diff options
author | Damien Miller <djm@mindrot.org> | 2000-03-11 11:58:28 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2000-03-11 11:58:28 +1100 |
commit | 02491e9632dc03c8aa75a9d406ff98445aa28786 (patch) | |
tree | 3c4290b414a343fc403948d2d8f73ff8257762ec | |
parent | eedc0ca23e06fa5a342d531db395badaf783bbd7 (diff) |
- OpenBSD CVS changeV_1_2_3_PRE1
[sshd.c]
- disallow guessing of root password
-rw-r--r-- | ChangeLog | 3 | ||||
-rw-r--r-- | sshd.c | 25 |
2 files changed, 19 insertions, 9 deletions
@@ -1,5 +1,8 @@ 20000311 - Detect RSAref + - OpenBSD CVS change + [sshd.c] + - disallow guessing of root password 20000309 - OpenBSD CVS updates to v1.2.3 @@ -11,7 +11,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.90 2000/03/06 20:29:04 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.91 2000/03/09 19:31:47 markus Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -1275,14 +1275,6 @@ do_authentication() do_authloop(pw); } - /* Check if the user is logging in as root and root logins are disallowed. */ - if (pw->pw_uid == 0 && !options.permit_root_login) { - if (forced_command) - log("Root login accepted for forced command."); - else - packet_disconnect("ROOT LOGIN REFUSED FROM %.200s", - get_canonical_hostname()); - } /* The user has been authenticated and accepted. */ #ifdef WITH_AIXAUTHENTICATE loginsuccess(user,get_canonical_hostname(),"ssh",&loginmsg); @@ -1525,6 +1517,21 @@ do_authloop(struct passwd * pw) break; } + /* + * Check if the user is logging in as root and root logins + * are disallowed. + * Note that root login is allowed for forced commands. + */ + if (authenticated && pw->pw_uid == 0 && !options.permit_root_login) { + if (forced_command) { + log("Root login accepted for forced command."); + } else { + authenticated = 0; + log("ROOT LOGIN REFUSED FROM %.200s", + get_canonical_hostname()); + } + } + /* Raise logging level */ if (authenticated || attempt == AUTH_FAIL_LOG || |