summaryrefslogtreecommitdiff
path: root/auth2.c
diff options
context:
space:
mode:
Diffstat (limited to 'auth2.c')
-rw-r--r--auth2.c28
1 files changed, 17 insertions, 11 deletions
diff --git a/auth2.c b/auth2.c
index 6dfd91f74..17c58552a 100644
--- a/auth2.c
+++ b/auth2.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: auth2.c,v 1.93 2002/05/31 11:35:15 markus Exp $"); 26RCSID("$OpenBSD: auth2.c,v 1.95 2002/08/22 21:33:58 markus Exp $");
27 27
28#include "ssh2.h" 28#include "ssh2.h"
29#include "xmalloc.h" 29#include "xmalloc.h"
@@ -102,7 +102,7 @@ input_service_request(int type, u_int32_t seq, void *ctxt)
102{ 102{
103 Authctxt *authctxt = ctxt; 103 Authctxt *authctxt = ctxt;
104 u_int len; 104 u_int len;
105 int accept = 0; 105 int acceptit = 0;
106 char *service = packet_get_string(&len); 106 char *service = packet_get_string(&len);
107 packet_check_eom(); 107 packet_check_eom();
108 108
@@ -111,14 +111,14 @@ input_service_request(int type, u_int32_t seq, void *ctxt)
111 111
112 if (strcmp(service, "ssh-userauth") == 0) { 112 if (strcmp(service, "ssh-userauth") == 0) {
113 if (!authctxt->success) { 113 if (!authctxt->success) {
114 accept = 1; 114 acceptit = 1;
115 /* now we can handle user-auth requests */ 115 /* now we can handle user-auth requests */
116 dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &input_userauth_request); 116 dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &input_userauth_request);
117 } 117 }
118 } 118 }
119 /* XXX all other service requests are denied */ 119 /* XXX all other service requests are denied */
120 120
121 if (accept) { 121 if (acceptit) {
122 packet_start(SSH2_MSG_SERVICE_ACCEPT); 122 packet_start(SSH2_MSG_SERVICE_ACCEPT);
123 packet_put_cstring(service); 123 packet_put_cstring(service);
124 packet_send(); 124 packet_send();
@@ -205,7 +205,8 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
205 authctxt->user); 205 authctxt->user);
206 206
207 /* Special handling for root */ 207 /* Special handling for root */
208 if (authenticated && authctxt->pw->pw_uid == 0 && 208 if (!use_privsep &&
209 authenticated && authctxt->pw->pw_uid == 0 &&
209 !auth_root_allowed(method)) 210 !auth_root_allowed(method))
210 authenticated = 0; 211 authenticated = 0;
211 212
@@ -215,6 +216,13 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
215 authenticated = 0; 216 authenticated = 0;
216#endif /* USE_PAM */ 217#endif /* USE_PAM */
217 218
219#ifdef _UNICOS
220 if (authenticated && cray_access_denied(authctxt->user)) {
221 authenticated = 0;
222 fatal("Access denied for user %s.",authctxt->user);
223 }
224#endif /* _UNICOS */
225
218 /* Log before sending the reply */ 226 /* Log before sending the reply */
219 auth_log(authctxt, authenticated, method, " ssh2"); 227 auth_log(authctxt, authenticated, method, " ssh2");
220 228
@@ -232,14 +240,12 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
232 authctxt->success = 1; 240 authctxt->success = 1;
233 } else { 241 } else {
234 if (authctxt->failures++ > AUTH_FAIL_MAX) { 242 if (authctxt->failures++ > AUTH_FAIL_MAX) {
235#ifdef WITH_AIXAUTHENTICATE
236 /* XXX: privsep */
237 loginfailed(authctxt->user,
238 get_canonical_hostname(options.verify_reverse_mapping),
239 "ssh");
240#endif /* WITH_AIXAUTHENTICATE */
241 packet_disconnect(AUTH_FAIL_MSG, authctxt->user); 243 packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
242 } 244 }
245#ifdef _UNICOS
246 if (strcmp(method, "password") == 0)
247 cray_login_failure(authctxt->user, IA_UDBERR);
248#endif /* _UNICOS */
243 methods = authmethods_get(); 249 methods = authmethods_get();
244 packet_start(SSH2_MSG_USERAUTH_FAILURE); 250 packet_start(SSH2_MSG_USERAUTH_FAILURE);
245 packet_put_cstring(methods); 251 packet_put_cstring(methods);