version 1.5, 2000/05/01 23:13:39 |
version 1.6, 2000/05/05 18:50:57 |
|
|
get_canonical_hostname()); |
get_canonical_hostname()); |
} |
} |
|
|
/* XXX todo: check if multiple auth methods are needed */ |
/* Raise logging level */ |
|
if (authenticated == 1 || |
|
attempt == AUTH_FAIL_LOG || |
|
strcmp(method, "password") == 0) |
|
authlog = log; |
|
|
|
/* Log before sending the reply */ |
if (authenticated == 1) { |
if (authenticated == 1) { |
authmsg = "Accepted"; |
authmsg = "Accepted"; |
|
} else if (authenticated == 0) { |
|
authmsg = "Failed"; |
|
} else { |
|
authmsg = "Postponed"; |
|
} |
|
authlog("%s %s for %.200s from %.200s port %d ssh2", |
|
authmsg, |
|
method, |
|
pw && pw->pw_uid == 0 ? "ROOT" : user, |
|
get_remote_ipaddr(), |
|
get_remote_port()); |
|
|
|
/* XXX todo: check if multiple auth methods are needed */ |
|
if (authenticated == 1) { |
/* turn off userauth */ |
/* turn off userauth */ |
dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &protocol_error); |
dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &protocol_error); |
packet_start(SSH2_MSG_USERAUTH_SUCCESS); |
packet_start(SSH2_MSG_USERAUTH_SUCCESS); |
|
|
/* now we can break out */ |
/* now we can break out */ |
userauth_success = 1; |
userauth_success = 1; |
} else if (authenticated == 0) { |
} else if (authenticated == 0) { |
authmsg = "Failed"; |
|
packet_start(SSH2_MSG_USERAUTH_FAILURE); |
packet_start(SSH2_MSG_USERAUTH_FAILURE); |
packet_put_cstring("publickey,password"); /* XXX dynamic */ |
packet_put_cstring("publickey,password"); /* XXX dynamic */ |
packet_put_char(0); /* XXX partial success, unused */ |
packet_put_char(0); /* XXX partial success, unused */ |
packet_send(); |
packet_send(); |
packet_write_wait(); |
packet_write_wait(); |
} else { |
|
authmsg = "Postponed"; |
|
} |
} |
/* Raise logging level */ |
|
if (authenticated == 1|| |
|
attempt == AUTH_FAIL_LOG || |
|
strcmp(method, "password") == 0) |
|
authlog = log; |
|
|
|
authlog("%s %s for %.200s from %.200s port %d ssh2", |
|
authmsg, |
|
method, |
|
pw && pw->pw_uid == 0 ? "ROOT" : user, |
|
get_remote_ipaddr(), |
|
get_remote_port()); |
|
|
|
xfree(service); |
xfree(service); |
xfree(user); |
xfree(user); |
xfree(method); |
xfree(method); |
|
|
debug("test key..."); |
debug("test key..."); |
/* test whether pkalg/pkblob are acceptable */ |
/* test whether pkalg/pkblob are acceptable */ |
/* XXX fake reply and always send PK_OK ? */ |
/* XXX fake reply and always send PK_OK ? */ |
|
/* |
|
* XXX this allows testing whether a user is allowed |
|
* to login: if you happen to have a valid pubkey this |
|
* message is sent. the message is NEVER sent at all |
|
* if a user is not allowed to login. is this an |
|
* issue? -markus |
|
*/ |
if (user_dsa_key_allowed(pw, key)) { |
if (user_dsa_key_allowed(pw, key)) { |
packet_start(SSH2_MSG_USERAUTH_PK_OK); |
packet_start(SSH2_MSG_USERAUTH_PK_OK); |
packet_put_string(pkalg, alen); |
packet_put_string(pkalg, alen); |