diff options
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | auth.c | 26 | ||||
-rw-r--r-- | session.c | 16 |
3 files changed, 29 insertions, 18 deletions
@@ -41,6 +41,9 @@ [auth-krb4.c] set client to NULL after xfree(), from Rolf Braun <rbraun+ssh@andrew.cmu.edu> + - provos@cvs.openbsd.org 2002/03/18 03:41:08 + [auth.c session.c] + move auth_approval into getpwnamallow with help from millert@ 20020317 - (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is wanted, @@ -7887,4 +7890,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1936 2002/03/22 01:30:40 mouring Exp $ +$Id: ChangeLog,v 1.1937 2002/03/22 01:35:47 mouring Exp $ @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth.c,v 1.37 2002/03/17 20:25:56 provos Exp $"); +RCSID("$OpenBSD: auth.c,v 1.38 2002/03/18 03:41:08 provos Exp $"); #ifdef HAVE_LOGIN_H #include <login.h> @@ -443,11 +443,31 @@ secure_filename(FILE *f, const char *file, struct passwd *pw, struct passwd * getpwnamallow(const char *user) { +#ifdef HAVE_LOGIN_CAP + extern login_cap_t *lc; +#ifdef BSD_AUTH + auth_session_t *as; +#endif +#endif struct passwd *pw; pw = getpwnam(user); - if (pw != NULL && !allowed_user(pw)) + if (pw == NULL || !allowed_user(pw)) + return (NULL); +#ifdef HAVE_LOGIN_CAP + if ((lc = login_getclass(pw->pw_class)) == NULL) { + debug("unable to get login class: %s", user); + return (NULL); + } +#ifdef BSD_AUTH + if ((as = auth_open()) == NULL || auth_setpwd(as, pw) != 0 || + auth_approval(NULL, lc, pw->pw_name, "ssh") <= 0) { + debug("Approval failure for %s", user); pw = NULL; - + } + if (as != NULL) + auth_close(as); +#endif +#endif return (pw); } @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.128 2002/02/16 00:51:44 markus Exp $"); +RCSID("$OpenBSD: session.c,v 1.129 2002/03/18 03:41:08 provos Exp $"); #include "ssh.h" #include "ssh1.h" @@ -136,7 +136,7 @@ char *aixloginmsg; #endif /* WITH_AIXAUTHENTICATE */ #ifdef HAVE_LOGIN_CAP -static login_cap_t *lc; +login_cap_t *lc; #endif void @@ -151,18 +151,6 @@ do_authenticated(Authctxt *authctxt) close(startup_pipe); startup_pipe = -1; } -#if defined(HAVE_LOGIN_CAP) && defined(HAVE_PW_CLASS_IN_PASSWD) - if ((lc = login_getclass(authctxt->pw->pw_class)) == NULL) { - error("unable to get login class"); - return; - } -#ifdef BSD_AUTH - if (auth_approval(NULL, lc, authctxt->pw->pw_name, "ssh") <= 0) { - packet_disconnect("Approval failure for %s", - authctxt->pw->pw_name); - } -#endif -#endif #ifdef WITH_AIXAUTHENTICATE /* We don't have a pty yet, so just label the line as "ssh" */ if (loginsuccess(authctxt->user, |