summaryrefslogtreecommitdiff
path: root/monitor.c
diff options
context:
space:
mode:
Diffstat (limited to 'monitor.c')
-rw-r--r--monitor.c22
1 files changed, 13 insertions, 9 deletions
diff --git a/monitor.c b/monitor.c
index ce7ba079c..12ed6fd00 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor.c,v 1.145 2015/02/20 22:17:21 djm Exp $ */ 1/* $OpenBSD: monitor.c,v 1.150 2015/06/22 23:42:16 djm Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -432,7 +432,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
432 if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) { 432 if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) {
433 auth_log(authctxt, authenticated, partial, 433 auth_log(authctxt, authenticated, partial,
434 auth_method, auth_submethod); 434 auth_method, auth_submethod);
435 if (!authenticated) 435 if (!partial && !authenticated)
436 authctxt->failures++; 436 authctxt->failures++;
437 } 437 }
438 } 438 }
@@ -1244,7 +1244,7 @@ mm_answer_keyallowed(int sock, Buffer *m)
1244 Key *key; 1244 Key *key;
1245 char *cuser, *chost; 1245 char *cuser, *chost;
1246 u_char *blob; 1246 u_char *blob;
1247 u_int bloblen; 1247 u_int bloblen, pubkey_auth_attempt;
1248 enum mm_keytype type = 0; 1248 enum mm_keytype type = 0;
1249 int allowed = 0; 1249 int allowed = 0;
1250 1250
@@ -1254,6 +1254,7 @@ mm_answer_keyallowed(int sock, Buffer *m)
1254 cuser = buffer_get_string(m, NULL); 1254 cuser = buffer_get_string(m, NULL);
1255 chost = buffer_get_string(m, NULL); 1255 chost = buffer_get_string(m, NULL);
1256 blob = buffer_get_string(m, &bloblen); 1256 blob = buffer_get_string(m, &bloblen);
1257 pubkey_auth_attempt = buffer_get_int(m);
1257 1258
1258 key = key_from_blob(blob, bloblen); 1259 key = key_from_blob(blob, bloblen);
1259 1260
@@ -1274,19 +1275,19 @@ mm_answer_keyallowed(int sock, Buffer *m)
1274 allowed = options.pubkey_authentication && 1275 allowed = options.pubkey_authentication &&
1275 !auth2_userkey_already_used(authctxt, key) && 1276 !auth2_userkey_already_used(authctxt, key) &&
1276 match_pattern_list(sshkey_ssh_name(key), 1277 match_pattern_list(sshkey_ssh_name(key),
1277 options.pubkey_key_types, 1278 options.pubkey_key_types, 0) == 1 &&
1278 strlen(options.pubkey_key_types), 0) == 1 && 1279 user_key_allowed(authctxt->pw, key,
1279 user_key_allowed(authctxt->pw, key); 1280 pubkey_auth_attempt);
1280 pubkey_auth_info(authctxt, key, NULL); 1281 pubkey_auth_info(authctxt, key, NULL);
1281 auth_method = "publickey"; 1282 auth_method = "publickey";
1282 if (options.pubkey_authentication && allowed != 1) 1283 if (options.pubkey_authentication &&
1284 (!pubkey_auth_attempt || allowed != 1))
1283 auth_clear_options(); 1285 auth_clear_options();
1284 break; 1286 break;
1285 case MM_HOSTKEY: 1287 case MM_HOSTKEY:
1286 allowed = options.hostbased_authentication && 1288 allowed = options.hostbased_authentication &&
1287 match_pattern_list(sshkey_ssh_name(key), 1289 match_pattern_list(sshkey_ssh_name(key),
1288 options.hostbased_key_types, 1290 options.hostbased_key_types, 0) == 1 &&
1289 strlen(options.hostbased_key_types), 0) == 1 &&
1290 hostbased_key_allowed(authctxt->pw, 1291 hostbased_key_allowed(authctxt->pw,
1291 cuser, chost, key); 1292 cuser, chost, key);
1292 pubkey_auth_info(authctxt, key, 1293 pubkey_auth_info(authctxt, key,
@@ -1533,6 +1534,9 @@ mm_record_login(Session *s, struct passwd *pw)
1533 socklen_t fromlen; 1534 socklen_t fromlen;
1534 struct sockaddr_storage from; 1535 struct sockaddr_storage from;
1535 1536
1537 if (options.use_login)
1538 return;
1539
1536 /* 1540 /*
1537 * Get IP address of client. If the connection is not a socket, let 1541 * Get IP address of client. If the connection is not a socket, let
1538 * the address be 0.0.0.0. 1542 * the address be 0.0.0.0.
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-21 23:37:53 +0000