*/
#include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.46 2003/01/23 00:03:00 djm Exp $");
+RCSID("$OpenBSD: auth1.c,v 1.48 2003/04/08 20:21:28 itojun Exp $");
#include "xmalloc.h"
#include "rsa.h"
char info[1024];
u_int dlen;
u_int ulen;
- int type = 0;
+ int prev, type = 0;
struct passwd *pw = authctxt->pw;
debug("Attempting authentication for %s%.100s.",
info[0] = '\0';
/* Get a packet from the client. */
+ prev = type;
type = packet_read();
+ /*
+ * If we started challenge-response authentication but the
+ * next packet is not a response to our challenge, release
+ * the resources allocated by get_challenge() (which would
+ * normally have been released by verify_response() had we
+ * received such a response)
+ */
+ if (prev == SSH_CMSG_AUTH_TIS &&
+ type != SSH_CMSG_AUTH_TIS_RESPONSE)
+ abandon_challenge_response(authctxt);
+
/* Process the packet. */
switch (type) {
* Any unknown messages will be ignored (and failure
* returned) during authentication.
*/
- log("Unknown message during authentication: type %d", type);
+ logit("Unknown message during authentication: type %d", type);
break;
}
#ifdef BSD_AUTH
authctxt->user);
#ifdef _UNICOS
- if (type == SSH_CMSG_AUTH_PASSWORD && !authenticated)
- cray_login_failure(authctxt->user, IA_UDBERR);
if (authenticated && cray_access_denied(authctxt->user)) {
authenticated = 0;
fatal("Access denied for user %s.",authctxt->user);
}
#else
/* Special handling for root */
- if (!use_privsep &&
- authenticated && authctxt->pw->pw_uid == 0 &&
+ if (authenticated && authctxt->pw->pw_uid == 0 &&
!auth_root_allowed(get_authname(type)))
authenticated = 0;
#endif
-#ifdef USE_PAM
- if (!use_privsep && authenticated &&
- !do_pam_account(pw->pw_name, client_user))
- authenticated = 0;
-#endif
/* Log before sending the reply */
auth_log(authctxt, authenticated, get_authname(type), info);
if (authenticated)
return;
- if (authctxt->failures++ > AUTH_FAIL_MAX) {
+ if (authctxt->failures++ > AUTH_FAIL_MAX)
packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
- }
packet_start(SSH_SMSG_FAILURE);
packet_send();
use_privsep ? " [net]" : "");
#ifdef USE_PAM
- PRIVSEP(start_pam(authctxt->pw == NULL ? "NOUSER" : user));
+ if (options.use_pam)
+ PRIVSEP(start_pam(user));
#endif
/*