auth1.c (128460) | auth1.c (137019) |
---|---|
1/* 2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 3 * All rights reserved 4 * 5 * As far as I am concerned, the code I have written for this software 6 * can be used freely for any purpose. Any derived versions of this 7 * software must be clearly marked as such, and if the derived work is 8 * incompatible with the protocol description in the RFC file, it must be 9 * called by a name other than "ssh" or "Secure Shell". 10 */ 11 12#include "includes.h" | 1/* 2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 3 * All rights reserved 4 * 5 * As far as I am concerned, the code I have written for this software 6 * can be used freely for any purpose. Any derived versions of this 7 * software must be clearly marked as such, and if the derived work is 8 * incompatible with the protocol description in the RFC file, it must be 9 * called by a name other than "ssh" or "Secure Shell". 10 */ 11 12#include "includes.h" |
13RCSID("$OpenBSD: auth1.c,v 1.55 2003/11/08 16:02:40 jakob Exp $"); 14RCSID("$FreeBSD: head/crypto/openssh/auth1.c 128460 2004-04-20 09:46:41Z des $"); | 13RCSID("$OpenBSD: auth1.c,v 1.59 2004/07/28 09:40:29 markus Exp $"); 14RCSID("$FreeBSD: head/crypto/openssh/auth1.c 137019 2004-10-28 16:11:31Z des $"); |
15 16#include "xmalloc.h" 17#include "rsa.h" 18#include "ssh1.h" 19#include "packet.h" 20#include "buffer.h" | 15 16#include "xmalloc.h" 17#include "rsa.h" 18#include "ssh1.h" 19#include "packet.h" 20#include "buffer.h" |
21#include "mpaux.h" | |
22#include "log.h" 23#include "servconf.h" 24#include "compat.h" 25#include "auth.h" 26#include "channels.h" 27#include "session.h" 28#include "uidswap.h" 29#include "monitor_wrap.h" --- 36 unchanged lines hidden (view full) --- 66 u_int bits; 67 Key *client_host_key; 68 BIGNUM *n; 69 char *client_user, *password; 70 char info[1024]; 71 u_int dlen; 72 u_int ulen; 73 int prev, type = 0; | 21#include "log.h" 22#include "servconf.h" 23#include "compat.h" 24#include "auth.h" 25#include "channels.h" 26#include "session.h" 27#include "uidswap.h" 28#include "monitor_wrap.h" --- 36 unchanged lines hidden (view full) --- 65 u_int bits; 66 Key *client_host_key; 67 BIGNUM *n; 68 char *client_user, *password; 69 char info[1024]; 70 u_int dlen; 71 u_int ulen; 72 int prev, type = 0; |
74 struct passwd *pw = authctxt->pw; | |
75 76 debug("Attempting authentication for %s%.100s.", | 73 74 debug("Attempting authentication for %s%.100s.", |
77 authctxt->valid ? "" : "illegal user ", authctxt->user); | 75 authctxt->valid ? "" : "invalid user ", authctxt->user); |
78 79 /* If the user has no password, accept authentication immediately. */ 80 if (options.password_authentication && 81#ifdef KRB5 82 (!options.kerberos_authentication || options.kerberos_or_local_passwd) && 83#endif 84 PRIVSEP(auth_password(authctxt, ""))) { | 76 77 /* If the user has no password, accept authentication immediately. */ 78 if (options.password_authentication && 79#ifdef KRB5 80 (!options.kerberos_authentication || options.kerberos_or_local_passwd) && 81#endif 82 PRIVSEP(auth_password(authctxt, ""))) { |
85 auth_log(authctxt, 1, "without authentication", ""); 86 return; | 83#ifdef USE_PAM 84 if (options.use_pam && (PRIVSEP(do_pam_account()))) 85#endif 86 { 87 auth_log(authctxt, 1, "without authentication", ""); 88 return; 89 } |
