xref: /freebsd/crypto/openssh/auth2.c (revision cf2b5f3b6d88690d9dee1824ed589d164bb62abc) 
1a04a10f8SKris Kennaway /*
2a04a10f8SKris Kennaway  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
3a04a10f8SKris Kennaway  *
4a04a10f8SKris Kennaway  * Redistribution and use in source and binary forms, with or without
5a04a10f8SKris Kennaway  * modification, are permitted provided that the following conditions
6a04a10f8SKris Kennaway  * are met:
7a04a10f8SKris Kennaway  * 1. Redistributions of source code must retain the above copyright
8a04a10f8SKris Kennaway  *    notice, this list of conditions and the following disclaimer.
9a04a10f8SKris Kennaway  * 2. Redistributions in binary form must reproduce the above copyright
10a04a10f8SKris Kennaway  *    notice, this list of conditions and the following disclaimer in the
11a04a10f8SKris Kennaway  *    documentation and/or other materials provided with the distribution.
12a04a10f8SKris Kennaway  *
13a04a10f8SKris Kennaway  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14a04a10f8SKris Kennaway  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
15a04a10f8SKris Kennaway  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
16a04a10f8SKris Kennaway  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
17a04a10f8SKris Kennaway  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
18a04a10f8SKris Kennaway  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
19a04a10f8SKris Kennaway  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
20a04a10f8SKris Kennaway  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21a04a10f8SKris Kennaway  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
22a04a10f8SKris Kennaway  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23a04a10f8SKris Kennaway  */
24c2d3a559SKris Kennaway 
25a04a10f8SKris Kennaway #include "includes.h"
26cf2b5f3bSDag-Erling Smørgrav RCSID("$OpenBSD: auth2.c,v 1.102 2003/08/26 09:58:43 markus Exp $");
275b400a39SDag-Erling Smørgrav RCSID("$FreeBSD$");
28a04a10f8SKris Kennaway 
299be00009SDag-Erling Smørgrav #include "canohost.h"
30ca3176e7SBrian Feldman #include "ssh2.h"
31a04a10f8SKris Kennaway #include "xmalloc.h"
32a04a10f8SKris Kennaway #include "packet.h"
33ca3176e7SBrian Feldman #include "log.h"
34a04a10f8SKris Kennaway #include "servconf.h"
35a04a10f8SKris Kennaway #include "compat.h"
36a04a10f8SKris Kennaway #include "auth.h"
37a04a10f8SKris Kennaway #include "dispatch.h"
38ca3176e7SBrian Feldman #include "pathnames.h"
3980628bacSDag-Erling Smørgrav #include "monitor_wrap.h"
40a04a10f8SKris Kennaway 
41cf2b5f3bSDag-Erling Smørgrav #ifdef GSSAPI
42cf2b5f3bSDag-Erling Smørgrav #include "ssh-gss.h"
43cf2b5f3bSDag-Erling Smørgrav #endif
44cf2b5f3bSDag-Erling Smørgrav 
45a04a10f8SKris Kennaway /* import */
46a04a10f8SKris Kennaway extern ServerOptions options;
47ca3176e7SBrian Feldman extern u_char *session_id2;
48cf2b5f3bSDag-Erling Smørgrav extern u_int session_id2_len;
49a04a10f8SKris Kennaway 
5080628bacSDag-Erling Smørgrav Authctxt *x_authctxt = NULL;
5109958426SBrian Feldman 
5280628bacSDag-Erling Smørgrav /* methods */
5380628bacSDag-Erling Smørgrav 
5480628bacSDag-Erling Smørgrav extern Authmethod method_none;
5580628bacSDag-Erling Smørgrav extern Authmethod method_pubkey;
