*/
#include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.11 2001/01/18 16:59:59 markus Exp $");
-
-#ifdef HAVE_OSF_SIA
-# include <sia.h>
-# include <siad.h>
-#endif
+RCSID("$OpenBSD: auth1.c,v 1.18 2001/02/22 21:59:43 markus Exp $");
#include "xmalloc.h"
#include "rsa.h"
-#include "ssh.h"
+#include "ssh1.h"
#include "packet.h"
#include "buffer.h"
#include "mpaux.h"
+#include "log.h"
#include "servconf.h"
#include "compat.h"
#include "auth.h"
#include "session.h"
+#include "misc.h"
/* import */
extern ServerOptions options;
#ifdef WITH_AIXAUTHENTICATE
extern char *aixloginmsg;
#endif /* WITH_AIXAUTHENTICATE */
-#ifdef HAVE_OSF_SIA
-extern int saved_argc;
-extern char **saved_argv;
-#endif /* HAVE_OSF_SIA */
/*
* convert ssh auth msg type into description
(!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
#endif
#ifdef USE_PAM
- auth_pam_password(pw, password)) {
+ auth_pam_password(pw, "")) {
+#elif defined(HAVE_OSF_SIA)
+ 0) {
#else
- auth_password(pw, "")) {
+ auth_password(authctxt, "")) {
#endif
auth_log(authctxt, 1, "without authentication", "");
return;
authenticated = auth_pam_password(pw, password);
#elif defined(HAVE_OSF_SIA)
/* Do SIA auth with password */
- if (sia_validate_user(NULL, saved_argc, saved_argv,
- get_canonical_hostname(), pw->pw_name, NULL, 0,
- NULL, password) == SIASUCCESS) {
- authenticated = 1;
- }
+ authenticated = auth_sia_password(authctxt->user,
+ password);
#else /* !USE_PAM && !HAVE_OSF_SIA */
- /* Try authentication with the password. */
- authenticated = auth_password(pw, password);
+ /* Try authentication with the password. */
+ authenticated = auth_password(authctxt, password);
#endif /* USE_PAM */
memset(password, 0, strlen(password));
xfree(password);
break;
-#ifdef SKEY /* ISSUE: Is this right? we don't define
- having skey_authentication in
- servconf.h by default so I assume
- we need to deal with this via #ifdef
- in some reasonable way */
case SSH_CMSG_AUTH_TIS:
debug("rcvd SSH_CMSG_AUTH_TIS");
- if (options.skey_authentication == 1) {
+ if (options.challenge_reponse_authentication == 1) {
char *challenge = get_challenge(authctxt, authctxt->style);
if (challenge != NULL) {
debug("sending challenge '%s'", challenge);
break;
case SSH_CMSG_AUTH_TIS_RESPONSE:
debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE");
- if (options.skey_authentication == 1) {
+ if (options.challenge_reponse_authentication == 1) {
char *response = packet_get_string(&dlen);
debug("got response '%s'", response);
packet_integrity_check(plen, 4 + dlen, type);
xfree(response);
}
break;
-#endif /* ISSUE: End of wrong SKEY defines */
default:
/*
log("Unknown message during authentication: type %d", type);
break;
}
+#ifdef BSD_AUTH
+ if (authctxt->as) {
+ auth_close(authctxt->as);
+ authctxt->as = NULL;
+ }
+#endif
if (!authctxt->valid && authenticated)
fatal("INTERNAL ERROR: authenticated invalid user %s",
authctxt->user);
-#ifdef HAVE_CYGWIN /* ISSUE: Right place? */
- if (authenticated &&
+#ifdef HAVE_CYGWIN
+ if (authenticated &&
!check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD,pw->pw_uid)) {
packet_disconnect("Authentication rejected for uid %d.",
(int)pw->pw_uid);
}
#else
/* Special handling for root */
- if (authenticated && authctxt->pw->pw_uid == 0 && !auth_root_allowed())
+ if (authenticated && authctxt->pw->pw_uid == 0 &&
+ !auth_root_allowed(get_authname(type)))
authenticated = 0;
#endif
-#ifdef USE_PAM
+#ifdef USE_PAM
if (authenticated && !do_pam_account(pw->pw_name, client_user))
authenticated = 0;
#endif
if (authenticated)
return;
- if (authctxt->failures++ > AUTH_FAIL_MAX) {
-#ifdef WITH_AIXAUTHENTICATE
- loginfailed(user,get_canonical_hostname(),"ssh");
+ if (authctxt->failures++ > AUTH_FAIL_MAX) {
+#ifdef WITH_AIXAUTHENTICATE
+ loginfailed(authctxt->user,
+ get_canonical_hostname(options.reverse_mapping_check),
+ "ssh");
#endif /* WITH_AIXAUTHENTICATE */
packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
}
authctxt->user = user;
authctxt->style = style;
- setproctitle("%s", user);
-
-#ifdef AFS
- /* If machine has AFS, set process authentication group. */
- if (k_hasafs()) {
- k_setpag();
- k_unlog();
- }
-#endif /* AFS */
-
/* Verify that the user is a valid user. */
pw = getpwnam(user);
if (pw && allowed_user(pw)) {
}
authctxt->pw = pw;
+ setproctitle("%s", pw ? user : "unknown");
+
#ifdef USE_PAM
if (pw)
start_pam(user);
#endif
/*
- * Loop until the user has been authenticated or the connection is
- * closed, do_authloop() returns only if authentication is successful
- */
+ * Loop until the user has been authenticated or the connection is
+ * closed, do_authloop() returns only if authentication is successful
+ */
do_authloop(authctxt);
/* The user has been authenticated and accepted. */
#ifdef WITH_AIXAUTHENTICATE
/* We don't have a pty yet, so just label the line as "ssh" */
- if (loginsuccess(authctxt->user,get_canonical_hostname(),"ssh",&aixloginmsg) < 0)
+ if (loginsuccess(authctxt->user,
+ get_canonical_hostname(options.reverse_mapping_check),
+ "ssh", &aixloginmsg) < 0)
aixloginmsg = NULL;
#endif /* WITH_AIXAUTHENTICATE */