Attachment #2196 for bug #983

View | Details | Raw Unified | Return to bug 983 | Differences between

and this patch




#endif
	}

	if (authenticated && options.num_auth_methods != 0) {
		if (!auth2_update_methods_lists(authctxt, method)) {
			authenticated = 0;
			partial = 1;
		}
	}

#ifdef USE_PAM
	if (options.use_pam && authenticated) {
		if (!PRIVSEP(do_pam_account())) {

#endif /* _UNICOS */

	/* Log before sending the reply */
	auth_log(authctxt, authenticated | partial, method, " ssh2");

	if (authctxt->postponed)
		return;

	if (authenticated && options.num_auth_methods != 0) {
		if (!auth2_update_methods_lists(authctxt, method)) {
			authenticated = 0;
			partial = 1;
		}
	}

	if (authenticated == 1) {
		/* turn off userauth */
		dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore);


		/* Allow initial try of "none" auth without failure penalty */
		if (!authctxt->server_caused_failure &&
		    (authctxt->attempt > 1 || strcmp(method, "none") != 0) &&
		    !partial)
			authctxt->failures++;
		if (authctxt->failures >= options.max_authtries) {
#ifdef SSH_AUDIT_EVENTS




{
	struct mon_table *ent;
	int authenticated = 0;
	int partial = 0;

	debug3("preauth child monitor started");


				debug3("%s: method %s: partial", __func__,
				    auth_method);
				authenticated = 0;
				partial = 1;
			}
		}


#endif
		}
		if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) {
			auth_log(authctxt, authenticated | partial, auth_method,
			    compat20 ? " ssh2" : "");
			if (!authenticated && !partial)
				authctxt->failures++;
		}
#ifdef JPAKE

Return to bug 983

Lines 312-317 Link Here

(-)auth2.c (-9 / +10 lines)
312	#endif	312	#endif
313	}	313	}
314		314
		315	if (authenticated && options.num_auth_methods != 0) {
		316	if (!auth2_update_methods_lists(authctxt, method)) {
		317	authenticated = 0;
		318	partial = 1;
		319	}
		320	}
		321
315	#ifdef USE_PAM	322	#ifdef USE_PAM
316	if (options.use_pam && authenticated) {	323	if (options.use_pam && authenticated) {
317	if (!PRIVSEP(do_pam_account())) {	324	if (!PRIVSEP(do_pam_account())) {
Lines 335-352 Link Here
335	#endif /* _UNICOS */	342	#endif /* _UNICOS */
336		343
337	/* Log before sending the reply */	344	/* Log before sending the reply */
338	auth_log(authctxt, authenticated, method, " ssh2");	345	auth_log(authctxt, authenticated \| partial, method, " ssh2");
339		346
340	if (authctxt->postponed)	347	if (authctxt->postponed)
341	return;	348	return;
342		349
343	if (authenticated && options.num_auth_methods != 0) {
344	if (!auth2_update_methods_lists(authctxt, method)) {
345	authenticated = 0;
346	partial = 1;
347	}
348	}
349
350	if (authenticated == 1) {	350	if (authenticated == 1) {
351	/* turn off userauth */	351	/* turn off userauth */
352	dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore);	352	dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore);
Lines 359-365 Link Here
359		359
360	/* Allow initial try of "none" auth without failure penalty */	360	/* Allow initial try of "none" auth without failure penalty */
361	if (!authctxt->server_caused_failure &&	361	if (!authctxt->server_caused_failure &&
362	(authctxt->attempt > 1 \|\| strcmp(method, "none") != 0))	362	(authctxt->attempt > 1 \|\| strcmp(method, "none") != 0) &&
		363	!partial)
363	authctxt->failures++;	364	authctxt->failures++;
364	if (authctxt->failures >= options.max_authtries) {	365	if (authctxt->failures >= options.max_authtries) {
365	#ifdef SSH_AUDIT_EVENTS	366	#ifdef SSH_AUDIT_EVENTS

Lines 353-358 Link Here

(-)monitor.c (-2 / +4 lines)
353	{	353	{
354	struct mon_table *ent;	354	struct mon_table *ent;
355	int authenticated = 0;	355	int authenticated = 0;
		356	int partial = 0;
356		357
357	debug3("preauth child monitor started");	358	debug3("preauth child monitor started");
358		359
Lines 393-398 Link Here
393	debug3("%s: method %s: partial", __func__,	394	debug3("%s: method %s: partial", __func__,
394	auth_method);	395	auth_method);
395	authenticated = 0;	396	authenticated = 0;
		397	partial = 1;
396	}	398	}
397	}	399	}
398		400
Lines 417-425 Link Here
417	#endif	419	#endif
418	}	420	}
419	if (ent->flags & (MON_AUTHDECIDE\|MON_ALOG)) {	421	if (ent->flags & (MON_AUTHDECIDE\|MON_ALOG)) {
420	auth_log(authctxt, authenticated, auth_method,	422	auth_log(authctxt, authenticated \| partial, auth_method,
421	compat20 ? " ssh2" : "");	423	compat20 ? " ssh2" : "");
422	if (!authenticated)	424	if (!authenticated && !partial)
423	authctxt->failures++;	425	authctxt->failures++;
424	}	426	}
425	#ifdef JPAKE	427	#ifdef JPAKE