5680628bacSDag-Erling Smørgrav extern Authmethod method_passwd;
5780628bacSDag-Erling Smørgrav extern Authmethod method_kbdint;
5880628bacSDag-Erling Smørgrav extern Authmethod method_hostbased;
59cf2b5f3bSDag-Erling Smørgrav #ifdef GSSAPI
60cf2b5f3bSDag-Erling Smørgrav extern Authmethod method_gssapi;
61cf2b5f3bSDag-Erling Smørgrav #endif
6280628bacSDag-Erling Smørgrav 
6380628bacSDag-Erling Smørgrav Authmethod *authmethods[] = {
6480628bacSDag-Erling Smørgrav 	&method_none,
6580628bacSDag-Erling Smørgrav 	&method_pubkey,
66cf2b5f3bSDag-Erling Smørgrav #ifdef GSSAPI
67cf2b5f3bSDag-Erling Smørgrav 	&method_gssapi,
68cf2b5f3bSDag-Erling Smørgrav #endif
6980628bacSDag-Erling Smørgrav 	&method_passwd,
7080628bacSDag-Erling Smørgrav 	&method_kbdint,
7180628bacSDag-Erling Smørgrav 	&method_hostbased,
7280628bacSDag-Erling Smørgrav 	NULL
7309958426SBrian Feldman };
7409958426SBrian Feldman 
75a04a10f8SKris Kennaway /* protocol */
76a04a10f8SKris Kennaway 
77af12a3e7SDag-Erling Smørgrav static void input_service_request(int, u_int32_t, void *);
78af12a3e7SDag-Erling Smørgrav static void input_userauth_request(int, u_int32_t, void *);
79a04a10f8SKris Kennaway 
80a04a10f8SKris Kennaway /* helper */
81af12a3e7SDag-Erling Smørgrav static Authmethod *authmethod_lookup(const char *);
82af12a3e7SDag-Erling Smørgrav static char *authmethods_get(void);
8380628bacSDag-Erling Smørgrav int user_key_allowed(struct passwd *, Key *);
8480628bacSDag-Erling Smørgrav int hostbased_key_allowed(struct passwd *, const char *, char *, Key *);
85a04a10f8SKris Kennaway 
86a04a10f8SKris Kennaway /*
8709958426SBrian Feldman  * loop until authctxt->success == TRUE
88a04a10f8SKris Kennaway  */
89a04a10f8SKris Kennaway 
9080628bacSDag-Erling Smørgrav Authctxt *
91af12a3e7SDag-Erling Smørgrav do_authentication2(void)
92a04a10f8SKris Kennaway {
93ca3176e7SBrian Feldman 	Authctxt *authctxt = authctxt_new();
94ca3176e7SBrian Feldman 
9509958426SBrian Feldman 	x_authctxt = authctxt;		/*XXX*/
9609958426SBrian Feldman 
97af12a3e7SDag-Erling Smørgrav 	/* challenge-response is implemented via keyboard interactive */
98af12a3e7SDag-Erling Smørgrav 	if (options.challenge_response_authentication)
99ca3176e7SBrian Feldman 		options.kbd_interactive_authentication = 1;
100ca3176e7SBrian Feldman 
101af12a3e7SDag-Erling Smørgrav 	dispatch_init(&dispatch_protocol_error);
102a04a10f8SKris Kennaway 	dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request);
10309958426SBrian Feldman 	dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt);
10480628bacSDag-Erling Smørgrav 
10580628bacSDag-Erling Smørgrav 	return (authctxt);
106a04a10f8SKris Kennaway }
107a04a10f8SKris Kennaway 
108af12a3e7SDag-Erling Smørgrav static void
109af12a3e7SDag-Erling Smørgrav input_service_request(int type, u_int32_t seq, void *ctxt)
110a04a10f8SKris Kennaway {
11109958426SBrian Feldman 	Authctxt *authctxt = ctxt;
112ca3176e7SBrian Feldman 	u_int len;
113f388f5efSDag-Erling Smørgrav 	int acceptit = 0;
114a04a10f8SKris Kennaway 	char *service = packet_get_string(&len);
115af12a3e7SDag-Erling Smørgrav 	packet_check_eom();
116a04a10f8SKris Kennaway 
11709958426SBrian Feldman 	if (authctxt == NULL)
