->enabled) != 0 && 34380628bacSDag-Erling Smørgrav strcmp(name, authmethods[i]->name) == 0) 34480628bacSDag-Erling Smørgrav return authmethods[i]; 34580628bacSDag-Erling Smørgrav debug2("Unrecognized authentication method name: %s", 34680628bacSDag-Erling Smørgrav name ? name : "NULL"); 347a04a10f8SKris Kennaway return NULL; 348a04a10f8SKris Kennaway } 349