87 } 88 89 /* Indicate that authentication is needed. */ 90 packet_start(SSH_SMSG_FAILURE); 91 packet_send(); 92 packet_write_wait(); 93 94 client_user = NULL; --- 134 unchanged lines hidden (view full) --- 229 if (authenticated && cray_access_denied(authctxt->user)) { 230 authenticated = 0; 231 fatal("Access denied for user %s.",authctxt->user); 232 } 233#endif /* _UNICOS */ 234 235#ifdef HAVE_CYGWIN 236 if (authenticated && | 90 } 91 92 /* Indicate that authentication is needed. */ 93 packet_start(SSH_SMSG_FAILURE); 94 packet_send(); 95 packet_write_wait(); 96 97 client_user = NULL; --- 134 unchanged lines hidden (view full) --- 232 if (authenticated && cray_access_denied(authctxt->user)) { 233 authenticated = 0; 234 fatal("Access denied for user %s.",authctxt->user); 235 } 236#endif /* _UNICOS */ 237 238#ifdef HAVE_CYGWIN 239 if (authenticated && |
237 !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, pw)) { | 240 !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, 241 authctxt->pw)) { |
238 packet_disconnect("Authentication rejected for uid %d.", | 242 packet_disconnect("Authentication rejected for uid %d.", |
239 pw == NULL ? -1 : pw->pw_uid); | 243 authctxt->pw == NULL ? -1 : authctxt->pw->pw_uid); |
240 authenticated = 0; 241 } 242#else 243 /* Special handling for root */ 244 if (authenticated && authctxt->pw->pw_uid == 0 && 245 !auth_root_allowed(get_authname(type))) 246 authenticated = 0; 247#endif --- 10 unchanged lines hidden (view full) --- 258 if (client_user != NULL) { 259 xfree(client_user); 260 client_user = NULL; 261 } 262 263 if (authenticated) 264 return; 265 | 244 authenticated = 0; 245 } 246#else 247 /* Special handling for root */ 248 if (authenticated && authctxt->pw->pw_uid == 0 && 249 !auth_root_allowed(get_authname(type))) 250 authenticated = 0; 251#endif --- 10 unchanged lines hidden (view full) --- 262 if (client_user != NULL) { 263 xfree(client_user); 264 client_user = NULL; 265 } 266 267 if (authenticated) 268 return; 269 |
266 if (authctxt->failures++ > AUTH_FAIL_MAX) | 270 if (authctxt->failures++ > options.max_authtries) |
267 packet_disconnect(AUTH_FAIL_MSG, authctxt->user); 268 269 packet_start(SSH_SMSG_FAILURE); 270 packet_send(); 271 packet_write_wait(); 272 } 273} 274 --- 19 unchanged lines hidden (view full) --- 294 295 authctxt->user = user; 296 authctxt->style = style; 297 298 /* Verify that the user is a valid user. */ 299 if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL) 300 authctxt->valid = 1; 301 else { | 271 packet_disconnect(AUTH_FAIL_MSG, authctxt->user); 272 273 packet_start(SSH_SMSG_FAILURE); 274 packet_send(); 275 packet_write_wait(); 276 } 277} 278 --- 19 unchanged lines hidden (view full) --- 298 299 authctxt->user = user; 300 authctxt->style = style; 301 302 /* Verify that the user is a valid user. */ 303 if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL) 304 authctxt->valid = 1; 305 else { |
302 debug("do_authentication: illegal user %s", user); | 306 debug("do_authentication: invalid user %s", user); |
303 authctxt->pw = fakepw(); 304 } 305 | 307 authctxt->pw = fakepw(); 308 } 309 |
306 setproctitle("%s%s", authctxt->pw ? user : "unknown", | 310 setproctitle("%s%s", authctxt->valid ? user : "unknown", |
307 use_privsep ? " [net]" : ""); 308 309#ifdef USE_PAM 310 if (options.use_pam) 311 PRIVSEP(start_pam(authctxt)); 312#endif 313 314 /* --- 20 unchanged lines hidden --- | 311 use_privsep ? " [net]" : ""); 312 313#ifdef USE_PAM 314 if (options.use_pam) 315 PRIVSEP(start_pam(authctxt)); 316#endif 317 318 /* --- 20 unchanged lines hidden --- |