11809958426SBrian Feldman 		fatal("input_service_request: no authctxt");
11909958426SBrian Feldman 
120a04a10f8SKris Kennaway 	if (strcmp(service, "ssh-userauth") == 0) {
12109958426SBrian Feldman 		if (!authctxt->success) {
122f388f5efSDag-Erling Smørgrav 			acceptit = 1;
123a04a10f8SKris Kennaway 			/* now we can handle user-auth requests */
124a04a10f8SKris Kennaway 			dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &input_userauth_request);
125a04a10f8SKris Kennaway 		}
126a04a10f8SKris Kennaway 	}
127a04a10f8SKris Kennaway 	/* XXX all other service requests are denied */
128a04a10f8SKris Kennaway 
129f388f5efSDag-Erling Smørgrav 	if (acceptit) {
130a04a10f8SKris Kennaway 		packet_start(SSH2_MSG_SERVICE_ACCEPT);
131a04a10f8SKris Kennaway 		packet_put_cstring(service);
132a04a10f8SKris Kennaway 		packet_send();
133a04a10f8SKris Kennaway 		packet_write_wait();
134a04a10f8SKris Kennaway 	} else {
135a04a10f8SKris Kennaway 		debug("bad service request %s", service);
136a04a10f8SKris Kennaway 		packet_disconnect("bad service request %s", service);
137a04a10f8SKris Kennaway 	}
138a04a10f8SKris Kennaway 	xfree(service);
139a04a10f8SKris Kennaway }
140a04a10f8SKris Kennaway 
141af12a3e7SDag-Erling Smørgrav static void
142af12a3e7SDag-Erling Smørgrav input_userauth_request(int type, u_int32_t seq, void *ctxt)
143a04a10f8SKris Kennaway {
14409958426SBrian Feldman 	Authctxt *authctxt = ctxt;
14509958426SBrian Feldman 	Authmethod *m = NULL;
146ca3176e7SBrian Feldman 	char *user, *service, *method, *style = NULL;
147a04a10f8SKris Kennaway 	int authenticated = 0;
1485b400a39SDag-Erling Smørgrav #ifdef HAVE_LOGIN_CAP
1495b400a39SDag-Erling Smørgrav 	login_cap_t *lc;
1505b400a39SDag-Erling Smørgrav 	const char *from_host, *from_ip;
1515b400a39SDag-Erling Smørgrav 
152cf2b5f3bSDag-Erling Smørgrav         from_host = get_canonical_hostname(options.use_dns);
1535b400a39SDag-Erling Smørgrav         from_ip = get_remote_ipaddr();
1545b400a39SDag-Erling Smørgrav #endif
155a04a10f8SKris Kennaway 
15609958426SBrian Feldman 	if (authctxt == NULL)
15709958426SBrian Feldman 		fatal("input_userauth_request: no authctxt");
158a04a10f8SKris Kennaway 
15909958426SBrian Feldman 	user = packet_get_string(NULL);
16009958426SBrian Feldman 	service = packet_get_string(NULL);
16109958426SBrian Feldman 	method = packet_get_string(NULL);
162a04a10f8SKris Kennaway 	debug("userauth-request for user %s service %s method %s", user, service, method);
163ca3176e7SBrian Feldman 	debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
164a04a10f8SKris Kennaway 
165ca3176e7SBrian Feldman 	if ((style = strchr(user, ':')) != NULL)
166ca3176e7SBrian Feldman 		*style++ = 0;
167ca3176e7SBrian Feldman 
168ca3176e7SBrian Feldman 	if (authctxt->attempt++ == 0) {
16909958426SBrian Feldman 		/* setup auth context */
17080628bacSDag-Erling Smørgrav 		authctxt->pw = PRIVSEP(getpwnamallow(user));
17180628bacSDag-Erling Smørgrav 		if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
17209958426SBrian Feldman 			authctxt->valid = 1;
17309958426SBrian Feldman 			debug2("input_userauth_request: setting up authctxt for %s", user);
17409958426SBrian Feldman #ifdef USE_PAM
175cf2b5f3bSDag-Erling Smørgrav 			if (options.use_pam)
