- (dtucker) [auth-pam.c] Propogate TZ environment variable to PAM auth

[openssh.git] / auth1.c

diff --git a/auth1.c b/auth1.c
index b7dfa987e85ad90ca922364cc0efd771ca4154d0..b9d6b1115f4f98d778f80186eacc41ee5cc6ce17 100644 (file)
--- a/auth1.c
+++ b/auth1.c
@@ -1,3 +1,4 @@
+/* $OpenBSD: auth1.c,v 1.70 2006/08/03 03:34:41 deraadt Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -10,7 +11,14 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.60 2005/05/20 12:57:01 djm Exp $");
+
+#include <sys/types.h>
+
+#include <stdarg.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <pwd.h>
 
 #include "xmalloc.h"
 #include "rsa.h"
@@ -20,10 +28,15 @@ RCSID("$OpenBSD: auth1.c,v 1.60 2005/05/20 12:57:01 djm Exp $");
 #include "log.h"
 #include "servconf.h"
 #include "compat.h"
+#include "key.h"
+#include "hostfile.h"
 #include "auth.h"
 #include "channels.h"
 #include "session.h"
 #include "uidswap.h"
+#ifdef GSSAPI
+#include "ssh-gss.h"
+#endif
 #include "monitor_wrap.h"
 #include "buffer.h"
 
@@ -77,7 +90,7 @@ static const struct AuthMethod1
 {
        int i;
 
-       for(i = 0; auth1_methods[i].name != NULL; i++)
+       for (i = 0; auth1_methods[i].name != NULL; i++)
                if (auth1_methods[i].type == type)
                        return (&(auth1_methods[i]));
 
@@ -96,6 +109,7 @@ get_authname(int type)
        return (buf);
 }
 
+/*ARGSUSED*/
 static int
 auth1_process_password(Authctxt *authctxt, char *info, size_t infolen)
 {
@@ -120,6 +134,7 @@ auth1_process_password(Authctxt *authctxt, char *info, size_t infolen)
        return (authenticated);
 }
 
+/*ARGSUSED*/
 static int
 auth1_process_rsa(Authctxt *authctxt, char *info, size_t infolen)
 {
@@ -137,10 +152,11 @@ auth1_process_rsa(Authctxt *authctxt, char *info, size_t infolen)
        return (authenticated);
 }
 
+/*ARGSUSED*/
 static int
 auth1_process_rhosts_rsa(Authctxt *authctxt, char *info, size_t infolen)
 {
-       int authenticated = 0;
+       int keybits, authenticated = 0;
        u_int bits;
        Key *client_host_key;
        u_int ulen;
@@ -158,7 +174,8 @@ auth1_process_rhosts_rsa(Authctxt *authctxt, char *info, size_t infolen)
        packet_get_bignum(client_host_key->rsa->e);
        packet_get_bignum(client_host_key->rsa->n);
 
-       if (bits != BN_num_bits(client_host_key->rsa->n)) {
+       keybits = BN_num_bits(client_host_key->rsa->n);
+       if (keybits < 0 || bits != (u_int)keybits) {
                verbose("Warning: keysize mismatch for client_host_key: "
                    "actual %d, announced %d",
                    BN_num_bits(client_host_key->rsa->n), bits);
@@ -170,15 +187,16 @@ auth1_process_rhosts_rsa(Authctxt *authctxt, char *info, size_t infolen)
        key_free(client_host_key);
 
        snprintf(info, infolen, " ruser %.100s", client_user);
-       
+
        return (authenticated);
 }
 
+/*ARGSUSED*/
 static int
 auth1_process_tis_challenge(Authctxt *authctxt, char *info, size_t infolen)
 {
        char *challenge;
-       
+
        if ((challenge = get_challenge(authctxt)) == NULL)
                return (0);
 
@@ -192,6 +210,7 @@ auth1_process_tis_challenge(Authctxt *authctxt, char *info, size_t infolen)
        return (-1);
 }
 
+/*ARGSUSED*/
 static int
 auth1_process_tis_response(Authctxt *authctxt, char *info, size_t infolen)
 {
@@ -298,7 +317,7 @@ do_authloop(Authctxt *authctxt)
 
 #ifdef HAVE_CYGWIN
                if (authenticated &&
-                   !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, 
+                   !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD,
                    authctxt->pw)) {
                        packet_disconnect("Authentication rejected for uid %d.",
                            authctxt->pw == NULL ? -1 : authctxt->pw->pw_uid);
@@ -322,7 +341,7 @@ do_authloop(Authctxt *authctxt)
                        size_t len;
 
                        error("Access denied for user %s by PAM account "
-                          "configuration", authctxt->user);
+                           "configuration", authctxt->user);
                        len = buffer_len(&loginmsg);
                        buffer_append(&loginmsg, "\0", 1);
                        msg = buffer_ptr(&loginmsg);