diff options
Diffstat (limited to 'auth2.c')
-rw-r--r-- | auth2.c | 28 |
1 files changed, 17 insertions, 11 deletions
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: auth2.c,v 1.93 2002/05/31 11:35:15 markus Exp $"); | 26 | RCSID("$OpenBSD: auth2.c,v 1.95 2002/08/22 21:33:58 markus Exp $"); |
27 | 27 | ||
28 | #include "ssh2.h" | 28 | #include "ssh2.h" |
29 | #include "xmalloc.h" | 29 | #include "xmalloc.h" |
@@ -102,7 +102,7 @@ input_service_request(int type, u_int32_t seq, void *ctxt) | |||
102 | { | 102 | { |
103 | Authctxt *authctxt = ctxt; | 103 | Authctxt *authctxt = ctxt; |
104 | u_int len; | 104 | u_int len; |
105 | int accept = 0; | 105 | int acceptit = 0; |
106 | char *service = packet_get_string(&len); | 106 | char *service = packet_get_string(&len); |
107 | packet_check_eom(); | 107 | packet_check_eom(); |
108 | 108 | ||
@@ -111,14 +111,14 @@ input_service_request(int type, u_int32_t seq, void *ctxt) | |||
111 | 111 | ||
112 | if (strcmp(service, "ssh-userauth") == 0) { | 112 | if (strcmp(service, "ssh-userauth") == 0) { |
113 | if (!authctxt->success) { | 113 | if (!authctxt->success) { |
114 | accept = 1; | 114 | acceptit = 1; |
115 | /* now we can handle user-auth requests */ | 115 | /* now we can handle user-auth requests */ |
116 | dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &input_userauth_request); | 116 | dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &input_userauth_request); |
117 | } | 117 | } |
118 | } | 118 | } |
119 | /* XXX all other service requests are denied */ | 119 | /* XXX all other service requests are denied */ |
120 | 120 | ||
121 | if (accept) { | 121 | if (acceptit) { |
122 | packet_start(SSH2_MSG_SERVICE_ACCEPT); | 122 | packet_start(SSH2_MSG_SERVICE_ACCEPT); |
123 | packet_put_cstring(service); | 123 | packet_put_cstring(service); |
124 | packet_send(); | 124 | packet_send(); |
@@ -205,7 +205,8 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) | |||
205 | authctxt->user); | 205 | authctxt->user); |
206 | 206 | ||
207 | /* Special handling for root */ | 207 | /* Special handling for root */ |
208 | if (authenticated && authctxt->pw->pw_uid == 0 && | 208 | if (!use_privsep && |
209 | authenticated && authctxt->pw->pw_uid == 0 && | ||
209 | !auth_root_allowed(method)) | 210 | !auth_root_allowed(method)) |
210 | authenticated = 0; | 211 | authenticated = 0; |
211 | 212 | ||
@@ -215,6 +216,13 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) | |||
215 | authenticated = 0; | 216 | authenticated = 0; |
216 | #endif /* USE_PAM */ | 217 | #endif /* USE_PAM */ |
217 | 218 | ||
219 | #ifdef _UNICOS | ||
220 | if (authenticated && cray_access_denied(authctxt->user)) { | ||
221 | authenticated = 0; | ||
222 | fatal("Access denied for user %s.",authctxt->user); | ||
223 | } | ||
224 | #endif /* _UNICOS */ | ||
225 | |||
218 | /* Log before sending the reply */ | 226 | /* Log before sending the reply */ |
219 | auth_log(authctxt, authenticated, method, " ssh2"); | 227 | auth_log(authctxt, authenticated, method, " ssh2"); |
220 | 228 | ||
@@ -232,14 +240,12 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) | |||
232 | authctxt->success = 1; | 240 | authctxt->success = 1; |
233 | } else { | 241 | } else { |
234 | if (authctxt->failures++ > AUTH_FAIL_MAX) { | 242 | if (authctxt->failures++ > AUTH_FAIL_MAX) { |
235 | #ifdef WITH_AIXAUTHENTICATE | ||
236 | /* XXX: privsep */ | ||
237 | loginfailed(authctxt->user, | ||
238 | get_canonical_hostname(options.verify_reverse_mapping), | ||
239 | "ssh"); | ||
240 | #endif /* WITH_AIXAUTHENTICATE */ | ||
241 | packet_disconnect(AUTH_FAIL_MSG, authctxt->user); | 243 | packet_disconnect(AUTH_FAIL_MSG, authctxt->user); |
242 | } | 244 | } |
245 | #ifdef _UNICOS | ||
246 | if (strcmp(method, "password") == 0) | ||
247 | cray_login_failure(authctxt->user, IA_UDBERR); | ||
248 | #endif /* _UNICOS */ | ||
243 | methods = authmethods_get(); | 249 | methods = authmethods_get(); |
244 | packet_start(SSH2_MSG_USERAUTH_FAILURE); | 250 | packet_start(SSH2_MSG_USERAUTH_FAILURE); |
245 | packet_put_cstring(methods); | 251 | packet_put_cstring(methods); |