diff options
Diffstat (limited to 'auth.c')
| -rw-r--r-- | auth.c | 22 |
1 files changed, 20 insertions, 2 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: auth.c,v 1.103 2013/05/19 02:42:42 djm Exp $ */ | 1 | /* $OpenBSD: auth.c,v 1.106 2014/07/15 15:54:14 millert Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -56,6 +56,7 @@ | |||
| 56 | #include "groupaccess.h" | 56 | #include "groupaccess.h" |
| 57 | #include "log.h" | 57 | #include "log.h" |
| 58 | #include "buffer.h" | 58 | #include "buffer.h" |
| 59 | #include "misc.h" | ||
| 59 | #include "servconf.h" | 60 | #include "servconf.h" |
| 60 | #include "key.h" | 61 | #include "key.h" |
| 61 | #include "hostfile.h" | 62 | #include "hostfile.h" |
| @@ -63,7 +64,6 @@ | |||
| 63 | #include "auth-options.h" | 64 | #include "auth-options.h" |
| 64 | #include "canohost.h" | 65 | #include "canohost.h" |
| 65 | #include "uidswap.h" | 66 | #include "uidswap.h" |
| 66 | #include "misc.h" | ||
| 67 | #include "packet.h" | 67 | #include "packet.h" |
| 68 | #include "loginrec.h" | 68 | #include "loginrec.h" |
| 69 | #ifdef GSSAPI | 69 | #ifdef GSSAPI |
| @@ -326,6 +326,20 @@ auth_log(Authctxt *authctxt, int authenticated, int partial, | |||
| 326 | #endif | 326 | #endif |
| 327 | } | 327 | } |
| 328 | 328 | ||
| 329 | |||
| 330 | void | ||
| 331 | auth_maxtries_exceeded(Authctxt *authctxt) | ||
| 332 | { | ||
| 333 | packet_disconnect("Too many authentication failures for " | ||
| 334 | "%s%.100s from %.200s port %d %s", | ||
| 335 | authctxt->valid ? "" : "invalid user ", | ||
| 336 | authctxt->user, | ||
| 337 | get_remote_ipaddr(), | ||
| 338 | get_remote_port(), | ||
| 339 | compat20 ? "ssh2" : "ssh1"); | ||
| 340 | /* NOTREACHED */ | ||
| 341 | } | ||
| 342 | |||
| 329 | /* | 343 | /* |
| 330 | * Check whether root logins are disallowed. | 344 | * Check whether root logins are disallowed. |
| 331 | */ | 345 | */ |
| @@ -656,6 +670,7 @@ getpwnamallow(const char *user) | |||
| 656 | int | 670 | int |
| 657 | auth_key_is_revoked(Key *key) | 671 | auth_key_is_revoked(Key *key) |
| 658 | { | 672 | { |
| 673 | #ifdef WITH_OPENSSL | ||
| 659 | char *key_fp; | 674 | char *key_fp; |
| 660 | 675 | ||
| 661 | if (options.revoked_keys_file == NULL) | 676 | if (options.revoked_keys_file == NULL) |
| @@ -668,6 +683,7 @@ auth_key_is_revoked(Key *key) | |||
| 668 | default: | 683 | default: |
| 669 | goto revoked; | 684 | goto revoked; |
| 670 | } | 685 | } |
| 686 | #endif | ||
| 671 | debug3("%s: treating %s as a key list", __func__, | 687 | debug3("%s: treating %s as a key list", __func__, |
| 672 | options.revoked_keys_file); | 688 | options.revoked_keys_file); |
| 673 | switch (key_in_file(key, options.revoked_keys_file, 0)) { | 689 | switch (key_in_file(key, options.revoked_keys_file, 0)) { |
| @@ -679,6 +695,7 @@ auth_key_is_revoked(Key *key) | |||
| 679 | error("Revoked keys file is unreadable: refusing public key " | 695 | error("Revoked keys file is unreadable: refusing public key " |
| 680 | "authentication"); | 696 | "authentication"); |
| 681 | return 1; | 697 | return 1; |
| 698 | #ifdef WITH_OPENSSL | ||
| 682 | case 1: | 699 | case 1: |
| 683 | revoked: | 700 | revoked: |
| 684 | /* Key revoked */ | 701 | /* Key revoked */ |
| @@ -687,6 +704,7 @@ auth_key_is_revoked(Key *key) | |||
| 687 | "%s key %s ", key_type(key), key_fp); | 704 | "%s key %s ", key_type(key), key_fp); |
| 688 | free(key_fp); | 705 | free(key_fp); |
| 689 | return 1; | 706 | return 1; |
| 707 | #endif | ||
| 690 | } | 708 | } |
| 691 | fatal("key_in_file returned junk"); | 709 | fatal("key_in_file returned junk"); |
| 692 | } | 710 | } |