diff options
author | Colin Watson <cjwatson@debian.org> | 2015-08-19 17:00:17 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2015-08-19 17:00:17 +0100 |
commit | 544df7a04ae5b5c1fc30be7c445ad685d7a02dc9 (patch) | |
tree | 33d2a87dd50fe5894ac6ec4579c83401b7ab00a4 /monitor.c | |
parent | baccdb349b31c47cd76fb63211f754ed33a9707e (diff) | |
parent | 7de4b03a6e4071d454b72927ffaf52949fa34545 (diff) |
Import openssh_6.9p1.orig.tar.gz
Diffstat (limited to 'monitor.c')
-rw-r--r-- | monitor.c | 22 |
1 files changed, 13 insertions, 9 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: monitor.c,v 1.145 2015/02/20 22:17:21 djm Exp $ */ | 1 | /* $OpenBSD: monitor.c,v 1.150 2015/06/22 23:42:16 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
@@ -404,7 +404,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) | |||
404 | if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) { | 404 | if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) { |
405 | auth_log(authctxt, authenticated, partial, | 405 | auth_log(authctxt, authenticated, partial, |
406 | auth_method, auth_submethod); | 406 | auth_method, auth_submethod); |
407 | if (!authenticated) | 407 | if (!partial && !authenticated) |
408 | authctxt->failures++; | 408 | authctxt->failures++; |
409 | } | 409 | } |
410 | } | 410 | } |
@@ -1185,7 +1185,7 @@ mm_answer_keyallowed(int sock, Buffer *m) | |||
1185 | Key *key; | 1185 | Key *key; |
1186 | char *cuser, *chost; | 1186 | char *cuser, *chost; |
1187 | u_char *blob; | 1187 | u_char *blob; |
1188 | u_int bloblen; | 1188 | u_int bloblen, pubkey_auth_attempt; |
1189 | enum mm_keytype type = 0; | 1189 | enum mm_keytype type = 0; |
1190 | int allowed = 0; | 1190 | int allowed = 0; |
1191 | 1191 | ||
@@ -1195,6 +1195,7 @@ mm_answer_keyallowed(int sock, Buffer *m) | |||
1195 | cuser = buffer_get_string(m, NULL); | 1195 | cuser = buffer_get_string(m, NULL); |
1196 | chost = buffer_get_string(m, NULL); | 1196 | chost = buffer_get_string(m, NULL); |
1197 | blob = buffer_get_string(m, &bloblen); | 1197 | blob = buffer_get_string(m, &bloblen); |
1198 | pubkey_auth_attempt = buffer_get_int(m); | ||
1198 | 1199 | ||
1199 | key = key_from_blob(blob, bloblen); | 1200 | key = key_from_blob(blob, bloblen); |
1200 | 1201 | ||
@@ -1215,19 +1216,19 @@ mm_answer_keyallowed(int sock, Buffer *m) | |||
1215 | allowed = options.pubkey_authentication && | 1216 | allowed = options.pubkey_authentication && |
1216 | !auth2_userkey_already_used(authctxt, key) && | 1217 | !auth2_userkey_already_used(authctxt, key) && |
1217 | match_pattern_list(sshkey_ssh_name(key), | 1218 | match_pattern_list(sshkey_ssh_name(key), |
1218 | options.pubkey_key_types, | 1219 | options.pubkey_key_types, 0) == 1 && |
1219 | strlen(options.pubkey_key_types), 0) == 1 && | 1220 | user_key_allowed(authctxt->pw, key, |
1220 | user_key_allowed(authctxt->pw, key); | 1221 | pubkey_auth_attempt); |
1221 | pubkey_auth_info(authctxt, key, NULL); | 1222 | pubkey_auth_info(authctxt, key, NULL); |
1222 | auth_method = "publickey"; | 1223 | auth_method = "publickey"; |
1223 | if (options.pubkey_authentication && allowed != 1) | 1224 | if (options.pubkey_authentication && |
1225 | (!pubkey_auth_attempt || allowed != 1)) | ||
1224 | auth_clear_options(); | 1226 | auth_clear_options(); |
1225 | break; | 1227 | break; |
1226 | case MM_HOSTKEY: | 1228 | case MM_HOSTKEY: |
1227 | allowed = options.hostbased_authentication && | 1229 | allowed = options.hostbased_authentication && |
1228 | match_pattern_list(sshkey_ssh_name(key), | 1230 | match_pattern_list(sshkey_ssh_name(key), |
1229 | options.hostbased_key_types, | 1231 | options.hostbased_key_types, 0) == 1 && |
1230 | strlen(options.hostbased_key_types), 0) == 1 && | ||
1231 | hostbased_key_allowed(authctxt->pw, | 1232 | hostbased_key_allowed(authctxt->pw, |
1232 | cuser, chost, key); | 1233 | cuser, chost, key); |
1233 | pubkey_auth_info(authctxt, key, | 1234 | pubkey_auth_info(authctxt, key, |
@@ -1474,6 +1475,9 @@ mm_record_login(Session *s, struct passwd *pw) | |||
1474 | socklen_t fromlen; | 1475 | socklen_t fromlen; |
1475 | struct sockaddr_storage from; | 1476 | struct sockaddr_storage from; |
1476 | 1477 | ||
1478 | if (options.use_login) | ||
1479 | return; | ||
1480 | |||
1477 | /* | 1481 | /* |
1478 | * Get IP address of client. If the connection is not a socket, let | 1482 | * Get IP address of client. If the connection is not a socket, let |
1479 | * the address be 0.0.0.0. | 1483 | * the address be 0.0.0.0. |