- /* XXX we only allow the ssh-connection service */
- pw = auth_set_user(user, service);
- if (pw && strcmp(service, "ssh-connection")==0) {
- if (strcmp(method, "none") == 0) {
- authenticated = ssh2_auth_none(pw);
- } else if (strcmp(method, "password") == 0) {
- authenticated = ssh2_auth_password(pw);
- } else if (strcmp(method, "publickey") == 0) {
- authenticated = ssh2_auth_pubkey(pw, service);
+ user = packet_get_string(NULL);
+ service = packet_get_string(NULL);
+ method = packet_get_string(NULL);
+ debug("userauth-request for user %s service %s method %s", user, service, method);
+ debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
+
+ if ((style = strchr(user, ':')) != NULL)
+ *style++ = 0;
+
+ if (authctxt->attempt++ == 0) {
+ /* setup auth context */
+ struct passwd *pw = NULL;
+ pw = getpwnam(user);
+ if (pw && allowed_user(pw) && strcmp(service, "ssh-connection")==0) {
+ authctxt->pw = pwcopy(pw);
+ authctxt->valid = 1;
+ debug2("input_userauth_request: setting up authctxt for %s", user);
+#ifdef USE_PAM
+ start_pam(pw->pw_name);
+#endif
+ } else {
+ log("input_userauth_request: illegal user %s", user);
+#ifdef USE_PAM
+ start_pam("NOUSER");
+#endif
+ }
+ setproctitle("%s", pw ? user : "unknown");
+ authctxt->user = xstrdup(user);
+ authctxt->service = xstrdup(service);
+ authctxt->style = style ? xstrdup(style) : NULL; /* currently unused */
+ } else if (authctxt->valid) {
+ if (strcmp(user, authctxt->user) != 0 ||
+ strcmp(service, authctxt->service) != 0) {
+ log("input_userauth_request: missmatch: (%s,%s)!=(%s,%s)",
+ user, service, authctxt->user, authctxt->service);
+ authctxt->valid = 0;