- deraadt@cvs.openbsd.org 2001/03/02 09:42:49

[openssh.git] / auth1.c

diff --git a/auth1.c b/auth1.c
index a7693df59ee997c13643151aa2b26df0b7c31843..4d623717f8badcb4e0bb182cea9f0216c16f6f8c 100644 (file)
--- a/auth1.c
+++ b/auth1.c
@@ -10,12 +10,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.15 2001/02/07 22:35:45 markus Exp $");
-
-#ifdef HAVE_OSF_SIA
-# include <sia.h>
-# include <siad.h>
-#endif
+RCSID("$OpenBSD: auth1.c,v 1.18 2001/02/22 21:59:43 markus Exp $");
 
 #include "xmalloc.h"
 #include "rsa.h"
@@ -28,6 +23,7 @@ RCSID("$OpenBSD: auth1.c,v 1.15 2001/02/07 22:35:45 markus Exp $");
 #include "compat.h"
 #include "auth.h"
 #include "session.h"
+#include "misc.h"
 
 /* import */
 extern ServerOptions options;
@@ -36,10 +32,6 @@ extern char *forced_command;
 #ifdef WITH_AIXAUTHENTICATE
 extern char *aixloginmsg;
 #endif /* WITH_AIXAUTHENTICATE */
-#ifdef HAVE_OSF_SIA
-extern int saved_argc;
-extern char **saved_argv;
-#endif /* HAVE_OSF_SIA */
 
 /*
  * convert ssh auth msg type into description
@@ -98,8 +90,10 @@ do_authloop(Authctxt *authctxt)
 #endif
 #ifdef USE_PAM
            auth_pam_password(pw, "")) {
+#elif defined(HAVE_OSF_SIA)
+           0) {
 #else
-           auth_password(pw, "")) {
+           auth_password(authctxt, "")) {
 #endif
                auth_log(authctxt, 1, "without authentication", "");
                return;
@@ -265,14 +259,11 @@ do_authloop(Authctxt *authctxt)
                        authenticated = auth_pam_password(pw, password);
 #elif defined(HAVE_OSF_SIA)
                        /* Do SIA auth with password */
-                       if (sia_validate_user(NULL, saved_argc, saved_argv,
-                           get_canonical_hostname(options.reverse_mapping_check),
-                           authctxt->user?authctxt->user:"NOUSER", NULL, 
-                           0, NULL, password) == SIASUCCESS)
-                               authenticated = 1;
+                       authenticated = auth_sia_password(authctxt->user, 
+                           password);
 #else /* !USE_PAM && !HAVE_OSF_SIA */
                        /* Try authentication with the password. */
-                       authenticated = auth_password(pw, password);
+                       authenticated = auth_password(authctxt, password);
 #endif /* USE_PAM */
 
                        memset(password, 0, strlen(password));
@@ -313,6 +304,12 @@ do_authloop(Authctxt *authctxt)
                        log("Unknown message during authentication: type %d", type);
                        break;
                }
+#ifdef BSD_AUTH
+               if (authctxt->as) {
+                       auth_close(authctxt->as);
+                       authctxt->as = NULL;
+               }
+#endif
                if (!authctxt->valid && authenticated)
                        fatal("INTERNAL ERROR: authenticated invalid user %s",
                            authctxt->user);
@@ -326,7 +323,8 @@ do_authloop(Authctxt *authctxt)
                }
 #else
                /* Special handling for root */
-               if (authenticated && authctxt->pw->pw_uid == 0 && !auth_root_allowed())
+               if (authenticated && authctxt->pw->pw_uid == 0 &&
+                   !auth_root_allowed(get_authname(type)))
                        authenticated = 0;
 #endif
 #ifdef USE_PAM
@@ -387,8 +385,6 @@ do_authentication()
        authctxt->user = user;
        authctxt->style = style;
 
-       setproctitle("%s", user);
-
        /* Verify that the user is a valid user. */
        pw = getpwnam(user);
        if (pw && allowed_user(pw)) {
@@ -400,6 +396,8 @@ do_authentication()
        }
        authctxt->pw = pw;
 
+       setproctitle("%s", pw ? user : "unknown");
+
 #ifdef USE_PAM
        if (pw)
                start_pam(user);