- espie@cvs.openbsd.org 2002/08/21 11:20:59

[openssh.git] / auth1.c

diff --git a/auth1.c b/auth1.c
index 8553bfa2f6bb748bb40f5b21d6400e7d1f46f48a..769fa306f11deff6719d4fb5638d1bd4c0d5b923 100644 (file)
--- a/auth1.c
+++ b/auth1.c
@@ -10,7 +10,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.39 2002/03/19 14:27:39 markus Exp $");
+RCSID("$OpenBSD: auth1.c,v 1.41 2002/06/19 00:27:55 deraadt Exp $");
 
 #include "xmalloc.h"
 #include "rsa.h"
@@ -84,13 +84,7 @@ do_authloop(Authctxt *authctxt)
 #if defined(KRB4) || defined(KRB5)
            (!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
 #endif
-#ifdef USE_PAM
-           auth_pam_password(pw, "")) {
-#elif defined(HAVE_OSF_SIA)
-           0) {
-#else
            PRIVSEP(auth_password(authctxt, ""))) {
-#endif
                auth_log(authctxt, 1, "without authentication", "");
                return;
        }
@@ -209,7 +203,7 @@ do_authloop(Authctxt *authctxt)
                        if (bits != BN_num_bits(client_host_key->rsa->n))
                                verbose("Warning: keysize mismatch for client_host_key: "
                                    "actual %d, announced %d",
-                                    BN_num_bits(client_host_key->rsa->n), bits);
+                                   BN_num_bits(client_host_key->rsa->n), bits);
                        packet_check_eom();
 
                        authenticated = auth_rhosts_rsa(pw, client_user,
@@ -246,16 +240,8 @@ do_authloop(Authctxt *authctxt)
                        password = packet_get_string(&dlen);
                        packet_check_eom();
 
-#ifdef USE_PAM
-                       /* Do PAM auth with password */
-                       authenticated = auth_pam_password(pw, password);
-#elif defined(HAVE_OSF_SIA)
-                       /* Do SIA auth with password */
-                       authenticated = auth_sia_password(authctxt->user, 
-                           password);
                        /* Try authentication with the password. */
                        authenticated = PRIVSEP(auth_password(authctxt, password));
-#endif /* USE_PAM */
 
                        memset(password, 0, strlen(password));
                        xfree(password);
@@ -320,7 +306,8 @@ do_authloop(Authctxt *authctxt)
                        authenticated = 0;
 #endif
 #ifdef USE_PAM
-               if (authenticated && !do_pam_account(pw->pw_name, client_user))
+               if (!use_privsep && authenticated && 
+                   !do_pam_account(pw->pw_name, client_user))
                        authenticated = 0;
 #endif
 
@@ -336,11 +323,6 @@ do_authloop(Authctxt *authctxt)
                        return;
 
                if (authctxt->failures++ > AUTH_FAIL_MAX) {
-#ifdef WITH_AIXAUTHENTICATE
-                       loginfailed(authctxt->user,
-                           get_canonical_hostname(options.verify_reverse_mapping),
-                           "ssh");
-#endif /* WITH_AIXAUTHENTICATE */
                        packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
                }
 
@@ -359,7 +341,7 @@ do_authentication(void)
 {
        Authctxt *authctxt;
        u_int ulen;
-       char *p, *user, *style = NULL;
+       char *user, *style = NULL;
 
        /* Get the name of the user that we wish to log in as. */
        packet_read_expect(SSH_CMSG_USER);
@@ -371,9 +353,15 @@ do_authentication(void)
        if ((style = strchr(user, ':')) != NULL)
                *style++ = '\0';
 
+#ifdef KRB5
        /* XXX - SSH.com Kerberos v5 braindeath. */
-       if ((p = strchr(user, '@')) != NULL)
-               *p = '\0';
+       if ((datafellows & SSH_BUG_K5USER) &&
+           options.kerberos_authentication) {
+               char *p;
+               if ((p = strchr(user, '@')) != NULL)
+                       *p = '\0';
+       }
+#endif
 
        authctxt = authctxt_new();
        authctxt->user = user;
@@ -389,7 +377,7 @@ do_authentication(void)
            use_privsep ? " [net]" : "");
 
 #ifdef USE_PAM
-       start_pam(pw == NULL ? "NOUSER" : user);
+       PRIVSEP(start_pam(authctxt->pw == NULL ? "NOUSER" : user));
 #endif
 
        /*