176989dd127SDag-Erling Smørgrav 				PRIVSEP(start_pam(authctxt->pw->pw_name));
17709958426SBrian Feldman #endif
17809958426SBrian Feldman 		} else {
179cf2b5f3bSDag-Erling Smørgrav 			logit("input_userauth_request: illegal user %s", user);
180cf2b5f3bSDag-Erling Smørgrav 			authctxt->pw = fakepw();
181989dd127SDag-Erling Smørgrav #ifdef USE_PAM
182cf2b5f3bSDag-Erling Smørgrav 			if (options.use_pam)
183cf2b5f3bSDag-Erling Smørgrav 				PRIVSEP(start_pam(user));
184989dd127SDag-Erling Smørgrav #endif
185a04a10f8SKris Kennaway 		}
18680628bacSDag-Erling Smørgrav 		setproctitle("%s%s", authctxt->pw ? user : "unknown",
18780628bacSDag-Erling Smørgrav 		    use_privsep ? " [net]" : "");
18809958426SBrian Feldman 		authctxt->user = xstrdup(user);
18909958426SBrian Feldman 		authctxt->service = xstrdup(service);
190af12a3e7SDag-Erling Smørgrav 		authctxt->style = style ? xstrdup(style) : NULL;
19180628bacSDag-Erling Smørgrav 		if (use_privsep)
19280628bacSDag-Erling Smørgrav 			mm_inform_authserv(service, style);
193af12a3e7SDag-Erling Smørgrav 	} else if (strcmp(user, authctxt->user) != 0 ||
19409958426SBrian Feldman 	    strcmp(service, authctxt->service) != 0) {
195af12a3e7SDag-Erling Smørgrav 		packet_disconnect("Change of username or service not allowed: "
196af12a3e7SDag-Erling Smørgrav 		    "(%s,%s) -> (%s,%s)",
197af12a3e7SDag-Erling Smørgrav 		    authctxt->user, authctxt->service, user, service);
198a04a10f8SKris Kennaway 	}
1995b400a39SDag-Erling Smørgrav 
2005b400a39SDag-Erling Smørgrav #ifdef HAVE_LOGIN_CAP
2015b400a39SDag-Erling Smørgrav         if (authctxt->pw != NULL) {
2025b400a39SDag-Erling Smørgrav                 lc = login_getpwclass(authctxt->pw);
2035b400a39SDag-Erling Smørgrav                 if (lc == NULL)
2045b400a39SDag-Erling Smørgrav                         lc = login_getclassbyname(NULL, authctxt->pw);
2055b400a39SDag-Erling Smørgrav                 if (!auth_hostok(lc, from_host, from_ip)) {
206cf2b5f3bSDag-Erling Smørgrav                         logit("Denied connection for %.200s from %.200s [%.200s].",
2075b400a39SDag-Erling Smørgrav                             authctxt->pw->pw_name, from_host, from_ip);
2085b400a39SDag-Erling Smørgrav                         packet_disconnect("Sorry, you are not allowed to connect.");
2095b400a39SDag-Erling Smørgrav                 }
2105b400a39SDag-Erling Smørgrav                 if (!auth_timeok(lc, time(NULL))) {
211cf2b5f3bSDag-Erling Smørgrav                         logit("LOGIN %.200s REFUSED (TIME) FROM %.200s",
2125b400a39SDag-Erling Smørgrav                             authctxt->pw->pw_name, from_host);
2135b400a39SDag-Erling Smørgrav                         packet_disconnect("Logins not available right now.");
2145b400a39SDag-Erling Smørgrav                 }
2155b400a39SDag-Erling Smørgrav                 login_close(lc);
2165b400a39SDag-Erling Smørgrav                 lc = NULL;
2175b400a39SDag-Erling Smørgrav         }
2185b400a39SDag-Erling Smørgrav #endif  /* HAVE_LOGIN_CAP */
2195b400a39SDag-Erling Smørgrav 
220ca3176e7SBrian Feldman 	/* reset state */
221af12a3e7SDag-Erling Smørgrav 	auth2_challenge_stop(authctxt);
222cf2b5f3bSDag-Erling Smørgrav 
223cf2b5f3bSDag-Erling Smørgrav #ifdef GSSAPI
224cf2b5f3bSDag-Erling Smørgrav 	dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
