*/
#include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.14 2001/01/22 23:06:39 markus Exp $");
-
-#ifdef HAVE_OSF_SIA
-# include <sia.h>
-# include <siad.h>
-#endif
+RCSID("$OpenBSD: auth1.c,v 1.18 2001/02/22 21:59:43 markus Exp $");
#include "xmalloc.h"
#include "rsa.h"
#include "compat.h"
#include "auth.h"
#include "session.h"
+#include "misc.h"
/* import */
extern ServerOptions options;
#ifdef WITH_AIXAUTHENTICATE
extern char *aixloginmsg;
#endif /* WITH_AIXAUTHENTICATE */
-#ifdef HAVE_OSF_SIA
-extern int saved_argc;
-extern char **saved_argv;
-#endif /* HAVE_OSF_SIA */
/*
* convert ssh auth msg type into description
(!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
#endif
#ifdef USE_PAM
- auth_pam_password(pw, password)) {
+ auth_pam_password(pw, "")) {
+#elif defined(HAVE_OSF_SIA)
+ 0) {
#else
- auth_password(pw, "")) {
+ auth_password(authctxt, "")) {
#endif
auth_log(authctxt, 1, "without authentication", "");
return;
authenticated = auth_pam_password(pw, password);
#elif defined(HAVE_OSF_SIA)
/* Do SIA auth with password */
- if (sia_validate_user(NULL, saved_argc, saved_argv,
- get_canonical_hostname(options.reverse_mapping_check),
- pw->pw_name, NULL, 0, NULL, password) == SIASUCCESS) {
- authenticated = 1;
- }
+ authenticated = auth_sia_password(authctxt->user,
+ password);
#else /* !USE_PAM && !HAVE_OSF_SIA */
/* Try authentication with the password. */
- authenticated = auth_password(pw, password);
+ authenticated = auth_password(authctxt, password);
#endif /* USE_PAM */
memset(password, 0, strlen(password));
log("Unknown message during authentication: type %d", type);
break;
}
+#ifdef BSD_AUTH
+ if (authctxt->as) {
+ auth_close(authctxt->as);
+ authctxt->as = NULL;
+ }
+#endif
if (!authctxt->valid && authenticated)
fatal("INTERNAL ERROR: authenticated invalid user %s",
authctxt->user);
-#ifdef HAVE_CYGWIN
- if (authenticated &&
+#ifdef HAVE_CYGWIN
+ if (authenticated &&
!check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD,pw->pw_uid)) {
packet_disconnect("Authentication rejected for uid %d.",
(int)pw->pw_uid);
}
#else
/* Special handling for root */
- if (authenticated && authctxt->pw->pw_uid == 0 && !auth_root_allowed())
+ if (authenticated && authctxt->pw->pw_uid == 0 &&
+ !auth_root_allowed(get_authname(type)))
authenticated = 0;
#endif
-#ifdef USE_PAM
+#ifdef USE_PAM
if (authenticated && !do_pam_account(pw->pw_name, client_user))
authenticated = 0;
#endif
return;
if (authctxt->failures++ > AUTH_FAIL_MAX) {
-#ifdef WITH_AIXAUTHENTICATE
- loginfailed(authctxt->user,
- get_canonical_hostname(options.reverse_mapping_check),
+#ifdef WITH_AIXAUTHENTICATE
+ loginfailed(authctxt->user,
+ get_canonical_hostname(options.reverse_mapping_check),
"ssh");
#endif /* WITH_AIXAUTHENTICATE */
packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
authctxt->user = user;
authctxt->style = style;
- setproctitle("%s", user);
-
-#ifdef AFS
- /* If machine has AFS, set process authentication group. */
- if (k_hasafs()) {
- k_setpag();
- k_unlog();
- }
-#endif /* AFS */
-
/* Verify that the user is a valid user. */
pw = getpwnam(user);
if (pw && allowed_user(pw)) {
}
authctxt->pw = pw;
+ setproctitle("%s", pw ? user : "unknown");
+
#ifdef USE_PAM
if (pw)
start_pam(user);
#ifdef WITH_AIXAUTHENTICATE
/* We don't have a pty yet, so just label the line as "ssh" */
- if (loginsuccess(authctxt->user,
+ if (loginsuccess(authctxt->user,
get_canonical_hostname(options.reverse_mapping_check),
"ssh", &aixloginmsg) < 0)
aixloginmsg = NULL;