*/
#include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.52 2003/08/28 12:54:34 markus Exp $");
+RCSID("$OpenBSD: auth1.c,v 1.57 2004/05/23 23:59:53 dtucker Exp $");
#include "xmalloc.h"
#include "rsa.h"
#include "ssh1.h"
#include "packet.h"
#include "buffer.h"
-#include "mpaux.h"
#include "log.h"
#include "servconf.h"
#include "compat.h"
BN_num_bits(client_host_key->rsa->n), bits);
packet_check_eom();
- authenticated = auth_rhosts_rsa(pw, client_user,
+ authenticated = auth_rhosts_rsa(authctxt, client_user,
client_host_key);
key_free(client_host_key);
fatal("do_authloop: BN_new failed");
packet_get_bignum(n);
packet_check_eom();
- authenticated = auth_rsa(pw, n);
+ authenticated = auth_rsa(authctxt, n);
BN_clear_free(n);
break;
if (authenticated &&
!check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, pw)) {
packet_disconnect("Authentication rejected for uid %d.",
- pw == NULL ? -1 : pw->pw_uid);
+ pw == NULL ? -1 : pw->pw_uid);
authenticated = 0;
}
#else
#endif
#ifdef USE_PAM
- if (options.use_pam && authenticated &&
+ if (options.use_pam && authenticated &&
!PRIVSEP(do_pam_account()))
authenticated = 0;
#endif
if (authenticated)
return;
- if (authctxt->failures++ > AUTH_FAIL_MAX)
+ if (authctxt->failures++ > options.max_authtries)
packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
packet_start(SSH_SMSG_FAILURE);
* Performs authentication of an incoming connection. Session key has already
* been exchanged and encryption is enabled.
*/
-Authctxt *
-do_authentication(void)
+void
+do_authentication(Authctxt *authctxt)
{
- Authctxt *authctxt;
u_int ulen;
char *user, *style = NULL;
if ((style = strchr(user, ':')) != NULL)
*style++ = '\0';
- authctxt = authctxt_new();
authctxt->user = user;
authctxt->style = style;
#ifdef USE_PAM
if (options.use_pam)
- PRIVSEP(start_pam(user));
+ PRIVSEP(start_pam(authctxt));
#endif
/*
packet_start(SSH_SMSG_SUCCESS);
packet_send();
packet_write_wait();
-
- return (authctxt);
}