225cf2b5f3bSDag-Erling Smørgrav 	dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL);
226cf2b5f3bSDag-Erling Smørgrav #endif
227cf2b5f3bSDag-Erling Smørgrav 
228ca3176e7SBrian Feldman 	authctxt->postponed = 0;
22903e72be8SBrian Feldman 
230ca3176e7SBrian Feldman 	/* try to authenticate user */
23109958426SBrian Feldman 	m = authmethod_lookup(method);
23209958426SBrian Feldman 	if (m != NULL) {
23309958426SBrian Feldman 		debug2("input_userauth_request: try method %s", method);
23409958426SBrian Feldman 		authenticated =	m->userauth(authctxt);
23509958426SBrian Feldman 	}
236ca3176e7SBrian Feldman 	userauth_finish(authctxt, authenticated, method);
23709958426SBrian Feldman 
23809958426SBrian Feldman 	xfree(service);
23909958426SBrian Feldman 	xfree(user);
24009958426SBrian Feldman 	xfree(method);
24109958426SBrian Feldman }
24209958426SBrian Feldman 
243ca3176e7SBrian Feldman void
244ca3176e7SBrian Feldman userauth_finish(Authctxt *authctxt, int authenticated, char *method)
245ca3176e7SBrian Feldman {
246af12a3e7SDag-Erling Smørgrav 	char *methods;
247af12a3e7SDag-Erling Smørgrav 
248ca3176e7SBrian Feldman 	if (!authctxt->valid && authenticated)
249ca3176e7SBrian Feldman 		fatal("INTERNAL ERROR: authenticated invalid user %s",
250ca3176e7SBrian Feldman 		    authctxt->user);
251ca3176e7SBrian Feldman 
252ca3176e7SBrian Feldman 	/* Special handling for root */
253e73e9afaSDag-Erling Smørgrav 	if (authenticated && authctxt->pw->pw_uid == 0 &&
254ca3176e7SBrian Feldman 	    !auth_root_allowed(method))
255ca3176e7SBrian Feldman 		authenticated = 0;
256ca3176e7SBrian Feldman 
257989dd127SDag-Erling Smørgrav #ifdef USE_PAM
258cf2b5f3bSDag-Erling Smørgrav 	if (options.use_pam && authenticated && !PRIVSEP(do_pam_account()))
259989dd127SDag-Erling Smørgrav 		authenticated = 0;
260cf2b5f3bSDag-Erling Smørgrav #endif
261989dd127SDag-Erling Smørgrav 
262f388f5efSDag-Erling Smørgrav #ifdef _UNICOS
263f388f5efSDag-Erling Smørgrav 	if (authenticated && cray_access_denied(authctxt->user)) {
264f388f5efSDag-Erling Smørgrav 		authenticated = 0;
265f388f5efSDag-Erling Smørgrav 		fatal("Access denied for user %s.",authctxt->user);
266f388f5efSDag-Erling Smørgrav 	}
267f388f5efSDag-Erling Smørgrav #endif /* _UNICOS */
268f388f5efSDag-Erling Smørgrav 
269ca3176e7SBrian Feldman 	/* Log before sending the reply */
270ca3176e7SBrian Feldman 	auth_log(authctxt, authenticated, method, " ssh2");
271ca3176e7SBrian Feldman 
272af12a3e7SDag-Erling Smørgrav 	if (authctxt->postponed)
273af12a3e7SDag-Erling Smørgrav 		return;
274af12a3e7SDag-Erling Smørgrav 
275af12a3e7SDag-Erling Smørgrav 	/* XXX todo: check if multiple auth methods are needed */
276af12a3e7SDag-Erling Smørgrav 	if (authenticated == 1) {
277af12a3e7SDag-Erling Smørgrav 		/* turn off userauth */
278af12a3e7SDag-Erling Smørgrav 		dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore);
279af12a3e7SDag-Erling Smørgrav 		packet_start(SSH2_MSG_USERAUTH_SUCCESS);
280af12a3e7SDag-Erling Smørgrav 		packet_send();
281af12a3e7SDag-Erling Smørgrav 		packet_write_wait();
282af12a3e7SDag-Erling Smørgrav 		/* now we can break out */
283af12a3e7SDag-Erling Smørgrav 		authctxt->success = 1;
284af12a3e7SDag-Erling Smørgrav 	} else {
