X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/a27002e5cd012026c6b5462babe81f6a5633a543..7364bd04fc18484f99f74b901c4581795bcf2787:/auth2.c

diff --git a/auth2.c b/auth2.c
index 639bf911..4a305a41 100644
--- a/auth2.c
+++ b/auth2.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.99 2003/06/24 08:23:46 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.100 2003/08/22 10:56:08 markus Exp $");
 
 #include "ssh2.h"
 #include "xmalloc.h"
@@ -36,6 +36,10 @@ RCSID("$OpenBSD: auth2.c,v 1.99 2003/06/24 08:23:46 markus Exp $");
 #include "pathnames.h"
 #include "monitor_wrap.h"
 
+#ifdef GSSAPI
+#include "ssh-gss.h"
+#endif
+
 /* import */
 extern ServerOptions options;
 extern u_char *session_id2;
@@ -53,10 +57,16 @@ extern Authmethod method_hostbased;
 #ifdef KRB5
 extern Authmethod method_kerberos;
 #endif
+#ifdef GSSAPI
+extern Authmethod method_gssapi;
+#endif
 
 Authmethod *authmethods[] = {
 	&method_none,
 	&method_pubkey,
+#ifdef GSSAPI
+	&method_gssapi,
+#endif
 	&method_passwd,
 	&method_kbdint,
 	&method_hostbased,
@@ -184,6 +194,12 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
 	}
 	/* reset state */
 	auth2_challenge_stop(authctxt);
+
+#ifdef GSSAPI
+	dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
+	dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL);
+#endif
+
 	authctxt->postponed = 0;
 
 	/* try to authenticate user */
@@ -213,6 +229,11 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
 	    !auth_root_allowed(method))
 		authenticated = 0;
 
+#ifdef USE_PAM
+	if (options.use_pam && authenticated && !PRIVSEP(do_pam_account()))
+		authenticated = 0;
+#endif
+
 #ifdef _UNICOS
 	if (authenticated && cray_access_denied(authctxt->user)) {
 		authenticated = 0;