summaryrefslogtreecommitdiff
path: root/auth2.c
diff options
context:
space:
mode:
Diffstat (limited to 'auth2.c')
-rw-r--r--auth2.c64
1 files changed, 26 insertions, 38 deletions
diff --git a/auth2.c b/auth2.c
index 8c55ff0f..05b60128 100644
--- a/auth2.c
+++ b/auth2.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.59 2001/05/30 12:55:06 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.60 2001/05/30 23:31:14 markus Exp $");
#include <openssl/evp.h>
@@ -88,7 +88,6 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
/* auth */
void userauth_banner(void);
-void userauth_reply(Authctxt *authctxt, int authenticated);
int userauth_none(Authctxt *authctxt);
int userauth_passwd(Authctxt *authctxt);
int userauth_pubkey(Authctxt *authctxt);
@@ -255,6 +254,8 @@ input_userauth_request(int type, int plen, void *ctxt)
void
userauth_finish(Authctxt *authctxt, int authenticated, char *method)
{
+ char *methods;
+
if (!authctxt->valid && authenticated)
fatal("INTERNAL ERROR: authenticated invalid user %s",
authctxt->user);
@@ -273,8 +274,29 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
/* Log before sending the reply */
auth_log(authctxt, authenticated, method, " ssh2");
- if (!authctxt->postponed)
- userauth_reply(authctxt, authenticated);
+ if (authctxt->postponed)
+ return;
+
+ /* XXX todo: check if multiple auth methods are needed */
+ if (authenticated == 1) {
+ /* turn off userauth */
+ dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &protocol_error);
+ packet_start(SSH2_MSG_USERAUTH_SUCCESS);
+ packet_send();
+ packet_write_wait();
+ /* now we can break out */
+ authctxt->success = 1;
+ } else {
+ if (authctxt->failures++ > AUTH_FAIL_MAX)
+ packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
+ methods = authmethods_get();
+ packet_start(SSH2_MSG_USERAUTH_FAILURE);
+ packet_put_cstring(methods);
+ packet_put_char(0); /* XXX partial success, unused */
+ packet_send();
+ packet_write_wait();
+ xfree(methods);
+ }
}
void
@@ -308,40 +330,6 @@ done:
return;
}
-void
-userauth_reply(Authctxt *authctxt, int authenticated)
-{
- char *methods;
-
- /* XXX todo: check if multiple auth methods are needed */
- if (authenticated == 1) {
-#ifdef WITH_AIXAUTHENTICATE
- /* We don't have a pty yet, so just label the line as "ssh" */
- if (loginsuccess(authctxt->user?authctxt->user:"NOUSER",
- get_canonical_hostname(options.reverse_mapping_check),
- "ssh", &aixloginmsg) < 0)
- aixloginmsg = NULL;
-#endif /* WITH_AIXAUTHENTICATE */
- /* turn off userauth */
- dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &protocol_error);
- packet_start(SSH2_MSG_USERAUTH_SUCCESS);
- packet_send();
- packet_write_wait();
- /* now we can break out */
- authctxt->success = 1;
- } else {
- if (authctxt->failures++ > AUTH_FAIL_MAX)
- packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
- methods = authmethods_get();
- packet_start(SSH2_MSG_USERAUTH_FAILURE);
- packet_put_cstring(methods);
- packet_put_char(0); /* XXX partial success, unused */
- packet_send();
- packet_write_wait();
- xfree(methods);
- }
-}
-
int
userauth_none(Authctxt *authctxt)
{