*/
#include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.47 2003/02/06 21:22:42 markus Exp $");
+RCSID("$OpenBSD: auth1.c,v 1.48 2003/04/08 20:21:28 itojun Exp $");
#include "xmalloc.h"
#include "rsa.h"
char info[1024];
u_int dlen;
u_int ulen;
- int type = 0;
+ int prev, type = 0;
struct passwd *pw = authctxt->pw;
debug("Attempting authentication for %s%.100s.",
info[0] = '\0';
/* Get a packet from the client. */
+ prev = type;
type = packet_read();
+ /*
+ * If we started challenge-response authentication but the
+ * next packet is not a response to our challenge, release
+ * the resources allocated by get_challenge() (which would
+ * normally have been released by verify_response() had we
+ * received such a response)
+ */
+ if (prev == SSH_CMSG_AUTH_TIS &&
+ type != SSH_CMSG_AUTH_TIS_RESPONSE)
+ abandon_challenge_response(authctxt);
+
/* Process the packet. */
switch (type) {
* Any unknown messages will be ignored (and failure
* returned) during authentication.
*/
- log("Unknown message during authentication: type %d", type);
+ logit("Unknown message during authentication: type %d", type);
break;
}
#ifdef BSD_AUTH
authctxt->user);
#ifdef _UNICOS
- if (type == SSH_CMSG_AUTH_PASSWORD && !authenticated)
- cray_login_failure(authctxt->user, IA_UDBERR);
if (authenticated && cray_access_denied(authctxt->user)) {
authenticated = 0;
fatal("Access denied for user %s.",authctxt->user);
if (authenticated)
return;
- if (authctxt->failures++ > AUTH_FAIL_MAX) {
+ if (authctxt->failures++ > AUTH_FAIL_MAX)
packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
- }
packet_start(SSH_SMSG_FAILURE);
packet_send();
use_privsep ? " [net]" : "");
#ifdef USE_PAM
- PRIVSEP(start_pam(authctxt->pw == NULL ? "NOUSER" : user));
+ PRIVSEP(start_pam(user));
#endif
/*