|
Lines 227-239
Link Here
|
| 227 |
debug("userauth-request for user %s service %s method %s", user, service, method); |
227 |
debug("userauth-request for user %s service %s method %s", user, service, method); |
| 228 |
debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); |
228 |
debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); |
| 229 |
|
229 |
|
|
|
230 |
if (authctxt->attempt == 0) authctxt->user = xstrdup(user); |
| 231 |
|
| 230 |
if ((style = strchr(user, ':')) != NULL) |
232 |
if ((style = strchr(user, ':')) != NULL) |
| 231 |
*style++ = 0; |
233 |
*style++ = 0; |
| 232 |
|
234 |
|
| 233 |
if (authctxt->attempt++ == 0) { |
235 |
if (authctxt->attempt++ == 0) { |
| 234 |
/* setup auth context */ |
236 |
/* setup auth context */ |
| 235 |
authctxt->pw = PRIVSEP(getpwnamallow(user)); |
237 |
authctxt->pw = PRIVSEP(getpwnamallow(user)); |
| 236 |
authctxt->user = xstrdup(user); |
|
|
| 237 |
if (authctxt->pw && strcmp(service, "ssh-connection")==0) { |
238 |
if (authctxt->pw && strcmp(service, "ssh-connection")==0) { |
| 238 |
authctxt->valid = 1; |
239 |
authctxt->valid = 1; |
| 239 |
debug2("input_userauth_request: setting up authctxt for %s", user); |
240 |
debug2("input_userauth_request: setting up authctxt for %s", user); |
|
Lines 253-265
Link Here
|
| 253 |
authctxt->service = xstrdup(service); |
254 |
authctxt->service = xstrdup(service); |
| 254 |
authctxt->style = style ? xstrdup(style) : NULL; |
255 |
authctxt->style = style ? xstrdup(style) : NULL; |
| 255 |
if (use_privsep) |
256 |
if (use_privsep) |
| 256 |
mm_inform_authserv(service, style); |
257 |
mm_inform_authserv(authctxt->user, service, style); |
| 257 |
userauth_banner(); |
258 |
userauth_banner(); |
| 258 |
} else if (strcmp(user, authctxt->user) != 0 || |
259 |
} else if (strcmp(user, authctxt->pw->pw_name) != 0 || |
| 259 |
strcmp(service, authctxt->service) != 0) { |
260 |
strcmp(service, authctxt->service) != 0) { |
| 260 |
packet_disconnect("Change of username or service not allowed: " |
261 |
packet_disconnect("Change of username or service not allowed: " |
| 261 |
"(%s,%s) -> (%s,%s)", |
262 |
"(%s,%s) -> (%s,%s)", |
| 262 |
authctxt->user, authctxt->service, user, service); |
263 |
authctxt->pw->pw_name, authctxt->service, user, service); |
| 263 |
} |
264 |
} |
| 264 |
/* reset state */ |
265 |
/* reset state */ |
| 265 |
auth2_challenge_stop(authctxt); |
266 |
auth2_challenge_stop(authctxt); |