X-Git-Url: http://andersk.mit.edu/gitweb/gssapi-openssh.git/blobdiff_plain/08822d99de1b1080f8c730bbebc192b5b45bf89b..c3c5aa173509666627c398161e9b7f3a34d2fdc2:/openssh/auth2.c

diff --git a/openssh/auth2.c b/openssh/auth2.c
index 1a5c91c..ff7d639 100644
--- a/openssh/auth2.c
+++ b/openssh/auth2.c
@@ -1,3 +1,4 @@
+/* $OpenBSD: auth2.c,v 1.115 2007/04/14 22:01:58 stevesk Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -23,23 +24,32 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.107 2004/07/28 09:40:29 markus Exp $");
 
-#include "ssh2.h"
+#include <sys/types.h>
+
+#include <pwd.h>
+#include <stdarg.h>
+#include <string.h>
+
 #include "xmalloc.h"
+#include "ssh2.h"
 #include "packet.h"
 #include "log.h"
+#include "buffer.h"
 #include "servconf.h"
 #include "compat.h"
+#include "key.h"
+#include "hostfile.h"
 #include "auth.h"
 #include "dispatch.h"
 #include "pathnames.h"
-#include "monitor_wrap.h"
 #include "buffer.h"
+#include "canohost.h"
 
 #ifdef GSSAPI
 #include "ssh-gss.h"
 #endif
+#include "monitor_wrap.h"
 
 /* import */
 extern ServerOptions options;
@@ -61,6 +71,9 @@ extern Authmethod method_gssapi;
 extern Authmethod method_gssapi_compat;
 #endif
 
+static int log_flag = 0;
+
+
 Authmethod *authmethods[] = {
 	&method_none,
 	&method_pubkey,
@@ -93,15 +106,12 @@ int user_key_allowed(struct passwd *, Key *);
 void
 do_authentication2(Authctxt *authctxt)
 {
-	/* challenge-response is implemented via keyboard interactive */
-	if (options.challenge_response_authentication)
-		options.kbd_interactive_authentication = 1;
-
 	dispatch_init(&dispatch_protocol_error);
 	dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request);
 	dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt);
 }
 
+/*ARGSUSED*/
 static void
 input_service_request(int type, u_int32_t seq, void *ctxt)
 {
@@ -135,6 +145,7 @@ input_service_request(int type, u_int32_t seq, void *ctxt)
 	xfree(service);
 }
 
+/*ARGSUSED*/
 static void
 input_userauth_request(int type, u_int32_t seq, void *ctxt)
 {
@@ -163,6 +174,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
 		    debug("set username to %s from gssapi context", user);
 		} else {
 		    debug("failed to set username from gssapi context");
+		    packet_send_debug("failed to set username from gssapi context");
 		}
 	    }
 	}
@@ -170,12 +182,17 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
 
 	debug("userauth-request for user %s service %s method %s",
 	      user[0] ? user : "<implicit>", service, method);
+	if (!log_flag) {
+		logit("SSH: Server;Ltype: Authname;Remote: %s-%d;Name: %s", 
+		      get_remote_ipaddr(), get_remote_port(), user);
+		log_flag = 1;
+	}
 	debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
 
 	if ((style = strchr(user, ':')) != NULL)
 		*style++ = 0;
 
-	/* If first time or username changed or implicit username,
+	/* If first time or username changed or empty username,
 	   setup/reset authentication context. */
 	if ((authctxt->attempt++ == 0) ||
 	    (strcmp(user, authctxt->user) != 0) ||
@@ -185,6 +202,10 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
 		    authctxt->user = NULL;
 		}
 		authctxt->valid = 0;
+        authctxt->user = xstrdup(user);
+        if (strcmp(service, "ssh-connection") != 0) {
+            packet_disconnect("Unsupported service %s", service);
+        }
 #ifdef GSSAPI
 		/* If we're going to set the username based on the
 		   GSSAPI context later, then wait until then to
@@ -193,12 +214,10 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
 		    ((strcmp(method, "gssapi") == 0) ||
 		     (strcmp(method, "gssapi-with-mic") == 0))) {
 			authctxt->pw = fakepw();
-			authctxt->user = xstrdup(user);
 		} else {
 #endif
 		authctxt->pw = PRIVSEP(getpwnamallow(user));
-		authctxt->user = xstrdup(user);
-		if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
+		if (authctxt->pw) {
 			authctxt->valid = 1;
 			debug2("input_userauth_request: setting up authctxt for %s", user);
 		} else {
@@ -217,16 +236,12 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
 #endif
 		setproctitle("%s%s", authctxt->valid ? user : "unknown",
 		    use_privsep ? " [net]" : "");
-#ifdef GSSAPI
 		if (authctxt->attempt == 1) {
-#endif
-		authctxt->service = xstrdup(service);
-		authctxt->style = style ? xstrdup(style) : NULL;
-		if (use_privsep)
-			mm_inform_authserv(service, style);
-#ifdef GSSAPI
-		} /* if (authctxt->attempt == 1) */
-#endif
+            authctxt->service = xstrdup(service);
+            authctxt->style = style ? xstrdup(style) : NULL;
+            if (use_privsep)
+                mm_inform_authserv(service, style);
+		}
 	}
 	if (strcmp(service, authctxt->service) != 0) {
 		packet_disconnect("Change of service not allowed: "
@@ -331,8 +346,6 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
 	}
 }
 
-#define	DELIM	","
-
 static char *
 authmethods_get(void)
 {