version 1.118, 2012/11/04 11:09:15 |
version 1.119, 2012/12/02 20:34:10 |
|
|
static char *hostbased_cuser = NULL; |
static char *hostbased_cuser = NULL; |
static char *hostbased_chost = NULL; |
static char *hostbased_chost = NULL; |
static char *auth_method = "unknown"; |
static char *auth_method = "unknown"; |
|
static char *auth_submethod = NULL; |
static u_int session_id2_len = 0; |
static u_int session_id2_len = 0; |
static u_char *session_id2 = NULL; |
static u_char *session_id2 = NULL; |
static pid_t monitor_child_pid; |
static pid_t monitor_child_pid; |
|
|
monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) |
monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) |
{ |
{ |
struct mon_table *ent; |
struct mon_table *ent; |
int authenticated = 0; |
int authenticated = 0, partial = 0; |
|
|
debug3("preauth child monitor started"); |
debug3("preauth child monitor started"); |
|
|
|
|
|
|
/* The first few requests do not require asynchronous access */ |
/* The first few requests do not require asynchronous access */ |
while (!authenticated) { |
while (!authenticated) { |
|
partial = 0; |
auth_method = "unknown"; |
auth_method = "unknown"; |
|
auth_submethod = NULL; |
authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1); |
authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1); |
|
|
/* Special handling for multiple required authentications */ |
/* Special handling for multiple required authentications */ |
|
|
debug3("%s: method %s: partial", __func__, |
debug3("%s: method %s: partial", __func__, |
auth_method); |
auth_method); |
authenticated = 0; |
authenticated = 0; |
|
partial = 1; |
} |
} |
} |
} |
|
|
|
|
authenticated = 0; |
authenticated = 0; |
} |
} |
if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) { |
if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) { |
auth_log(authctxt, authenticated, auth_method, |
auth_log(authctxt, authenticated, partial, |
|
auth_method, auth_submethod, |
compat20 ? " ssh2" : ""); |
compat20 ? " ssh2" : ""); |
if (!authenticated) |
if (!authenticated) |
authctxt->failures++; |
authctxt->failures++; |
|
|
mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m); |
mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m); |
|
|
if (compat20) |
if (compat20) |
auth_method = "keyboard-interactive"; |
auth_method = "keyboard-interactive"; /* XXX auth_submethod */ |
else |
else |
auth_method = "bsdauth"; |
auth_method = "bsdauth"; |
|
|
|
|
hostbased_chost = chost; |
hostbased_chost = chost; |
} else { |
} else { |
/* Log failed attempt */ |
/* Log failed attempt */ |
auth_log(authctxt, 0, auth_method, compat20 ? " ssh2" : ""); |
auth_log(authctxt, 0, 0, auth_method, NULL, |
|
compat20 ? " ssh2" : ""); |
xfree(blob); |
xfree(blob); |
xfree(cuser); |
xfree(cuser); |
xfree(chost); |
xfree(chost); |