diff options
Diffstat (limited to 'auth1.c')
-rw-r--r-- | auth1.c | 33 |
1 files changed, 29 insertions, 4 deletions
@@ -25,9 +25,11 @@ RCSID("$OpenBSD: auth1.c,v 1.59 2004/07/28 09:40:29 markus Exp $"); | |||
25 | #include "session.h" | 25 | #include "session.h" |
26 | #include "uidswap.h" | 26 | #include "uidswap.h" |
27 | #include "monitor_wrap.h" | 27 | #include "monitor_wrap.h" |
28 | #include "buffer.h" | ||
28 | 29 | ||
29 | /* import */ | 30 | /* import */ |
30 | extern ServerOptions options; | 31 | extern ServerOptions options; |
32 | extern Buffer loginmsg; | ||
31 | 33 | ||
32 | /* | 34 | /* |
33 | * convert ssh auth msg type into description | 35 | * convert ssh auth msg type into description |
@@ -245,14 +247,33 @@ do_authloop(Authctxt *authctxt) | |||
245 | #else | 247 | #else |
246 | /* Special handling for root */ | 248 | /* Special handling for root */ |
247 | if (authenticated && authctxt->pw->pw_uid == 0 && | 249 | if (authenticated && authctxt->pw->pw_uid == 0 && |
248 | !auth_root_allowed(get_authname(type))) | 250 | !auth_root_allowed(get_authname(type))) { |
249 | authenticated = 0; | 251 | authenticated = 0; |
252 | # ifdef SSH_AUDIT_EVENTS | ||
253 | PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED)); | ||
254 | # endif | ||
255 | } | ||
250 | #endif | 256 | #endif |
251 | 257 | ||
252 | #ifdef USE_PAM | 258 | #ifdef USE_PAM |
253 | if (options.use_pam && authenticated && | 259 | if (options.use_pam && authenticated && |
254 | !PRIVSEP(do_pam_account())) | 260 | !PRIVSEP(do_pam_account())) { |
255 | authenticated = 0; | 261 | char *msg; |
262 | size_t len; | ||
263 | |||
264 | error("Access denied for user %s by PAM account " | ||
265 | "configuration", authctxt->user); | ||
266 | len = buffer_len(&loginmsg); | ||
267 | buffer_append(&loginmsg, "\0", 1); | ||
268 | msg = buffer_ptr(&loginmsg); | ||
269 | /* strip trailing newlines */ | ||
270 | if (len > 0) | ||
271 | while (len > 0 && msg[--len] == '\n') | ||
272 | msg[len] = '\0'; | ||
273 | else | ||
274 | msg = "Access denied."; | ||
275 | packet_disconnect(msg); | ||
276 | } | ||
256 | #endif | 277 | #endif |
257 | 278 | ||
258 | /* Log before sending the reply */ | 279 | /* Log before sending the reply */ |
@@ -266,8 +287,12 @@ do_authloop(Authctxt *authctxt) | |||
266 | if (authenticated) | 287 | if (authenticated) |
267 | return; | 288 | return; |
268 | 289 | ||
269 | if (authctxt->failures++ > options.max_authtries) | 290 | if (authctxt->failures++ > options.max_authtries) { |
291 | #ifdef SSH_AUDIT_EVENTS | ||
292 | PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES)); | ||
293 | #endif | ||
270 | packet_disconnect(AUTH_FAIL_MSG, authctxt->user); | 294 | packet_disconnect(AUTH_FAIL_MSG, authctxt->user); |
295 | } | ||
271 | 296 | ||
272 | packet_start(SSH_SMSG_FAILURE); | 297 | packet_start(SSH_SMSG_FAILURE); |
273 | packet_send(); | 298 | packet_send(); |