X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/a27002e5cd012026c6b5462babe81f6a5633a543..a4c0faa29945935489f44e26272c0069e54c516c:/auth2.c diff --git a/auth2.c b/auth2.c index 639bf911..1177efa7 100644 --- a/auth2.c +++ b/auth2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2.c,v 1.99 2003/06/24 08:23:46 markus Exp $"); +RCSID("$OpenBSD: auth2.c,v 1.104 2003/11/04 08:54:09 djm Exp $"); #include "ssh2.h" #include "xmalloc.h" @@ -36,13 +36,15 @@ RCSID("$OpenBSD: auth2.c,v 1.99 2003/06/24 08:23:46 markus Exp $"); #include "pathnames.h" #include "monitor_wrap.h" +#ifdef GSSAPI +#include "ssh-gss.h" +#endif + /* import */ extern ServerOptions options; extern u_char *session_id2; extern u_int session_id2_len; -Authctxt *x_authctxt = NULL; - /* methods */ extern Authmethod method_none; @@ -50,19 +52,19 @@ extern Authmethod method_pubkey; extern Authmethod method_passwd; extern Authmethod method_kbdint; extern Authmethod method_hostbased; -#ifdef KRB5 -extern Authmethod method_kerberos; +#ifdef GSSAPI +extern Authmethod method_gssapi; #endif Authmethod *authmethods[] = { &method_none, &method_pubkey, +#ifdef GSSAPI + &method_gssapi, +#endif &method_passwd, &method_kbdint, &method_hostbased, -#ifdef KRB5 - &method_kerberos, -#endif NULL }; @@ -75,19 +77,14 @@ static void input_userauth_request(int, u_int32_t, void *); static Authmethod *authmethod_lookup(const char *); static char *authmethods_get(void); int user_key_allowed(struct passwd *, Key *); -int hostbased_key_allowed(struct passwd *, const char *, char *, Key *); /* * loop until authctxt->success == TRUE */ -Authctxt * -do_authentication2(void) +void +do_authentication2(Authctxt *authctxt) { - Authctxt *authctxt = authctxt_new(); - - x_authctxt = authctxt; /*XXX*/ - /* challenge-response is implemented via keyboard interactive */ if (options.challenge_response_authentication) options.kbd_interactive_authentication = 1; @@ -95,8 +92,6 @@ do_authentication2(void) dispatch_init(&dispatch_protocol_error); dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request); dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt); - - return (authctxt); } static void @@ -155,23 +150,24 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) if (authctxt->attempt++ == 0) { /* setup auth context */ authctxt->pw = PRIVSEP(getpwnamallow(user)); + authctxt->user = xstrdup(user); if (authctxt->pw && strcmp(service, "ssh-connection")==0) { authctxt->valid = 1; debug2("input_userauth_request: setting up authctxt for %s", user); #ifdef USE_PAM if (options.use_pam) - PRIVSEP(start_pam(authctxt->pw->pw_name)); + PRIVSEP(start_pam(authctxt)); #endif } else { logit("input_userauth_request: illegal user %s", user); + authctxt->pw = fakepw(); #ifdef USE_PAM if (options.use_pam) - PRIVSEP(start_pam(user)); + PRIVSEP(start_pam(authctxt)); #endif } setproctitle("%s%s", authctxt->pw ? user : "unknown", use_privsep ? " [net]" : ""); - authctxt->user = xstrdup(user); authctxt->service = xstrdup(service); authctxt->style = style ? xstrdup(style) : NULL; if (use_privsep) @@ -184,6 +180,12 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) } /* reset state */ auth2_challenge_stop(authctxt); + +#ifdef GSSAPI + dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); + dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL); +#endif + authctxt->postponed = 0; /* try to authenticate user */ @@ -213,6 +215,11 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) !auth_root_allowed(method)) authenticated = 0; +#ifdef USE_PAM + if (options.use_pam && authenticated && !PRIVSEP(do_pam_account())) + authenticated = 0; +#endif + #ifdef _UNICOS if (authenticated && cray_access_denied(authctxt->user)) { authenticated = 0; @@ -248,14 +255,6 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) } } -/* get current user */ - -struct passwd* -auth_get_user(void) -{ - return (x_authctxt != NULL && x_authctxt->valid) ? x_authctxt->pw : NULL; -} - #define DELIM "," static char *