version 1.136, 2016/05/02 08:49:03 |
version 1.137, 2017/02/03 23:05:57 |
|
|
static int |
static int |
input_userauth_request(int type, u_int32_t seq, void *ctxt) |
input_userauth_request(int type, u_int32_t seq, void *ctxt) |
{ |
{ |
|
struct ssh *ssh = active_state; /* XXX */ |
Authctxt *authctxt = ctxt; |
Authctxt *authctxt = ctxt; |
Authmethod *m = NULL; |
Authmethod *m = NULL; |
char *user, *service, *method, *style = NULL; |
char *user, *service, *method, *style = NULL; |
|
|
authctxt->pw = PRIVSEP(getpwnamallow(user)); |
authctxt->pw = PRIVSEP(getpwnamallow(user)); |
if (authctxt->pw && strcmp(service, "ssh-connection")==0) { |
if (authctxt->pw && strcmp(service, "ssh-connection")==0) { |
authctxt->valid = 1; |
authctxt->valid = 1; |
debug2("input_userauth_request: setting up authctxt for %s", user); |
debug2("%s: setting up authctxt for %s", |
|
__func__, user); |
} else { |
} else { |
logit("input_userauth_request: invalid user %s", user); |
/* Invalid user, fake password information */ |
authctxt->pw = fakepw(); |
authctxt->pw = fakepw(); |
} |
} |
|
ssh_packet_set_log_preamble(ssh, "%suser %s", |
|
authctxt->valid ? "authenticating " : "invalid ", user); |
setproctitle("%s%s", authctxt->valid ? user : "unknown", |
setproctitle("%s%s", authctxt->valid ? user : "unknown", |
use_privsep ? " [net]" : ""); |
use_privsep ? " [net]" : ""); |
authctxt->user = xstrdup(user); |
authctxt->user = xstrdup(user); |
|
|
userauth_finish(Authctxt *authctxt, int authenticated, const char *method, |
userauth_finish(Authctxt *authctxt, int authenticated, const char *method, |
const char *submethod) |
const char *submethod) |
{ |
{ |
|
struct ssh *ssh = active_state; /* XXX */ |
char *methods; |
char *methods; |
int partial = 0; |
int partial = 0; |
|
|
|
|
packet_write_wait(); |
packet_write_wait(); |
/* now we can break out */ |
/* now we can break out */ |
authctxt->success = 1; |
authctxt->success = 1; |
|
ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user); |
} else { |
} else { |
/* Allow initial try of "none" auth without failure penalty */ |
/* Allow initial try of "none" auth without failure penalty */ |
if (!partial && !authctxt->server_caused_failure && |
if (!partial && !authctxt->server_caused_failure && |