X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/42f11eb24fa39e437b4f1e6beb5cc83901aa5bdd..2e4fb373fccee2e5a296d484189169914f6e07d8:/auth1.c

diff --git a/auth1.c b/auth1.c
index 50037fd8..6d492d07 100644
--- a/auth1.c
+++ b/auth1.c
@@ -10,12 +10,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.13 2001/01/21 19:05:43 markus Exp $");
-
-#ifdef HAVE_OSF_SIA
-# include <sia.h>
-# include <siad.h>
-#endif
+RCSID("$OpenBSD: auth1.c,v 1.19 2001/03/08 18:47:12 stevesk Exp $");
 
 #include "xmalloc.h"
 #include "rsa.h"
@@ -28,18 +23,14 @@ RCSID("$OpenBSD: auth1.c,v 1.13 2001/01/21 19:05:43 markus Exp $");
 #include "compat.h"
 #include "auth.h"
 #include "session.h"
+#include "misc.h"
 
 /* import */
 extern ServerOptions options;
-extern char *forced_command;
 
 #ifdef WITH_AIXAUTHENTICATE
 extern char *aixloginmsg;
 #endif /* WITH_AIXAUTHENTICATE */
-#ifdef HAVE_OSF_SIA
-extern int saved_argc;
-extern char **saved_argv;
-#endif /* HAVE_OSF_SIA */
 
 /*
  * convert ssh auth msg type into description
@@ -97,9 +88,11 @@ do_authloop(Authctxt *authctxt)
 	    (!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
 #endif
 #ifdef USE_PAM
-	    auth_pam_password(pw, password)) {
+	    auth_pam_password(pw, "")) {
+#elif defined(HAVE_OSF_SIA)
+	    0) {
 #else
-	    auth_password(pw, "")) {
+	    auth_password(authctxt, "")) {
 #endif
 		auth_log(authctxt, 1, "without authentication", "");
 		return;
@@ -265,14 +258,11 @@ do_authloop(Authctxt *authctxt)
 			authenticated = auth_pam_password(pw, password);
 #elif defined(HAVE_OSF_SIA)
 			/* Do SIA auth with password */
-			if (sia_validate_user(NULL, saved_argc, saved_argv, 
-				get_canonical_hostname(), pw->pw_name, NULL, 0, 
-				NULL, password) == SIASUCCESS) {
-				authenticated = 1;
-			}
+			authenticated = auth_sia_password(authctxt->user, 
+			    password);
 #else /* !USE_PAM && !HAVE_OSF_SIA */
- 			/* Try authentication with the password. */
-			authenticated = auth_password(pw, password);
+			/* Try authentication with the password. */
+			authenticated = auth_password(authctxt, password);
 #endif /* USE_PAM */
 
 			memset(password, 0, strlen(password));
@@ -281,7 +271,7 @@ do_authloop(Authctxt *authctxt)
 
 		case SSH_CMSG_AUTH_TIS:
 			debug("rcvd SSH_CMSG_AUTH_TIS");
-			if (options.skey_authentication == 1) {
+			if (options.challenge_reponse_authentication == 1) {
 				char *challenge = get_challenge(authctxt, authctxt->style);
 				if (challenge != NULL) {
 					debug("sending challenge '%s'", challenge);
@@ -293,10 +283,9 @@ do_authloop(Authctxt *authctxt)
 				}
 			}
 			break;
-
 		case SSH_CMSG_AUTH_TIS_RESPONSE:
 			debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE");
-			if (options.skey_authentication == 1) {
+			if (options.challenge_reponse_authentication == 1) {
 				char *response = packet_get_string(&dlen);
 				debug("got response '%s'", response);
 				packet_integrity_check(plen, 4 + dlen, type);
@@ -314,12 +303,18 @@ do_authloop(Authctxt *authctxt)
 			log("Unknown message during authentication: type %d", type);
 			break;
 		}
+#ifdef BSD_AUTH
+		if (authctxt->as) {
+			auth_close(authctxt->as);
+			authctxt->as = NULL;
+		}
+#endif
 		if (!authctxt->valid && authenticated)
 			fatal("INTERNAL ERROR: authenticated invalid user %s",
 			    authctxt->user);
 
-#ifdef HAVE_CYGWIN		
-		if (authenticated && 
+#ifdef HAVE_CYGWIN
+		if (authenticated &&
 		    !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD,pw->pw_uid)) {
 			packet_disconnect("Authentication rejected for uid %d.",
 			(int)pw->pw_uid);
@@ -327,10 +322,11 @@ do_authloop(Authctxt *authctxt)
 		}
 #else
 		/* Special handling for root */
-		if (authenticated && authctxt->pw->pw_uid == 0 && !auth_root_allowed())
+		if (authenticated && authctxt->pw->pw_uid == 0 &&
+		    !auth_root_allowed(get_authname(type)))
 			authenticated = 0;
 #endif
-#ifdef USE_PAM			
+#ifdef USE_PAM
 		if (authenticated && !do_pam_account(pw->pw_name, client_user))
 			authenticated = 0;
 #endif
@@ -346,9 +342,11 @@ do_authloop(Authctxt *authctxt)
 		if (authenticated)
 			return;
 
-	if (authctxt->failures++ > AUTH_FAIL_MAX) {
-#ifdef WITH_AIXAUTHENTICATE 
-			loginfailed(user,get_canonical_hostname(),"ssh");
+		if (authctxt->failures++ > AUTH_FAIL_MAX) {
+#ifdef WITH_AIXAUTHENTICATE
+			loginfailed(authctxt->user,
+			    get_canonical_hostname(options.reverse_mapping_check),
+			    "ssh");
 #endif /* WITH_AIXAUTHENTICATE */
 			packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
 		}
@@ -386,16 +384,6 @@ do_authentication()
 	authctxt->user = user;
 	authctxt->style = style;
 
-	setproctitle("%s", user);
-
-#ifdef AFS
-	/* If machine has AFS, set process authentication group. */
-	if (k_hasafs()) {
-		k_setpag();
-		k_unlog();
-	}
-#endif /* AFS */
-
 	/* Verify that the user is a valid user. */
 	pw = getpwnam(user);
 	if (pw && allowed_user(pw)) {
@@ -407,6 +395,8 @@ do_authentication()
 	}
 	authctxt->pw = pw;
 
+	setproctitle("%s", pw ? user : "unknown");
+
 #ifdef USE_PAM
 	if (pw)
 		start_pam(user);
@@ -422,9 +412,9 @@ do_authentication()
 #endif
 
 	/*
-         * Loop until the user has been authenticated or the connection is
-         * closed, do_authloop() returns only if authentication is successful
-         */
+	 * Loop until the user has been authenticated or the connection is
+	 * closed, do_authloop() returns only if authentication is successful
+	 */
 	do_authloop(authctxt);
 
 	/* The user has been authenticated and accepted. */
@@ -434,7 +424,9 @@ do_authentication()
 
 #ifdef WITH_AIXAUTHENTICATE
 	/* We don't have a pty yet, so just label the line as "ssh" */
-	if (loginsuccess(authctxt->user,get_canonical_hostname(),"ssh",&aixloginmsg) < 0)
+	if (loginsuccess(authctxt->user,
+	    get_canonical_hostname(options.reverse_mapping_check),
+	    "ssh", &aixloginmsg) < 0)
 		aixloginmsg = NULL;
 #endif /* WITH_AIXAUTHENTICATE */