*/
#include "includes.h"
-RCSID("$OpenBSD: monitor.c,v 1.52 2003/11/17 11:06:07 markus Exp $");
+RCSID("$OpenBSD: monitor.c,v 1.55 2004/02/05 05:37:17 dtucker Exp $");
#include <openssl/dh.h>
authenticated = 0;
#ifdef USE_PAM
/* PAM needs to perform account checks after auth */
- if (options.use_pam) {
+ if (options.use_pam && authenticated) {
Buffer m;
buffer_init(&m);
- mm_request_receive_expect(pmonitor->m_sendfd,
+ mm_request_receive_expect(pmonitor->m_sendfd,
MONITOR_REQ_PAM_ACCOUNT, &m);
authenticated = mm_answer_pam_account(pmonitor->m_sendfd, &m);
buffer_free(&m);
if (pwent == NULL) {
buffer_put_char(m, 0);
+ authctxt->pw = fakepw();
goto out;
}
mm_answer_pam_start(int socket, Buffer *m)
{
char *user;
-
+
if (!options.use_pam)
fatal("UsePAM not set, but ended up in %s anyway", __func__);
mm_answer_pam_account(int socket, Buffer *m)
{
u_int ret;
-
+
if (!options.use_pam)
fatal("UsePAM not set, but ended up in %s anyway", __func__);
mon = xmalloc(sizeof(*mon));
+ mon->m_pid = 0;
monitor_socketpair(pair);
mon->m_recvfd = pair[0];
gss_buffer_desc gssbuf, mic;
OM_uint32 ret;
u_int len;
-
+
gssbuf.value = buffer_get_string(m, &len);
gssbuf.length = len;
mic.value = buffer_get_string(m, &len);
mic.length = len;
-
+
ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic);
-
+
xfree(gssbuf.value);
xfree(mic.value);
-
+
buffer_clear(m);
buffer_put_int(m, ret);
-
+
mm_request_send(socket, MONITOR_ANS_GSSCHECKMIC, m);
-
+
if (!GSS_ERROR(ret))
monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
-
+
return (0);
}