summaryrefslogtreecommitdiff
path: root/auth2.c
diff options
context:
space:
mode:
Diffstat (limited to 'auth2.c')
-rw-r--r--auth2.c45
1 files changed, 18 insertions, 27 deletions
diff --git a/auth2.c b/auth2.c
index 41e77efdc..1b21eb2da 100644
--- a/auth2.c
+++ b/auth2.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: auth2.c,v 1.102 2003/08/26 09:58:43 markus Exp $"); 26RCSID("$OpenBSD: auth2.c,v 1.96 2003/02/06 21:22:43 markus Exp $");
27 27
28#include "ssh2.h" 28#include "ssh2.h"
29#include "xmalloc.h" 29#include "xmalloc.h"
@@ -36,14 +36,10 @@ RCSID("$OpenBSD: auth2.c,v 1.102 2003/08/26 09:58:43 markus Exp $");
36#include "pathnames.h" 36#include "pathnames.h"
37#include "monitor_wrap.h" 37#include "monitor_wrap.h"
38 38
39#ifdef GSSAPI
40#include "ssh-gss.h"
41#endif
42
43/* import */ 39/* import */
44extern ServerOptions options; 40extern ServerOptions options;
45extern u_char *session_id2; 41extern u_char *session_id2;
46extern u_int session_id2_len; 42extern int session_id2_len;
47 43
48Authctxt *x_authctxt = NULL; 44Authctxt *x_authctxt = NULL;
49 45
@@ -54,16 +50,10 @@ extern Authmethod method_pubkey;
54extern Authmethod method_passwd; 50extern Authmethod method_passwd;
55extern Authmethod method_kbdint; 51extern Authmethod method_kbdint;
56extern Authmethod method_hostbased; 52extern Authmethod method_hostbased;
57#ifdef GSSAPI
58extern Authmethod method_gssapi;
59#endif
60 53
61Authmethod *authmethods[] = { 54Authmethod *authmethods[] = {
62 &method_none, 55 &method_none,
63 &method_pubkey, 56 &method_pubkey,
64#ifdef GSSAPI
65 &method_gssapi,
66#endif
67 &method_passwd, 57 &method_passwd,
68 &method_kbdint, 58 &method_kbdint,
69 &method_hostbased, 59 &method_hostbased,
@@ -95,6 +85,10 @@ do_authentication2(void)
95 /* challenge-response is implemented via keyboard interactive */ 85 /* challenge-response is implemented via keyboard interactive */
96 if (options.challenge_response_authentication) 86 if (options.challenge_response_authentication)
97 options.kbd_interactive_authentication = 1; 87 options.kbd_interactive_authentication = 1;
88 if (options.pam_authentication_via_kbd_int)
89 options.kbd_interactive_authentication = 1;
90 if (use_privsep)
91 options.pam_authentication_via_kbd_int = 0;
98 92
99 dispatch_init(&dispatch_protocol_error); 93 dispatch_init(&dispatch_protocol_error);
100 dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request); 94 dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request);
@@ -163,15 +157,12 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
163 authctxt->valid = 1; 157 authctxt->valid = 1;
164 debug2("input_userauth_request: setting up authctxt for %s", user); 158 debug2("input_userauth_request: setting up authctxt for %s", user);
165#ifdef USE_PAM 159#ifdef USE_PAM
166 if (options.use_pam) 160 PRIVSEP(start_pam(authctxt->pw->pw_name));
167 PRIVSEP(start_pam(authctxt->pw->pw_name));
168#endif 161#endif
169 } else { 162 } else {
170 logit("input_userauth_request: illegal user %s", user); 163 log("input_userauth_request: illegal user %s", user);
171 authctxt->pw = fakepw();
172#ifdef USE_PAM 164#ifdef USE_PAM
173 if (options.use_pam) 165 PRIVSEP(start_pam("NOUSER"));
174 PRIVSEP(start_pam(user));
175#endif 166#endif
176 } 167 }
177 setproctitle("%s%s", authctxt->pw ? user : "unknown", 168 setproctitle("%s%s", authctxt->pw ? user : "unknown",
@@ -189,12 +180,6 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
189 } 180 }
190 /* reset state */ 181 /* reset state */
191 auth2_challenge_stop(authctxt); 182 auth2_challenge_stop(authctxt);
192
193#ifdef GSSAPI
194 dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
195 dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL);
196#endif
197
198 authctxt->postponed = 0; 183 authctxt->postponed = 0;
199 184
200 /* try to authenticate user */ 185 /* try to authenticate user */
@@ -225,9 +210,10 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
225 authenticated = 0; 210 authenticated = 0;
226 211
227#ifdef USE_PAM 212#ifdef USE_PAM
228 if (options.use_pam && authenticated && !PRIVSEP(do_pam_account())) 213 if (!use_privsep && authenticated && authctxt->user &&
214 !do_pam_account(authctxt->user, NULL))
229 authenticated = 0; 215 authenticated = 0;
230#endif 216#endif /* USE_PAM */
231 217
232#ifdef _UNICOS 218#ifdef _UNICOS
233 if (authenticated && cray_access_denied(authctxt->user)) { 219 if (authenticated && cray_access_denied(authctxt->user)) {
@@ -252,8 +238,13 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
252 /* now we can break out */ 238 /* now we can break out */
253 authctxt->success = 1; 239 authctxt->success = 1;
254 } else { 240 } else {
255 if (authctxt->failures++ > AUTH_FAIL_MAX) 241 if (authctxt->failures++ > AUTH_FAIL_MAX) {
256 packet_disconnect(AUTH_FAIL_MSG, authctxt->user); 242 packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
243 }
244#ifdef _UNICOS
245 if (strcmp(method, "password") == 0)
246 cray_login_failure(authctxt->user, IA_UDBERR);
247#endif /* _UNICOS */
257 methods = authmethods_get(); 248 methods = authmethods_get();
258 packet_start(SSH2_MSG_USERAUTH_FAILURE); 249 packet_start(SSH2_MSG_USERAUTH_FAILURE);
259 packet_put_cstring(methods); 250 packet_put_cstring(methods);
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-08 00:52:00 +0000