summaryrefslogtreecommitdiff
path: root/auth1.c
diff options
context:
space:
mode:
Diffstat (limited to 'auth1.c')
-rw-r--r--auth1.c49
1 files changed, 36 insertions, 13 deletions
diff --git a/auth1.c b/auth1.c
index 2ebc8d039..9527ba004 100644
--- a/auth1.c
+++ b/auth1.c
@@ -10,7 +10,7 @@
10 */ 10 */
11 11
12#include "includes.h" 12#include "includes.h"
13RCSID("$OpenBSD: auth1.c,v 1.41 2002/06/19 00:27:55 deraadt Exp $"); 13RCSID("$OpenBSD: auth1.c,v 1.44 2002/09/26 11:38:43 markus Exp $");
14 14
15#include "xmalloc.h" 15#include "xmalloc.h"
16#include "rsa.h" 16#include "rsa.h"
@@ -118,30 +118,49 @@ do_authloop(Authctxt *authctxt)
118 118
119 if (kdata[0] == 4) { /* KRB_PROT_VERSION */ 119 if (kdata[0] == 4) { /* KRB_PROT_VERSION */
120#ifdef KRB4 120#ifdef KRB4
121 KTEXT_ST tkt; 121 KTEXT_ST tkt, reply;
122
123 tkt.length = dlen; 122 tkt.length = dlen;
124 if (tkt.length < MAX_KTXT_LEN) 123 if (tkt.length < MAX_KTXT_LEN)
125 memcpy(tkt.dat, kdata, tkt.length); 124 memcpy(tkt.dat, kdata, tkt.length);
126 125
127 if (auth_krb4(authctxt, &tkt, &client_user)) { 126 if (PRIVSEP(auth_krb4(authctxt, &tkt,
127 &client_user, &reply))) {
128 authenticated = 1; 128 authenticated = 1;
129 snprintf(info, sizeof(info), 129 snprintf(info, sizeof(info),
130 " tktuser %.100s", 130 " tktuser %.100s",
131 client_user); 131 client_user);
132
133 packet_start(
134 SSH_SMSG_AUTH_KERBEROS_RESPONSE);
135 packet_put_string((char *)
136 reply.dat, reply.length);
137 packet_send();
138 packet_write_wait();
132 } 139 }
133#endif /* KRB4 */ 140#endif /* KRB4 */
134 } else { 141 } else {
135#ifdef KRB5 142#ifdef KRB5
136 krb5_data tkt; 143 krb5_data tkt, reply;
137 tkt.length = dlen; 144 tkt.length = dlen;
138 tkt.data = kdata; 145 tkt.data = kdata;
139 146
140 if (auth_krb5(authctxt, &tkt, &client_user)) { 147 if (PRIVSEP(auth_krb5(authctxt, &tkt,
148 &client_user, &reply))) {
141 authenticated = 1; 149 authenticated = 1;
142 snprintf(info, sizeof(info), 150 snprintf(info, sizeof(info),
143 " tktuser %.100s", 151 " tktuser %.100s",
144 client_user); 152 client_user);
153
154 /* Send response to client */
155 packet_start(
156 SSH_SMSG_AUTH_KERBEROS_RESPONSE);
157 packet_put_string((char *)
158 reply.data, reply.length);
159 packet_send();
160 packet_write_wait();
161
162 if (reply.length)
163 xfree(reply.data);
145 } 164 }
146#endif /* KRB5 */ 165#endif /* KRB5 */
147 } 166 }
@@ -292,6 +311,15 @@ do_authloop(Authctxt *authctxt)
292 fatal("INTERNAL ERROR: authenticated invalid user %s", 311 fatal("INTERNAL ERROR: authenticated invalid user %s",
293 authctxt->user); 312 authctxt->user);
294 313
314#ifdef _UNICOS
315 if (type == SSH_CMSG_AUTH_PASSWORD && !authenticated)
316 cray_login_failure(authctxt->user, IA_UDBERR);
317 if (authenticated && cray_access_denied(authctxt->user)) {
318 authenticated = 0;
319 fatal("Access denied for user %s.",authctxt->user);
320 }
321#endif /* _UNICOS */
322
295#ifdef HAVE_CYGWIN 323#ifdef HAVE_CYGWIN
296 if (authenticated && 324 if (authenticated &&
297 !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, pw)) { 325 !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, pw)) {
@@ -301,7 +329,8 @@ do_authloop(Authctxt *authctxt)
301 } 329 }
302#else 330#else
303 /* Special handling for root */ 331 /* Special handling for root */
304 if (authenticated && authctxt->pw->pw_uid == 0 && 332 if (!use_privsep &&
333 authenticated && authctxt->pw->pw_uid == 0 &&
305 !auth_root_allowed(get_authname(type))) 334 !auth_root_allowed(get_authname(type)))
306 authenticated = 0; 335 authenticated = 0;
307#endif 336#endif
@@ -323,12 +352,6 @@ do_authloop(Authctxt *authctxt)
323 return; 352 return;
324 353
325 if (authctxt->failures++ > AUTH_FAIL_MAX) { 354 if (authctxt->failures++ > AUTH_FAIL_MAX) {
326#ifdef WITH_AIXAUTHENTICATE
327 /* XXX: privsep */
328 loginfailed(authctxt->user,
329 get_canonical_hostname(options.verify_reverse_mapping),
330 "ssh");
331#endif /* WITH_AIXAUTHENTICATE */
332 packet_disconnect(AUTH_FAIL_MSG, authctxt->user); 355 packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
333 } 356 }
334 357
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-28 13:19:56 +0000