diff options
Diffstat (limited to 'auth1.c')
-rw-r--r-- | auth1.c | 26 |
1 files changed, 15 insertions, 11 deletions
@@ -10,14 +10,13 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include "includes.h" | 12 | #include "includes.h" |
13 | RCSID("$OpenBSD: auth1.c,v 1.55 2003/11/08 16:02:40 jakob Exp $"); | 13 | RCSID("$OpenBSD: auth1.c,v 1.59 2004/07/28 09:40:29 markus Exp $"); |
14 | 14 | ||
15 | #include "xmalloc.h" | 15 | #include "xmalloc.h" |
16 | #include "rsa.h" | 16 | #include "rsa.h" |
17 | #include "ssh1.h" | 17 | #include "ssh1.h" |
18 | #include "packet.h" | 18 | #include "packet.h" |
19 | #include "buffer.h" | 19 | #include "buffer.h" |
20 | #include "mpaux.h" | ||
21 | #include "log.h" | 20 | #include "log.h" |
22 | #include "servconf.h" | 21 | #include "servconf.h" |
23 | #include "compat.h" | 22 | #include "compat.h" |
@@ -70,10 +69,9 @@ do_authloop(Authctxt *authctxt) | |||
70 | u_int dlen; | 69 | u_int dlen; |
71 | u_int ulen; | 70 | u_int ulen; |
72 | int prev, type = 0; | 71 | int prev, type = 0; |
73 | struct passwd *pw = authctxt->pw; | ||
74 | 72 | ||
75 | debug("Attempting authentication for %s%.100s.", | 73 | debug("Attempting authentication for %s%.100s.", |
76 | authctxt->valid ? "" : "illegal user ", authctxt->user); | 74 | authctxt->valid ? "" : "invalid user ", authctxt->user); |
77 | 75 | ||
78 | /* If the user has no password, accept authentication immediately. */ | 76 | /* If the user has no password, accept authentication immediately. */ |
79 | if (options.password_authentication && | 77 | if (options.password_authentication && |
@@ -81,8 +79,13 @@ do_authloop(Authctxt *authctxt) | |||
81 | (!options.kerberos_authentication || options.kerberos_or_local_passwd) && | 79 | (!options.kerberos_authentication || options.kerberos_or_local_passwd) && |
82 | #endif | 80 | #endif |
83 | PRIVSEP(auth_password(authctxt, ""))) { | 81 | PRIVSEP(auth_password(authctxt, ""))) { |
84 | auth_log(authctxt, 1, "without authentication", ""); | 82 | #ifdef USE_PAM |
85 | return; | 83 | if (options.use_pam && (PRIVSEP(do_pam_account()))) |
84 | #endif | ||
85 | { | ||
86 | auth_log(authctxt, 1, "without authentication", ""); | ||
87 | return; | ||
88 | } | ||
86 | } | 89 | } |
87 | 90 | ||
88 | /* Indicate that authentication is needed. */ | 91 | /* Indicate that authentication is needed. */ |
@@ -233,9 +236,10 @@ do_authloop(Authctxt *authctxt) | |||
233 | 236 | ||
234 | #ifdef HAVE_CYGWIN | 237 | #ifdef HAVE_CYGWIN |
235 | if (authenticated && | 238 | if (authenticated && |
236 | !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, pw)) { | 239 | !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, |
240 | authctxt->pw)) { | ||
237 | packet_disconnect("Authentication rejected for uid %d.", | 241 | packet_disconnect("Authentication rejected for uid %d.", |
238 | pw == NULL ? -1 : pw->pw_uid); | 242 | authctxt->pw == NULL ? -1 : authctxt->pw->pw_uid); |
239 | authenticated = 0; | 243 | authenticated = 0; |
240 | } | 244 | } |
241 | #else | 245 | #else |
@@ -262,7 +266,7 @@ do_authloop(Authctxt *authctxt) | |||
262 | if (authenticated) | 266 | if (authenticated) |
263 | return; | 267 | return; |
264 | 268 | ||
265 | if (authctxt->failures++ > AUTH_FAIL_MAX) | 269 | if (authctxt->failures++ > options.max_authtries) |
266 | packet_disconnect(AUTH_FAIL_MSG, authctxt->user); | 270 | packet_disconnect(AUTH_FAIL_MSG, authctxt->user); |
267 | 271 | ||
268 | packet_start(SSH_SMSG_FAILURE); | 272 | packet_start(SSH_SMSG_FAILURE); |
@@ -298,11 +302,11 @@ do_authentication(Authctxt *authctxt) | |||
298 | if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL) | 302 | if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL) |
299 | authctxt->valid = 1; | 303 | authctxt->valid = 1; |
300 | else { | 304 | else { |
301 | debug("do_authentication: illegal user %s", user); | 305 | debug("do_authentication: invalid user %s", user); |
302 | authctxt->pw = fakepw(); | 306 | authctxt->pw = fakepw(); |
303 | } | 307 | } |
304 | 308 | ||
305 | setproctitle("%s%s", authctxt->pw ? user : "unknown", | 309 | setproctitle("%s%s", authctxt->valid ? user : "unknown", |
306 | use_privsep ? " [net]" : ""); | 310 | use_privsep ? " [net]" : ""); |
307 | 311 | ||
308 | #ifdef USE_PAM | 312 | #ifdef USE_PAM |