-/* $OpenBSD: auth.c,v 1.73 2006/07/26 02:35:17 stevesk Exp $ */
+/* $OpenBSD: auth.c,v 1.78 2007/09/21 08:15:29 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
#include <sys/stat.h>
#include <sys/param.h>
+#include <netinet/in.h>
+
#include <errno.h>
#ifdef HAVE_PATHS_H
# include <paths.h>
#include <libgen.h>
#endif
#include <stdarg.h>
+#include <stdio.h>
#include <string.h>
#include "xmalloc.h"
#include "match.h"
#include "groupaccess.h"
#include "log.h"
+#include "buffer.h"
#include "servconf.h"
+#include "key.h"
+#include "hostfile.h"
#include "auth.h"
#include "auth-options.h"
#include "canohost.h"
-#include "buffer.h"
-#include "bufaux.h"
#include "uidswap.h"
#include "misc.h"
-#include "bufaux.h"
#include "packet.h"
#include "loginrec.h"
+#ifdef GSSAPI
+#include "ssh-gss.h"
+#endif
#include "monitor_wrap.h"
/* import */
extern ServerOptions options;
extern int use_privsep;
extern Buffer loginmsg;
+extern struct passwd *privsep_pw;
/* Debugging messages */
Buffer auth_debug;
/* grab passwd field for locked account check */
#ifdef USE_SHADOW
if (spw != NULL)
-#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
+#ifdef USE_LIBIAF
passwd = get_iaf_password(pw);
#else
passwd = spw->sp_pwdp;
-#endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */
+#endif /* USE_LIBIAF */
#else
passwd = pw->pw_passwd;
#endif
if (strstr(passwd, LOCKED_PASSWD_SUBSTR))
locked = 1;
#endif
-#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
+#ifdef USE_LIBIAF
free(passwd);
-#endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */
+#endif /* USE_LIBIAF */
if (locked) {
logit("User %.100s not allowed because account is locked",
pw->pw_name);
strcmp(method, "challenge-response") == 0))
record_failed_login(authctxt->user,
get_canonical_hostname(options.use_dns), "ssh");
+# ifdef WITH_AIXAUTHENTICATE
+ if (authenticated)
+ sys_auth_record_login(authctxt->user,
+ get_canonical_hostname(options.use_dns), "ssh", &loginmsg);
+# endif
#endif
#ifdef SSH_AUDIT_EVENTS
if (authenticated == 0 && !authctxt->postponed)
fake.pw_passwd =
"$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK";
fake.pw_gecos = "NOUSER";
- fake.pw_uid = (uid_t)-1;
- fake.pw_gid = (gid_t)-1;
+ fake.pw_uid = privsep_pw == NULL ? (uid_t)-1 : privsep_pw->pw_uid;
+ fake.pw_gid = privsep_pw == NULL ? (gid_t)-1 : privsep_pw->pw_gid;
#ifdef HAVE_PW_CLASS_IN_PASSWD
fake.pw_class = "";
#endif