X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/5755958717eb8c1f1251e2ae43984400588702cf..2e4fb373fccee2e5a296d484189169914f6e07d8:/auth1.c diff --git a/auth1.c b/auth1.c index 750fa5b5..6d492d07 100644 --- a/auth1.c +++ b/auth1.c @@ -10,12 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth1.c,v 1.14 2001/01/22 23:06:39 markus Exp $"); - -#ifdef HAVE_OSF_SIA -# include -# include -#endif +RCSID("$OpenBSD: auth1.c,v 1.19 2001/03/08 18:47:12 stevesk Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -28,18 +23,14 @@ RCSID("$OpenBSD: auth1.c,v 1.14 2001/01/22 23:06:39 markus Exp $"); #include "compat.h" #include "auth.h" #include "session.h" +#include "misc.h" /* import */ extern ServerOptions options; -extern char *forced_command; #ifdef WITH_AIXAUTHENTICATE extern char *aixloginmsg; #endif /* WITH_AIXAUTHENTICATE */ -#ifdef HAVE_OSF_SIA -extern int saved_argc; -extern char **saved_argv; -#endif /* HAVE_OSF_SIA */ /* * convert ssh auth msg type into description @@ -97,9 +88,11 @@ do_authloop(Authctxt *authctxt) (!options.kerberos_authentication || options.kerberos_or_local_passwd) && #endif #ifdef USE_PAM - auth_pam_password(pw, password)) { + auth_pam_password(pw, "")) { +#elif defined(HAVE_OSF_SIA) + 0) { #else - auth_password(pw, "")) { + auth_password(authctxt, "")) { #endif auth_log(authctxt, 1, "without authentication", ""); return; @@ -265,14 +258,11 @@ do_authloop(Authctxt *authctxt) authenticated = auth_pam_password(pw, password); #elif defined(HAVE_OSF_SIA) /* Do SIA auth with password */ - if (sia_validate_user(NULL, saved_argc, saved_argv, - get_canonical_hostname(options.reverse_mapping_check), - pw->pw_name, NULL, 0, NULL, password) == SIASUCCESS) { - authenticated = 1; - } + authenticated = auth_sia_password(authctxt->user, + password); #else /* !USE_PAM && !HAVE_OSF_SIA */ /* Try authentication with the password. */ - authenticated = auth_password(pw, password); + authenticated = auth_password(authctxt, password); #endif /* USE_PAM */ memset(password, 0, strlen(password)); @@ -313,12 +303,18 @@ do_authloop(Authctxt *authctxt) log("Unknown message during authentication: type %d", type); break; } +#ifdef BSD_AUTH + if (authctxt->as) { + auth_close(authctxt->as); + authctxt->as = NULL; + } +#endif if (!authctxt->valid && authenticated) fatal("INTERNAL ERROR: authenticated invalid user %s", authctxt->user); -#ifdef HAVE_CYGWIN - if (authenticated && +#ifdef HAVE_CYGWIN + if (authenticated && !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD,pw->pw_uid)) { packet_disconnect("Authentication rejected for uid %d.", (int)pw->pw_uid); @@ -326,10 +322,11 @@ do_authloop(Authctxt *authctxt) } #else /* Special handling for root */ - if (authenticated && authctxt->pw->pw_uid == 0 && !auth_root_allowed()) + if (authenticated && authctxt->pw->pw_uid == 0 && + !auth_root_allowed(get_authname(type))) authenticated = 0; #endif -#ifdef USE_PAM +#ifdef USE_PAM if (authenticated && !do_pam_account(pw->pw_name, client_user)) authenticated = 0; #endif @@ -346,9 +343,9 @@ do_authloop(Authctxt *authctxt) return; if (authctxt->failures++ > AUTH_FAIL_MAX) { -#ifdef WITH_AIXAUTHENTICATE - loginfailed(authctxt->user, - get_canonical_hostname(options.reverse_mapping_check), +#ifdef WITH_AIXAUTHENTICATE + loginfailed(authctxt->user, + get_canonical_hostname(options.reverse_mapping_check), "ssh"); #endif /* WITH_AIXAUTHENTICATE */ packet_disconnect(AUTH_FAIL_MSG, authctxt->user); @@ -387,16 +384,6 @@ do_authentication() authctxt->user = user; authctxt->style = style; - setproctitle("%s", user); - -#ifdef AFS - /* If machine has AFS, set process authentication group. */ - if (k_hasafs()) { - k_setpag(); - k_unlog(); - } -#endif /* AFS */ - /* Verify that the user is a valid user. */ pw = getpwnam(user); if (pw && allowed_user(pw)) { @@ -408,6 +395,8 @@ do_authentication() } authctxt->pw = pw; + setproctitle("%s", pw ? user : "unknown"); + #ifdef USE_PAM if (pw) start_pam(user); @@ -435,7 +424,7 @@ do_authentication() #ifdef WITH_AIXAUTHENTICATE /* We don't have a pty yet, so just label the line as "ssh" */ - if (loginsuccess(authctxt->user, + if (loginsuccess(authctxt->user, get_canonical_hostname(options.reverse_mapping_check), "ssh", &aixloginmsg) < 0) aixloginmsg = NULL;