]> andersk Git - gssapi-openssh.git/blobdiff - openssh/auth2.c
andersk / gssapi-openssh.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Initial revision
[gssapi-openssh.git] / openssh / auth2.c
diff --git a/openssh/auth2.c b/openssh/auth2.c
index a660c83f71360737bedf598eb92eff17e9a6adff..82306ba723504f7027ebe31469a34e85438aff8d 100644 (file)
--- a/openssh/auth2.c
+++ b/openssh/auth2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.113 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: auth2.c,v 1.114 2007/03/01 10:28:02 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -102,10 +102,6 @@ int user_key_allowed(struct passwd *, Key *);
 void
 do_authentication2(Authctxt *authctxt)
 {
-       /* challenge-response is implemented via keyboard interactive */
-       if (options.challenge_response_authentication)
-               options.kbd_interactive_authentication = 1;
-
        dispatch_init(&dispatch_protocol_error);
        dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request);
        dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt);
@@ -187,7 +183,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
        if ((style = strchr(user, ':')) != NULL)
                *style++ = 0;
 
-       /* If first time or username changed or implicit username,
+       /* If first time or username changed or empty username,
           setup/reset authentication context. */
        if ((authctxt->attempt++ == 0) ||
            (strcmp(user, authctxt->user) != 0) ||
@@ -197,6 +193,10 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
                    authctxt->user = NULL;
                }
                authctxt->valid = 0;
+        authctxt->user = xstrdup(user);
+        if (strcmp(service, "ssh-connection") != 0) {
+            packet_disconnect("Unsupported service %s", service);
+        }
 #ifdef GSSAPI
                /* If we're going to set the username based on the
                   GSSAPI context later, then wait until then to
@@ -205,12 +205,10 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
                    ((strcmp(method, "gssapi") == 0) ||
                     (strcmp(method, "gssapi-with-mic") == 0))) {
                        authctxt->pw = fakepw();
-                       authctxt->user = xstrdup(user);
                } else {
 #endif
                authctxt->pw = PRIVSEP(getpwnamallow(user));
-               authctxt->user = xstrdup(user);
-               if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
+               if (authctxt->pw) {
                        authctxt->valid = 1;
                        debug2("input_userauth_request: setting up authctxt for %s", user);
                } else {
@@ -229,16 +227,12 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
 #endif
                setproctitle("%s%s", authctxt->valid ? user : "unknown",
                    use_privsep ? " [net]" : "");
-#ifdef GSSAPI
                if (authctxt->attempt == 1) {
-#endif
-               authctxt->service = xstrdup(service);
-               authctxt->style = style ? xstrdup(style) : NULL;
-               if (use_privsep)
-                       mm_inform_authserv(service, style);
-#ifdef GSSAPI
-               } /* if (authctxt->attempt == 1) */
-#endif
+            authctxt->service = xstrdup(service);
+            authctxt->style = style ? xstrdup(style) : NULL;
+            if (use_privsep)
+                mm_inform_authserv(service, style);
+               }
        }
        if (strcmp(service, authctxt->service) != 0) {
                packet_disconnect("Change of service not allowed: "
git-cvsimport mirror of GSI OpenSSH
This page took 0.048763 seconds and 4 git commands to generate.