285cf2b5f3bSDag-Erling Smørgrav 		if (authctxt->failures++ > AUTH_FAIL_MAX)
286af12a3e7SDag-Erling Smørgrav 			packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
287af12a3e7SDag-Erling Smørgrav 		methods = authmethods_get();
288af12a3e7SDag-Erling Smørgrav 		packet_start(SSH2_MSG_USERAUTH_FAILURE);
289af12a3e7SDag-Erling Smørgrav 		packet_put_cstring(methods);
290af12a3e7SDag-Erling Smørgrav 		packet_put_char(0);	/* XXX partial success, unused */
291af12a3e7SDag-Erling Smørgrav 		packet_send();
292af12a3e7SDag-Erling Smørgrav 		packet_write_wait();
293af12a3e7SDag-Erling Smørgrav 		xfree(methods);
294af12a3e7SDag-Erling Smørgrav 	}
295ca3176e7SBrian Feldman }
29609958426SBrian Feldman 
29709958426SBrian Feldman /* get current user */
298a04a10f8SKris Kennaway 
299a04a10f8SKris Kennaway struct passwd*
300a04a10f8SKris Kennaway auth_get_user(void)
301a04a10f8SKris Kennaway {
30209958426SBrian Feldman 	return (x_authctxt != NULL && x_authctxt->valid) ? x_authctxt->pw : NULL;
303a04a10f8SKris Kennaway }
304a04a10f8SKris Kennaway 
30509958426SBrian Feldman #define	DELIM	","
30609958426SBrian Feldman 
307af12a3e7SDag-Erling Smørgrav static char *
30809958426SBrian Feldman authmethods_get(void)
309a04a10f8SKris Kennaway {
310af12a3e7SDag-Erling Smørgrav 	Buffer b;
31109958426SBrian Feldman 	char *list;
31280628bacSDag-Erling Smørgrav 	int i;
313a04a10f8SKris Kennaway 
314af12a3e7SDag-Erling Smørgrav 	buffer_init(&b);
31580628bacSDag-Erling Smørgrav 	for (i = 0; authmethods[i] != NULL; i++) {
31680628bacSDag-Erling Smørgrav 		if (strcmp(authmethods[i]->name, "none") == 0)
31709958426SBrian Feldman 			continue;
31880628bacSDag-Erling Smørgrav 		if (authmethods[i]->enabled != NULL &&
31980628bacSDag-Erling Smørgrav 		    *(authmethods[i]->enabled) != 0) {
320af12a3e7SDag-Erling Smørgrav 			if (buffer_len(&b) > 0)
321af12a3e7SDag-Erling Smørgrav 				buffer_append(&b, ",", 1);
32280628bacSDag-Erling Smørgrav 			buffer_append(&b, authmethods[i]->name,
32380628bacSDag-Erling Smørgrav 			    strlen(authmethods[i]->name));
32409958426SBrian Feldman 		}
32509958426SBrian Feldman 	}
326af12a3e7SDag-Erling Smørgrav 	buffer_append(&b, "\0", 1);
327af12a3e7SDag-Erling Smørgrav 	list = xstrdup(buffer_ptr(&b));
328af12a3e7SDag-Erling Smørgrav 	buffer_free(&b);
32909958426SBrian Feldman 	return list;
33009958426SBrian Feldman }
33109958426SBrian Feldman 
332af12a3e7SDag-Erling Smørgrav static Authmethod *
33309958426SBrian Feldman authmethod_lookup(const char *name)
33409958426SBrian Feldman {
33580628bacSDag-Erling Smørgrav 	int i;
33680628bacSDag-Erling Smørgrav 
33709958426SBrian Feldman 	if (name != NULL)
33880628bacSDag-Erling Smørgrav 		for (i = 0; authmethods[i] != NULL; i++)
33980628bacSDag-Erling Smørgrav 			if (authmethods[i]->enabled != NULL &&
34080628bacSDag-Erling Smørgrav 			    *(authmethods[i]->enabled) != 0 &&
34180628bacSDag-Erling Smørgrav 			    strcmp(name, authmethods[i]->name) == 0)
34280628bacSDag-Erling Smørgrav 				return authmethods[i];
34380628bacSDag-Erling Smørgrav 	debug2("Unrecognized authentication method name: %s",
34480628bacSDag-Erling Smørgrav 	    name ? name : "NULL");
345a04a10f8SKris Kennaway 	return NULL;
346a04a10f8SKris Kennaway }
347