drop support for old external-keyx and gssapi methods

[gssapi-openssh.git] / openssh / auth2.c

diff --git a/openssh/auth2.c b/openssh/auth2.c
index a7553ce2c3a2553a2e431f0c7510c4fc1923fef0..f4ab7f4413ec8e2d23c286856e2e961215caac14 100644 (file)
--- a/openssh/auth2.c
+++ b/openssh/auth2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.119 2008/07/04 23:30:16 djm Exp $ */
+/* $OpenBSD: auth2.c,v 1.121 2009/06/22 05:39:28 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -35,8 +35,8 @@
 #include <string.h>
 #include <unistd.h>
 
-#include "xmalloc.h"
 #include "atomicio.h"
+#include "xmalloc.h"
 #include "ssh2.h"
 #include "packet.h"
 #include "log.h"
@@ -70,10 +70,11 @@ extern Authmethod method_passwd;
 extern Authmethod method_kbdint;
 extern Authmethod method_hostbased;
 #ifdef GSSAPI
-extern Authmethod method_external;
 extern Authmethod method_gsskeyex;
 extern Authmethod method_gssapi;
-extern Authmethod method_gssapi_compat;
+#endif
+#ifdef JPAKE
+extern Authmethod method_jpake;
 #endif
 
 static int log_flag = 0;
@@ -84,9 +85,10 @@ Authmethod *authmethods[] = {
        &method_pubkey,
 #ifdef GSSAPI
        &method_gsskeyex,
-       &method_external,
        &method_gssapi,
-       &method_gssapi_compat,
+#endif
+#ifdef JPAKE
+       &method_jpake,
 #endif
        &method_passwd,
        &method_kbdint,
@@ -232,8 +234,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
 #ifdef GSSAPI
        if (user[0] == '\0') {
            debug("received empty username for %s", method);
-           if (strcmp(method, "external-keyx") == 0 ||
-               strcmp(method, "gssapi-keyex") == 0) {
+           if (strcmp(method, "gssapi-keyex") == 0) {
                char *lname = NULL;
                PRIVSEP(ssh_gssapi_localname(&lname));
                if (lname && lname[0] != '\0') {
@@ -252,7 +253,8 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
              user[0] ? user : "<implicit>", service, method);
        if (!log_flag) {
                logit("SSH: Server;Ltype: Authname;Remote: %s-%d;Name: %s", 
-                     get_remote_ipaddr(), get_remote_port(), user);
+                     get_remote_ipaddr(), get_remote_port(),
+              user[0] ? user : "<implicit>");
                log_flag = 1;
        }
        debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
@@ -319,8 +321,12 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
        }
        /* reset state */
        auth2_challenge_stop(authctxt);
+#ifdef JPAKE
+       auth2_jpake_stop(authctxt);
+#endif
 
 #ifdef GSSAPI
+       /* XXX move to auth2_gssapi_stop() */
        dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
        dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL);
 #endif
@@ -400,7 +406,7 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
                /* Dont count server configuration issues against the client */
                /* Allow initial try of "none" auth without failure penalty */
                if (!authctxt->server_caused_failure &&
-            (authctxt->attempt > 1 || strcmp(method, "none") != 0))
+                   (authctxt->attempt > 1 || strcmp(method, "none") != 0))
                        authctxt->failures++;
                if (authctxt->failures >= options.max_authtries) {
 #ifdef SSH_AUDIT_EVENTS