90 static char *authmethods_check_abandonment(Authctxt *authctxt,
100  * loop until authctxt->success == TRUE
106 	Authctxt *authctxt = authctxt_new();
108 	x_authctxt = authctxt;		/*XXX*/
111 	fatal_add_cleanup(audit_failed_login_cleanup, authctxt);
116 	dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt);
118 	return (authctxt);
124 	Authctxt *authctxt = ctxt;
130 	if (authctxt == NULL)
131 		fatal("input_service_request: no authctxt");
134 		if (!authctxt->success) {
157 	Authctxt *authctxt = ctxt;
162 	if (authctxt == NULL)
163 		fatal("input_userauth_request: no authctxt");
171 		authctxt->attempt, authctxt->init_attempt,
172 		authctxt->failures, authctxt->init_failures);
179 	authctxt->attempt++;
181 		authctxt->init_attempt++;
190 	if (authctxt->attempt == 1) {
192 		authctxt->pw = getpwnamallow(user);
194 		if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
197 				authctxt->valid = 1;
199 			debug2("input_userauth_request: setting up authctxt for %s", user);
203 		setproctitle("%s", authctxt->pw ? user : "unknown");
204 		authctxt->user = xstrdup(user);
205 		authctxt->service = xstrdup(service);
206 		authctxt->style = style ? xstrdup(style) : NULL;
217 		abandoned = authmethods_check_abandonment(authctxt, m);
220 		    authctxt->failures > options.max_auth_tries) {
222 			userauth_finish(authctxt, abandoned);
227 		userauth_user_svc_change(authctxt, user, service);
230 	authctxt->method = m;
241 		    authctxt->init_failures < options.max_init_auth_tries)
242 			m->userauth(authctxt);
246 		if (authctxt->unwind_dispatch_loop) {
252 			authctxt->unwind_dispatch_loop = 0;
261 			auth_log(authctxt, 0, method, " ssh2");
266 	userauth_finish(authctxt, method);
275 userauth_finish(Authctxt *authctxt, char *method)
279 	if (authctxt == NULL)
283 	if (authctxt->method == NULL) {
291 	if (authctxt->method->authenticated &&
292 	    authctxt->pw != NULL && authctxt->pw->pw_uid == 0 &&
294 		authctxt->method->authenticated = 0;
298 	if (authctxt->method->authenticated &&
299 	    cray_access_denied(authctxt->user)) {
300 		authctxt->method->authenticated = 0;
301 		fatal("Access denied for user %s.",authctxt->user);
305 	partial = userauth_check_partial_failure(authctxt);
306 	authenticated = authctxt->method->authenticated;
313 	if (authenticated && !AUTHPAM_DONE(authctxt))
320 	 * authctxt->method == NULL.
322 	 * No unguarded reference to authctxt->method allowed from here.
323 	 * Checking authenticated != 0 is a valid guard; authctxt->method
327 	if (!authctxt->valid && authenticated) {
334 		authctxt->method->authenticated = 0;
337 		    authctxt->user);
338 		auth_log(authctxt, 0, method, " ssh2");
342 	auth_log(authctxt, authenticated, method, " ssh2");
352 		authctxt->success = 1;
356 		if (authctxt->method && authctxt->method->is_initial)
357 			authctxt->init_failures++;
359 		authctxt->method = NULL;
367 		authctxt->pam_retval = AUTHPAM_ERROR(authctxt, PAM_PERM_DENIED);
370 		if (authctxt->failures++ > options.max_auth_tries) {
373 				authctxt);
375 			    authctxt->user);
377 			packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
382 			cray_login_failure(authctxt->user, IA_UDBERR);
428 userauth_user_svc_change(Authctxt *authctxt, char *user, char *service)
443 	/* authctxt->service must == ssh-connection here */
444 	if (service != NULL && strcmp(service, authctxt->service) != 0) {
447 				  authctxt->service, service);
449 	if (user != NULL && authctxt->user != NULL &&
450 	    strcmp(user, authctxt->user) == 0)
453 	/* All good; update authctxt */
454 	xfree(authctxt->user);
455 	authctxt->user = xstrdup(user);
456 	pwfree(&authctxt->pw);
457 	authctxt->pw = getpwnamallow(user);
458 	authctxt->valid = (authctxt->pw != NULL);
465 userauth_check_partial_failure(Authctxt *authctxt)
472 	 * v1 does not set authctxt->method
475 	if (authctxt->method == NULL)
486 		return !authctxt->method->authenticated;
488 	if (required == 1 && authctxt->method->required)
489 		return !authctxt->method->authenticated;
491 	if (sufficient && authctxt->method->sufficient)
492 		return !authctxt->method->authenticated;
543 authmethods_check_abandonment(Authctxt *authctxt, Authmethod *method)
551 			method->abandon(authctxt, method);
554 		authctxt->failures++; /* abandonment -> failure */
556 			authctxt->init_failures++;
573 				authmethods[i]->abandon(authctxt,
577 			authctxt->failures++;
579 				authctxt->init_failures++;

Indexes created Mon Jul 01 21:43:02 MDT 2024