diff options
Diffstat (limited to 'auth2.c')
-rw-r--r-- | auth2.c | 37 |
1 files changed, 20 insertions, 17 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.125 2012/11/04 11:09:15 djm Exp $ */ +/* $OpenBSD: auth2.c,v 1.126 2012/12/02 20:34:09 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -286,7 +286,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) debug2("input_userauth_request: try method %s", method); authenticated = m->userauth(authctxt); } - userauth_finish(authctxt, authenticated, method); + userauth_finish(authctxt, authenticated, method, NULL); xfree(service); xfree(user); @@ -294,7 +294,8 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) } void -userauth_finish(Authctxt *authctxt, int authenticated, char *method) +userauth_finish(Authctxt *authctxt, int authenticated, const char *method, + const char *submethod) { char *methods; int partial = 0; @@ -302,6 +303,8 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) if (!authctxt->valid && authenticated) fatal("INTERNAL ERROR: authenticated invalid user %s", authctxt->user); + if (authenticated && authctxt->postponed) + fatal("INTERNAL ERROR: authenticated and postponed"); /* Special handling for root */ if (authenticated && authctxt->pw->pw_uid == 0 && @@ -312,6 +315,19 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) #endif } + if (authenticated && options.num_auth_methods != 0) { + if (!auth2_update_methods_lists(authctxt, method)) { + authenticated = 0; + partial = 1; + } + } + + /* Log before sending the reply */ + auth_log(authctxt, authenticated, partial, method, submethod, " ssh2"); + + if (authctxt->postponed) + return; + #ifdef USE_PAM if (options.use_pam && authenticated) { if (!PRIVSEP(do_pam_account())) { @@ -330,23 +346,10 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) #ifdef _UNICOS if (authenticated && cray_access_denied(authctxt->user)) { authenticated = 0; - fatal("Access denied for user %s.",authctxt->user); + fatal("Access denied for user %s.", authctxt->user); } #endif /* _UNICOS */ - /* Log before sending the reply */ - auth_log(authctxt, authenticated, method, " ssh2"); - - if (authctxt->postponed) - return; - - if (authenticated && options.num_auth_methods != 0) { - if (!auth2_update_methods_lists(authctxt, method)) { - authenticated = 0; - partial = 1; - } - } - if (authenticated == 1) { /* turn off userauth */ dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore); |