*/
#include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.32 2001/01/21 19:05:44 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.40 2001/02/10 12:52:02 markus Exp $");
#ifdef HAVE_OSF_SIA
# include <sia.h>
#include "auth.h"
#include "session.h"
#include "dispatch.h"
-#include "auth.h"
-#include "cipher.h"
#include "key.h"
+#include "cipher.h"
#include "kex.h"
#include "pathnames.h"
-
#include "uidswap.h"
#include "auth-options.h"
{"publickey",
userauth_pubkey,
&options.pubkey_authentication},
- {"keyboard-interactive",
- userauth_kbdint,
- &options.kbd_interactive_authentication},
{"password",
userauth_passwd,
&options.password_authentication},
+ {"keyboard-interactive",
+ userauth_kbdint,
+ &options.kbd_interactive_authentication},
{NULL, NULL, NULL}
};
x_authctxt = authctxt; /*XXX*/
-#ifdef AFS
- /* If machine has AFS, set process authentication group. */
- if (k_hasafs()) {
- k_setpag();
- k_unlog();
- }
-#endif
+ /* challenge-reponse is implemented via keyboard interactive */
+ if (options.challenge_reponse_authentication)
+ options.kbd_interactive_authentication = 1;
+
dispatch_init(&protocol_error);
dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request);
dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt);
return;
}
-void
+void
userauth_reply(Authctxt *authctxt, int authenticated)
{
char *methods;
/* XXX todo: check if multiple auth methods are needed */
- if (authenticated) {
+ if (authenticated == 1) {
#ifdef WITH_AIXAUTHENTICATE
/* We don't have a pty yet, so just label the line as "ssh" */
- if (loginsuccess(authctxt->user?authctxt->user:"NOUSER",
- get_canonical_hostname(), "ssh", &aixloginmsg) < 0)
+ if (loginsuccess(authctxt->user?authctxt->user:"NOUSER",
+ get_canonical_hostname(options.reverse_mapping_check),
+ "ssh", &aixloginmsg) < 0)
aixloginmsg = NULL;
#endif /* WITH_AIXAUTHENTICATE */
/* turn off userauth */
authctxt->success = 1;
} else {
if (authctxt->failures++ > AUTH_FAIL_MAX)
- packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
+ packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
methods = authmethods_get();
packet_start(SSH2_MSG_USERAUTH_FAILURE);
packet_put_cstring(methods);
if (m != NULL)
m->enabled = NULL;
packet_done();
- userauth_banner();
+ userauth_banner();
if (authctxt->valid == 0)
return(0);
-
+
#ifdef HAVE_CYGWIN
if (check_nt_auth(1, authctxt->pw->pw_uid) == 0)
return(0);
#ifdef USE_PAM
return auth_pam_password(authctxt->pw, "");
#elif defined(HAVE_OSF_SIA)
- return (sia_validate_user(NULL, saved_argc, saved_argv,
- get_canonical_hostname(), authctxt->user?authctxt->user:"NOUSER",
- NULL, 0, NULL, "") == SIASUCCESS);
+ return (sia_validate_user(NULL, saved_argc, saved_argv,
+ get_canonical_hostname(options.reverse_mapping_check),
+ authctxt->user?authctxt->user:"NOUSER", NULL, 0,
+ NULL, "") == SIASUCCESS);
#else /* !HAVE_OSF_SIA && !USE_PAM */
return auth_password(authctxt->pw, "");
#endif /* USE_PAM */
#ifdef USE_PAM
auth_pam_password(authctxt->pw, password) == 1)
#elif defined(HAVE_OSF_SIA)
- sia_validate_user(NULL, saved_argc, saved_argv,
- get_canonical_hostname(), authctxt->user?authctxt->user:"NOUSER",
- NULL, 0, NULL, password) == SIASUCCESS)
+ sia_validate_user(NULL, saved_argc, saved_argv,
+ get_canonical_hostname(options.reverse_mapping_check),
+ authctxt->user?authctxt->user:"NOUSER", NULL, 0, NULL,
+ password) == SIASUCCESS)
#else /* !USE_PAM && !HAVE_OSF_SIA */
auth_password(authctxt->pw, password) == 1)
#endif /* USE_PAM */
debug("keyboard-interactive language %s devs %s", lang, devs);
- authenticated = auth2_challenge(authctxt, devs);
+ if (options.challenge_reponse_authentication)
+ authenticated = auth2_challenge(authctxt, devs);
#ifdef USE_PAM
if (authenticated == 0)
packet_put_string(pkblob, blen);
packet_send();
packet_write_wait();
- authenticated = -1;
+ authctxt->postponed = 1;
}
}
if (authenticated != 1)
andersk / openssh.git / blobdiff