]> andersk Git - openssh.git/blobdiff - auth1.c
andersk / openssh.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Cray fixes (bug 367) based on patch from Wendy Palm @ cray.
[openssh.git] / auth1.c
diff --git a/auth1.c b/auth1.c
index c2a8936aebca76656c3590d454e0ffa7959f75b7..676c8a667d58899f27180a1a8956688cbf9892fc 100644 (file)
--- a/auth1.c
+++ b/auth1.c
@@ -10,7 +10,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.40 2002/04/10 08:21:47 markus Exp $");
+RCSID("$OpenBSD: auth1.c,v 1.43 2002/09/09 06:48:06 itojun Exp $");
 
 #include "xmalloc.h"
 #include "rsa.h"
@@ -133,15 +133,27 @@ do_authloop(Authctxt *authctxt)
 #endif /* KRB4 */
                                } else {
 #ifdef KRB5
-                                       krb5_data tkt;
+                                       krb5_data tkt, reply;
                                        tkt.length = dlen;
                                        tkt.data = kdata;
 
-                                       if (auth_krb5(authctxt, &tkt, &client_user)) {
+                                       if (PRIVSEP(auth_krb5(authctxt, &tkt,
+                                           &client_user, &reply))) {
                                                authenticated = 1;
                                                snprintf(info, sizeof(info),
                                                    " tktuser %.100s",
                                                    client_user);
+                                               /* Send response to client */
+                                               packet_start(
+                                                   SSH_SMSG_AUTH_KERBEROS_RESPONSE);
+                                               packet_put_string((char *)
+                                                   reply.data, reply.length);
+                                               packet_send();
+                                               packet_write_wait();
+
+                                               if (reply.length)
+                                                       xfree(reply.data);
                                        }
 #endif /* KRB5 */
                                }
@@ -203,7 +215,7 @@ do_authloop(Authctxt *authctxt)
                        if (bits != BN_num_bits(client_host_key->rsa->n))
                                verbose("Warning: keysize mismatch for client_host_key: "
                                    "actual %d, announced %d",
-                                    BN_num_bits(client_host_key->rsa->n), bits);
+                                   BN_num_bits(client_host_key->rsa->n), bits);
                        packet_check_eom();
 
                        authenticated = auth_rhosts_rsa(pw, client_user,
@@ -292,6 +304,15 @@ do_authloop(Authctxt *authctxt)
                        fatal("INTERNAL ERROR: authenticated invalid user %s",
                            authctxt->user);
 
+#ifdef _UNICOS
+               if (type == SSH_CMSG_AUTH_PASSWORD && !authenticated)
+                       cray_login_failure(authctxt->user, IA_UDBERR);
+               if (authenticated && cray_access_denied(authctxt->user)) {
+                       authenticated = 0;
+                       fatal("Access denied for user %s.",authctxt->user);
+               }
+#endif /* _UNICOS */
+
 #ifdef HAVE_CYGWIN
                if (authenticated &&
                    !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, pw)) {
@@ -301,12 +322,14 @@ do_authloop(Authctxt *authctxt)
                }
 #else
                /* Special handling for root */
-               if (authenticated && authctxt->pw->pw_uid == 0 &&
+               if (!use_privsep &&
+                   authenticated && authctxt->pw->pw_uid == 0 &&
                    !auth_root_allowed(get_authname(type)))
                        authenticated = 0;
 #endif
 #ifdef USE_PAM
-               if (authenticated && !do_pam_account(pw->pw_name, client_user))
+               if (!use_privsep && authenticated && 
+                   !do_pam_account(pw->pw_name, client_user))
                        authenticated = 0;
 #endif
 
@@ -322,11 +345,6 @@ do_authloop(Authctxt *authctxt)
                        return;
 
                if (authctxt->failures++ > AUTH_FAIL_MAX) {
-#ifdef WITH_AIXAUTHENTICATE
-                       loginfailed(authctxt->user,
-                           get_canonical_hostname(options.verify_reverse_mapping),
-                           "ssh");
-#endif /* WITH_AIXAUTHENTICATE */
                        packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
                }
 
@@ -381,7 +399,7 @@ do_authentication(void)
            use_privsep ? " [net]" : "");
 
 #ifdef USE_PAM
-       start_pam(authctxt->pw == NULL ? "NOUSER" : user);
+       PRIVSEP(start_pam(authctxt->pw == NULL ? "NOUSER" : user));
 #endif
 
        /*
git-cvsimport mirror of OpenSSH
This page took 0.04744 seconds and 4 git commands to generate.