97 static char *authmethods_get(Authctxt *authctxt);
168  * loop until authctxt->success == TRUE
171 do_authentication2(Authctxt *authctxt)
175 	dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt);
182 	Authctxt *authctxt = ctxt;
188 	if (authctxt == NULL)
189 		fatal("input_service_request: no authctxt");
192 		if (!authctxt->success) {
217 	Authctxt *authctxt = ctxt;
226 	if (authctxt == NULL)
227 		fatal("input_userauth_request: no authctxt");
233 	debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
238 	if (authctxt->attempt++ == 0) {
240 		authctxt->pw = PRIVSEP(getpwnamallow(user));
241 		authctxt->user = xstrdup(user);
242 		if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
243 			authctxt->valid = 1;
244 			debug2("input_userauth_request: setting up authctxt for %s", user);
247 			authctxt->pw = fakepw();
254 			PRIVSEP(start_pam(authctxt));
256 		setproctitle("%s%s", authctxt->valid ? user : "unknown",
258 		authctxt->service = xstrdup(service);
259 		authctxt->style = style ? xstrdup(style) : NULL;
263 		if (auth2_setup_methods_lists(authctxt) != 0)
265 	} else if (strcmp(user, authctxt->user) != 0 ||
266 	    strcmp(service, authctxt->service) != 0) {
269 		    authctxt->user, authctxt->service, user, service);
273 	if (authctxt->pw != NULL &&
274 	    (lc = login_getpwclass(authctxt->pw)) != NULL) {
275 		logit("user %s login class %s", authctxt->pw->pw_name,
276 		    authctxt->pw->pw_class);
281 			    authctxt->pw->pw_name, from_host, from_ip);
286 			    authctxt->pw->pw_name, from_host);
294 	auth2_challenge_stop(authctxt);
302 	authctxt->postponed = 0;
303 	authctxt->server_caused_failure = 0;
306 	m = authmethod_lookup(authctxt, method);
307 	if (m != NULL && authctxt->failures < options.max_authtries) {
309 		authenticated =	m->userauth(authctxt);
311 	userauth_finish(authctxt, authenticated, method, NULL);
320 userauth_finish(Authctxt *authctxt, int authenticated, const char *method,
326 	if (!authctxt->valid && authenticated)
328 		    authctxt->user);
329 	if (authenticated && authctxt->postponed)
333 	if (authenticated && authctxt->pw->pw_uid == 0 &&
342 		if (!auth2_update_methods_lists(authctxt, method, submethod)) {
349 	auth_log(authctxt, authenticated, partial, method, submethod);
351 	if (authctxt->postponed)
364 			    "configuration", authctxt->user);
370 	if (authenticated && cray_access_denied(authctxt->user)) {
372 		fatal("Access denied for user %s.", authctxt->user);
383 		authctxt->success = 1;
387 		if (!partial && !authctxt->server_caused_failure &&
388 		    (authctxt->attempt > 1 || strcmp(method, "none") != 0))
389 			authctxt->failures++;
390 		if (authctxt->failures >= options.max_authtries) {
394 			auth_maxtries_exceeded(authctxt);
396 		methods = authmethods_get(authctxt);
414 auth2_method_allowed(Authctxt *authctxt, const char *method,
420 	 * NB. authctxt->num_auth_methods might be zero as a result of
425 	for (i = 0; i < authctxt->num_auth_methods; i++) {
426 		if (list_starts_with(authctxt->auth_methods[i], method,
434 authmethods_get(Authctxt *authctxt)
447 		if (!auth2_method_allowed(authctxt, authmethods[i]->name,
462 authmethod_lookup(Authctxt *authctxt, const char *name)
471 			    auth2_method_allowed(authctxt,
529  * leave authctxt->num_auth_methods == 0, even when multiple required auth
534 auth2_setup_methods_lists(Authctxt *authctxt)
541 	authctxt->auth_methods = xcalloc(options.num_auth_methods,
542 	    sizeof(*authctxt->auth_methods));
543 	authctxt->num_auth_methods = 0;
552 		    authctxt->num_auth_methods, options.auth_methods[i]);
553 		authctxt->auth_methods[authctxt->num_auth_methods++] =
556 	if (authctxt->num_auth_methods == 0) {
623 auth2_update_methods_lists(Authctxt *authctxt, const char *method,
629 	for (i = 0; i < authctxt->num_auth_methods; i++) {
630 		if (!remove_method(&(authctxt->auth_methods[i]), method,
634 		if (*authctxt->auth_methods[i] == '\0') {
639 		    i, authctxt->auth_methods[i]);

Indexes created Sun Jun 16 09:41:23 MDT 2024