diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2001-06-09 00:23:17 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-06-09 00:23:17 +0000 |
commit | cd4349f969a8cc4cf2902ffd0a67aea49fae2102 (patch) | |
tree | 6bae3e606cd14eb87efd683d73d9074b6ea66c36 | |
parent | 5ec2645a2d4a5045e587868b3f2ed33ae187f594 (diff) |
- markus@cvs.openbsd.org 2001/05/30 23:31:14
[auth2.c]
merge
-rw-r--r-- | auth2.c | 64 |
1 files changed, 26 insertions, 38 deletions
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: auth2.c,v 1.59 2001/05/30 12:55:06 markus Exp $"); | 26 | RCSID("$OpenBSD: auth2.c,v 1.60 2001/05/30 23:31:14 markus Exp $"); |
27 | 27 | ||
28 | #include <openssl/evp.h> | 28 | #include <openssl/evp.h> |
29 | 29 | ||
@@ -88,7 +88,6 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, | |||
88 | 88 | ||
89 | /* auth */ | 89 | /* auth */ |
90 | void userauth_banner(void); | 90 | void userauth_banner(void); |
91 | void userauth_reply(Authctxt *authctxt, int authenticated); | ||
92 | int userauth_none(Authctxt *authctxt); | 91 | int userauth_none(Authctxt *authctxt); |
93 | int userauth_passwd(Authctxt *authctxt); | 92 | int userauth_passwd(Authctxt *authctxt); |
94 | int userauth_pubkey(Authctxt *authctxt); | 93 | int userauth_pubkey(Authctxt *authctxt); |
@@ -255,6 +254,8 @@ input_userauth_request(int type, int plen, void *ctxt) | |||
255 | void | 254 | void |
256 | userauth_finish(Authctxt *authctxt, int authenticated, char *method) | 255 | userauth_finish(Authctxt *authctxt, int authenticated, char *method) |
257 | { | 256 | { |
257 | char *methods; | ||
258 | |||
258 | if (!authctxt->valid && authenticated) | 259 | if (!authctxt->valid && authenticated) |
259 | fatal("INTERNAL ERROR: authenticated invalid user %s", | 260 | fatal("INTERNAL ERROR: authenticated invalid user %s", |
260 | authctxt->user); | 261 | authctxt->user); |
@@ -273,8 +274,29 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) | |||
273 | /* Log before sending the reply */ | 274 | /* Log before sending the reply */ |
274 | auth_log(authctxt, authenticated, method, " ssh2"); | 275 | auth_log(authctxt, authenticated, method, " ssh2"); |
275 | 276 | ||
276 | if (!authctxt->postponed) | 277 | if (authctxt->postponed) |
277 | userauth_reply(authctxt, authenticated); | 278 | return; |
279 | |||
280 | /* XXX todo: check if multiple auth methods are needed */ | ||
281 | if (authenticated == 1) { | ||
282 | /* turn off userauth */ | ||
283 | dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &protocol_error); | ||
284 | packet_start(SSH2_MSG_USERAUTH_SUCCESS); | ||
285 | packet_send(); | ||
286 | packet_write_wait(); | ||
287 | /* now we can break out */ | ||
288 | authctxt->success = 1; | ||
289 | } else { | ||
290 | if (authctxt->failures++ > AUTH_FAIL_MAX) | ||
291 | packet_disconnect(AUTH_FAIL_MSG, authctxt->user); | ||
292 | methods = authmethods_get(); | ||
293 | packet_start(SSH2_MSG_USERAUTH_FAILURE); | ||
294 | packet_put_cstring(methods); | ||
295 | packet_put_char(0); /* XXX partial success, unused */ | ||
296 | packet_send(); | ||
297 | packet_write_wait(); | ||
298 | xfree(methods); | ||
299 | } | ||
278 | } | 300 | } |
279 | 301 | ||
280 | void | 302 | void |
@@ -308,40 +330,6 @@ done: | |||
308 | return; | 330 | return; |
309 | } | 331 | } |
310 | 332 | ||
311 | void | ||
312 | userauth_reply(Authctxt *authctxt, int authenticated) | ||
313 | { | ||
314 | char *methods; | ||
315 | |||
316 | /* XXX todo: check if multiple auth methods are needed */ | ||
317 | if (authenticated == 1) { | ||
318 | #ifdef WITH_AIXAUTHENTICATE | ||
319 | /* We don't have a pty yet, so just label the line as "ssh" */ | ||
320 | if (loginsuccess(authctxt->user?authctxt->user:"NOUSER", | ||
321 | get_canonical_hostname(options.reverse_mapping_check), | ||
322 | "ssh", &aixloginmsg) < 0) | ||
323 | aixloginmsg = NULL; | ||
324 | #endif /* WITH_AIXAUTHENTICATE */ | ||
325 | /* turn off userauth */ | ||
326 | dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &protocol_error); | ||
327 | packet_start(SSH2_MSG_USERAUTH_SUCCESS); | ||
328 | packet_send(); | ||
329 | packet_write_wait(); | ||
330 | /* now we can break out */ | ||
331 | authctxt->success = 1; | ||
332 | } else { | ||
333 | if (authctxt->failures++ > AUTH_FAIL_MAX) | ||
334 | packet_disconnect(AUTH_FAIL_MSG, authctxt->user); | ||
335 | methods = authmethods_get(); | ||
336 | packet_start(SSH2_MSG_USERAUTH_FAILURE); | ||
337 | packet_put_cstring(methods); | ||
338 | packet_put_char(0); /* XXX partial success, unused */ | ||
339 | packet_send(); | ||
340 | packet_write_wait(); | ||
341 | xfree(methods); | ||
342 | } | ||
343 | } | ||
344 | |||
345 | int | 333 | int |
346 | userauth_none(Authctxt *authctxt) | 334 | userauth_none(Authctxt *authctxt) |
347 | { | 335 | { |