version 1.117, 2012/06/22 12:30:26 |
version 1.118, 2012/11/04 11:09:15 |
|
|
while (!authenticated) { |
while (!authenticated) { |
auth_method = "unknown"; |
auth_method = "unknown"; |
authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1); |
authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1); |
|
|
|
/* Special handling for multiple required authentications */ |
|
if (options.num_auth_methods != 0) { |
|
if (!compat20) |
|
fatal("AuthenticationMethods is not supported" |
|
"with SSH protocol 1"); |
|
if (authenticated && |
|
!auth2_update_methods_lists(authctxt, |
|
auth_method)) { |
|
debug3("%s: method %s: partial", __func__, |
|
auth_method); |
|
authenticated = 0; |
|
} |
|
} |
|
|
if (authenticated) { |
if (authenticated) { |
if (!(ent->flags & MON_AUTHDECIDE)) |
if (!(ent->flags & MON_AUTHDECIDE)) |
fatal("%s: unexpected authentication from %d", |
fatal("%s: unexpected authentication from %d", |
|
|
!auth_root_allowed(auth_method)) |
!auth_root_allowed(auth_method)) |
authenticated = 0; |
authenticated = 0; |
} |
} |
|
|
if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) { |
if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) { |
auth_log(authctxt, authenticated, auth_method, |
auth_log(authctxt, authenticated, auth_method, |
compat20 ? " ssh2" : ""); |
compat20 ? " ssh2" : ""); |
|
|
COPY_MATCH_STRING_OPTS(); |
COPY_MATCH_STRING_OPTS(); |
#undef M_CP_STROPT |
#undef M_CP_STROPT |
#undef M_CP_STRARRAYOPT |
#undef M_CP_STRARRAYOPT |
|
|
|
/* Create valid auth method lists */ |
|
if (compat20 && auth2_setup_methods_lists(authctxt) != 0) { |
|
/* |
|
* The monitor will continue long enough to let the child |
|
* run to it's packet_disconnect(), but it must not allow any |
|
* authentication to succeed. |
|
*/ |
|
debug("%s: no valid authentication method lists", __func__); |
|
} |
|
|
debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed); |
debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed); |
mm_request_send(sock, MONITOR_ANS_PWNAM, m); |
mm_request_send(sock, MONITOR_ANS_PWNAM, m); |
|
|
|
|
debug3("%s: sending authenticated: %d", __func__, authok); |
debug3("%s: sending authenticated: %d", __func__, authok); |
mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m); |
mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m); |
|
|
auth_method = "bsdauth"; |
if (compat20) |
|
auth_method = "keyboard-interactive"; |
|
else |
|
auth_method = "bsdauth"; |
|
|
return (authok != 0); |
return (authok != 0); |
} |
} |