diff options
Diffstat (limited to 'monitor.c')
-rw-r--r-- | monitor.c | 25 |
1 files changed, 17 insertions, 8 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: monitor.c,v 1.118 2012/11/04 11:09:15 djm Exp $ */ | 1 | /* $OpenBSD: monitor.c,v 1.119 2012/12/02 20:34:10 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
@@ -199,6 +199,7 @@ static int key_blobtype = MM_NOKEY; | |||
199 | static char *hostbased_cuser = NULL; | 199 | static char *hostbased_cuser = NULL; |
200 | static char *hostbased_chost = NULL; | 200 | static char *hostbased_chost = NULL; |
201 | static char *auth_method = "unknown"; | 201 | static char *auth_method = "unknown"; |
202 | static char *auth_submethod = NULL; | ||
202 | static u_int session_id2_len = 0; | 203 | static u_int session_id2_len = 0; |
203 | static u_char *session_id2 = NULL; | 204 | static u_char *session_id2 = NULL; |
204 | static pid_t monitor_child_pid; | 205 | static pid_t monitor_child_pid; |
@@ -352,7 +353,7 @@ void | |||
352 | monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) | 353 | monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) |
353 | { | 354 | { |
354 | struct mon_table *ent; | 355 | struct mon_table *ent; |
355 | int authenticated = 0; | 356 | int authenticated = 0, partial = 0; |
356 | 357 | ||
357 | debug3("preauth child monitor started"); | 358 | debug3("preauth child monitor started"); |
358 | 359 | ||
@@ -379,7 +380,9 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) | |||
379 | 380 | ||
380 | /* The first few requests do not require asynchronous access */ | 381 | /* The first few requests do not require asynchronous access */ |
381 | while (!authenticated) { | 382 | while (!authenticated) { |
383 | partial = 0; | ||
382 | auth_method = "unknown"; | 384 | auth_method = "unknown"; |
385 | auth_submethod = NULL; | ||
383 | authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1); | 386 | authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1); |
384 | 387 | ||
385 | /* Special handling for multiple required authentications */ | 388 | /* Special handling for multiple required authentications */ |
@@ -393,6 +396,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) | |||
393 | debug3("%s: method %s: partial", __func__, | 396 | debug3("%s: method %s: partial", __func__, |
394 | auth_method); | 397 | auth_method); |
395 | authenticated = 0; | 398 | authenticated = 0; |
399 | partial = 1; | ||
396 | } | 400 | } |
397 | } | 401 | } |
398 | 402 | ||
@@ -417,7 +421,8 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) | |||
417 | #endif | 421 | #endif |
418 | } | 422 | } |
419 | if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) { | 423 | if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) { |
420 | auth_log(authctxt, authenticated, auth_method, | 424 | auth_log(authctxt, authenticated, partial, |
425 | auth_method, auth_submethod, | ||
421 | compat20 ? " ssh2" : ""); | 426 | compat20 ? " ssh2" : ""); |
422 | if (!authenticated) | 427 | if (!authenticated) |
423 | authctxt->failures++; | 428 | authctxt->failures++; |
@@ -943,7 +948,7 @@ mm_answer_bsdauthrespond(int sock, Buffer *m) | |||
943 | mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m); | 948 | mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m); |
944 | 949 | ||
945 | if (compat20) | 950 | if (compat20) |
946 | auth_method = "keyboard-interactive"; | 951 | auth_method = "keyboard-interactive"; /* XXX auth_submethod */ |
947 | else | 952 | else |
948 | auth_method = "bsdauth"; | 953 | auth_method = "bsdauth"; |
949 | 954 | ||
@@ -1084,7 +1089,8 @@ mm_answer_pam_query(int sock, Buffer *m) | |||
1084 | xfree(prompts); | 1089 | xfree(prompts); |
1085 | if (echo_on != NULL) | 1090 | if (echo_on != NULL) |
1086 | xfree(echo_on); | 1091 | xfree(echo_on); |
1087 | auth_method = "keyboard-interactive/pam"; | 1092 | auth_method = "keyboard-interactive"; |
1093 | auth_submethod = "pam"; | ||
1088 | mm_request_send(sock, MONITOR_ANS_PAM_QUERY, m); | 1094 | mm_request_send(sock, MONITOR_ANS_PAM_QUERY, m); |
1089 | return (0); | 1095 | return (0); |
1090 | } | 1096 | } |
@@ -1113,7 +1119,8 @@ mm_answer_pam_respond(int sock, Buffer *m) | |||
1113 | buffer_clear(m); | 1119 | buffer_clear(m); |
1114 | buffer_put_int(m, ret); | 1120 | buffer_put_int(m, ret); |
1115 | mm_request_send(sock, MONITOR_ANS_PAM_RESPOND, m); | 1121 | mm_request_send(sock, MONITOR_ANS_PAM_RESPOND, m); |
1116 | auth_method = "keyboard-interactive/pam"; | 1122 | auth_method = "keyboard-interactive"; |
1123 | auth_submethod = "pam"; | ||
1117 | if (ret == 0) | 1124 | if (ret == 0) |
1118 | sshpam_authok = sshpam_ctxt; | 1125 | sshpam_authok = sshpam_ctxt; |
1119 | return (0); | 1126 | return (0); |
@@ -1127,7 +1134,8 @@ mm_answer_pam_free_ctx(int sock, Buffer *m) | |||
1127 | (sshpam_device.free_ctx)(sshpam_ctxt); | 1134 | (sshpam_device.free_ctx)(sshpam_ctxt); |
1128 | buffer_clear(m); | 1135 | buffer_clear(m); |
1129 | mm_request_send(sock, MONITOR_ANS_PAM_FREE_CTX, m); | 1136 | mm_request_send(sock, MONITOR_ANS_PAM_FREE_CTX, m); |
1130 | auth_method = "keyboard-interactive/pam"; | 1137 | auth_method = "keyboard-interactive"; |
1138 | auth_submethod = "pam"; | ||
1131 | return (sshpam_authok == sshpam_ctxt); | 1139 | return (sshpam_authok == sshpam_ctxt); |
1132 | } | 1140 | } |
1133 | #endif | 1141 | #endif |
@@ -1201,7 +1209,8 @@ mm_answer_keyallowed(int sock, Buffer *m) | |||
1201 | hostbased_chost = chost; | 1209 | hostbased_chost = chost; |
1202 | } else { | 1210 | } else { |
1203 | /* Log failed attempt */ | 1211 | /* Log failed attempt */ |
1204 | auth_log(authctxt, 0, auth_method, compat20 ? " ssh2" : ""); | 1212 | auth_log(authctxt, 0, 0, auth_method, NULL, |
1213 | compat20 ? " ssh2" : ""); | ||
1205 | xfree(blob); | 1214 | xfree(blob); |
1206 | xfree(cuser); | 1215 | xfree(cuser); |
1207 | xfree(chost); | 1216 | xfree(chost); |