diff options
Diffstat (limited to 'auth2.c')
-rw-r--r-- | auth2.c | 37 |
1 files changed, 20 insertions, 17 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2.c,v 1.125 2012/11/04 11:09:15 djm Exp $ */ | 1 | /* $OpenBSD: auth2.c,v 1.126 2012/12/02 20:34:09 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -286,7 +286,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) | |||
286 | debug2("input_userauth_request: try method %s", method); | 286 | debug2("input_userauth_request: try method %s", method); |
287 | authenticated = m->userauth(authctxt); | 287 | authenticated = m->userauth(authctxt); |
288 | } | 288 | } |
289 | userauth_finish(authctxt, authenticated, method); | 289 | userauth_finish(authctxt, authenticated, method, NULL); |
290 | 290 | ||
291 | xfree(service); | 291 | xfree(service); |
292 | xfree(user); | 292 | xfree(user); |
@@ -294,7 +294,8 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) | |||
294 | } | 294 | } |
295 | 295 | ||
296 | void | 296 | void |
297 | userauth_finish(Authctxt *authctxt, int authenticated, char *method) | 297 | userauth_finish(Authctxt *authctxt, int authenticated, const char *method, |
298 | const char *submethod) | ||
298 | { | 299 | { |
299 | char *methods; | 300 | char *methods; |
300 | int partial = 0; | 301 | int partial = 0; |
@@ -302,6 +303,8 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) | |||
302 | if (!authctxt->valid && authenticated) | 303 | if (!authctxt->valid && authenticated) |
303 | fatal("INTERNAL ERROR: authenticated invalid user %s", | 304 | fatal("INTERNAL ERROR: authenticated invalid user %s", |
304 | authctxt->user); | 305 | authctxt->user); |
306 | if (authenticated && authctxt->postponed) | ||
307 | fatal("INTERNAL ERROR: authenticated and postponed"); | ||
305 | 308 | ||
306 | /* Special handling for root */ | 309 | /* Special handling for root */ |
307 | if (authenticated && authctxt->pw->pw_uid == 0 && | 310 | if (authenticated && authctxt->pw->pw_uid == 0 && |
@@ -312,6 +315,19 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) | |||
312 | #endif | 315 | #endif |
313 | } | 316 | } |
314 | 317 | ||
318 | if (authenticated && options.num_auth_methods != 0) { | ||
319 | if (!auth2_update_methods_lists(authctxt, method)) { | ||
320 | authenticated = 0; | ||
321 | partial = 1; | ||
322 | } | ||
323 | } | ||
324 | |||
325 | /* Log before sending the reply */ | ||
326 | auth_log(authctxt, authenticated, partial, method, submethod, " ssh2"); | ||
327 | |||
328 | if (authctxt->postponed) | ||
329 | return; | ||
330 | |||
315 | #ifdef USE_PAM | 331 | #ifdef USE_PAM |
316 | if (options.use_pam && authenticated) { | 332 | if (options.use_pam && authenticated) { |
317 | if (!PRIVSEP(do_pam_account())) { | 333 | if (!PRIVSEP(do_pam_account())) { |
@@ -330,23 +346,10 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) | |||
330 | #ifdef _UNICOS | 346 | #ifdef _UNICOS |
331 | if (authenticated && cray_access_denied(authctxt->user)) { | 347 | if (authenticated && cray_access_denied(authctxt->user)) { |
332 | authenticated = 0; | 348 | authenticated = 0; |
333 | fatal("Access denied for user %s.",authctxt->user); | 349 | fatal("Access denied for user %s.", authctxt->user); |
334 | } | 350 | } |
335 | #endif /* _UNICOS */ | 351 | #endif /* _UNICOS */ |
336 | 352 | ||
337 | /* Log before sending the reply */ | ||
338 | auth_log(authctxt, authenticated, method, " ssh2"); | ||
339 | |||
340 | if (authctxt->postponed) | ||
341 | return; | ||
342 | |||
343 | if (authenticated && options.num_auth_methods != 0) { | ||
344 | if (!auth2_update_methods_lists(authctxt, method)) { | ||
345 | authenticated = 0; | ||
346 | partial = 1; | ||
347 | } | ||
348 | } | ||
349 | |||
350 | if (authenticated == 1) { | 353 | if (authenticated == 1) { |
351 | /* turn off userauth */ | 354 | /* turn off userauth */ |
352 | dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore); | 355 | dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore); |