+/* $OpenBSD: auth1.c,v 1.73 2008/07/04 23:30:16 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
*/
#include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.62 2005/07/16 01:35:24 djm Exp $");
+#include <sys/types.h>
+
+#include <stdarg.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <pwd.h>
+
+#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"
#include "rsa.h"
#include "ssh1.h"
#include "log.h"
#include "servconf.h"
#include "compat.h"
+#include "key.h"
+#include "hostfile.h"
#include "auth.h"
#include "channels.h"
#include "session.h"
#include "uidswap.h"
+#ifdef GSSAPI
+#include "ssh-gss.h"
+#endif
#include "monitor_wrap.h"
#include "buffer.h"
{
int i;
- for(i = 0; auth1_methods[i].name != NULL; i++)
+ for (i = 0; auth1_methods[i].name != NULL; i++)
if (auth1_methods[i].type == type)
return (&(auth1_methods[i]));
return (buf);
}
+/*ARGSUSED*/
static int
auth1_process_password(Authctxt *authctxt, char *info, size_t infolen)
{
return (authenticated);
}
+/*ARGSUSED*/
static int
auth1_process_rsa(Authctxt *authctxt, char *info, size_t infolen)
{
return (authenticated);
}
+/*ARGSUSED*/
static int
auth1_process_rhosts_rsa(Authctxt *authctxt, char *info, size_t infolen)
{
return (authenticated);
}
+/*ARGSUSED*/
static int
auth1_process_tis_challenge(Authctxt *authctxt, char *info, size_t infolen)
{
return (-1);
}
+/*ARGSUSED*/
static int
auth1_process_tis_response(Authctxt *authctxt, char *info, size_t infolen)
{
type != SSH_CMSG_AUTH_TIS_RESPONSE)
abandon_challenge_response(authctxt);
+ if (authctxt->failures >= options.max_authtries)
+ goto skip;
if ((meth = lookup_authmethod1(type)) == NULL) {
logit("Unknown message during authentication: "
"type %d", type);
}
#endif /* _UNICOS */
-#ifdef HAVE_CYGWIN
- if (authenticated &&
- !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD,
- authctxt->pw)) {
- packet_disconnect("Authentication rejected for uid %d.",
- authctxt->pw == NULL ? -1 : authctxt->pw->pw_uid);
- authenticated = 0;
- }
-#else
+#ifndef HAVE_CYGWIN
/* Special handling for root */
if (authenticated && authctxt->pw->pw_uid == 0 &&
!auth_root_allowed(meth->name)) {
msg[len] = '\0';
else
msg = "Access denied.";
- packet_disconnect(msg);
+ packet_disconnect("%s", msg);
}
#endif
if (authenticated)
return;
- if (authctxt->failures++ > options.max_authtries) {
+ if (++authctxt->failures >= options.max_authtries) {
#ifdef SSH_AUDIT_EVENTS
PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
#endif