diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2001-06-09 00:23:17 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-06-09 00:23:17 +0000 |
commit | cd4349f969a8cc4cf2902ffd0a67aea49fae2102 (patch) | |
tree | 6bae3e606cd14eb87efd683d73d9074b6ea66c36 /auth2.c | |
parent | 5ec2645a2d4a5045e587868b3f2ed33ae187f594 (diff) |
- markus@cvs.openbsd.org 2001/05/30 23:31:14
[auth2.c]
merge
Diffstat (limited to 'auth2.c')
-rw-r--r-- | auth2.c | 64 |
1 files changed, 26 insertions, 38 deletions
@@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2.c,v 1.59 2001/05/30 12:55:06 markus Exp $"); +RCSID("$OpenBSD: auth2.c,v 1.60 2001/05/30 23:31:14 markus Exp $"); #include <openssl/evp.h> @@ -88,7 +88,6 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, /* auth */ void userauth_banner(void); -void userauth_reply(Authctxt *authctxt, int authenticated); int userauth_none(Authctxt *authctxt); int userauth_passwd(Authctxt *authctxt); int userauth_pubkey(Authctxt *authctxt); @@ -255,6 +254,8 @@ input_userauth_request(int type, int plen, void *ctxt) void userauth_finish(Authctxt *authctxt, int authenticated, char *method) { + char *methods; + if (!authctxt->valid && authenticated) fatal("INTERNAL ERROR: authenticated invalid user %s", authctxt->user); @@ -273,8 +274,29 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) /* Log before sending the reply */ auth_log(authctxt, authenticated, method, " ssh2"); - if (!authctxt->postponed) - userauth_reply(authctxt, authenticated); + if (authctxt->postponed) + return; + + /* XXX todo: check if multiple auth methods are needed */ + if (authenticated == 1) { + /* turn off userauth */ + dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &protocol_error); + packet_start(SSH2_MSG_USERAUTH_SUCCESS); + packet_send(); + packet_write_wait(); + /* now we can break out */ + authctxt->success = 1; + } else { + if (authctxt->failures++ > AUTH_FAIL_MAX) + packet_disconnect(AUTH_FAIL_MSG, authctxt->user); + methods = authmethods_get(); + packet_start(SSH2_MSG_USERAUTH_FAILURE); + packet_put_cstring(methods); + packet_put_char(0); /* XXX partial success, unused */ + packet_send(); + packet_write_wait(); + xfree(methods); + } } void @@ -308,40 +330,6 @@ done: return; } -void -userauth_reply(Authctxt *authctxt, int authenticated) -{ - char *methods; - - /* XXX todo: check if multiple auth methods are needed */ - if (authenticated == 1) { -#ifdef WITH_AIXAUTHENTICATE - /* We don't have a pty yet, so just label the line as "ssh" */ - if (loginsuccess(authctxt->user?authctxt->user:"NOUSER", - get_canonical_hostname(options.reverse_mapping_check), - "ssh", &aixloginmsg) < 0) - aixloginmsg = NULL; -#endif /* WITH_AIXAUTHENTICATE */ - /* turn off userauth */ - dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &protocol_error); - packet_start(SSH2_MSG_USERAUTH_SUCCESS); - packet_send(); - packet_write_wait(); - /* now we can break out */ - authctxt->success = 1; - } else { - if (authctxt->failures++ > AUTH_FAIL_MAX) - packet_disconnect(AUTH_FAIL_MSG, authctxt->user); - methods = authmethods_get(); - packet_start(SSH2_MSG_USERAUTH_FAILURE); - packet_put_cstring(methods); - packet_put_char(0); /* XXX partial success, unused */ - packet_send(); - packet_write_wait(); - xfree(methods); - } -} - int userauth_none(Authctxt *authctxt) { |