diff options
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | auth.c | 14 | ||||
| -rw-r--r-- | auth.h | 3 | ||||
| -rw-r--r-- | auth1.c | 6 | ||||
| -rw-r--r-- | auth2.c | 6 |
5 files changed, 25 insertions, 9 deletions
@@ -30,6 +30,9 @@ - stevesk@cvs.openbsd.org 2002/03/16 17:41:25 [auth-krb5.c] BSD license. from Daniel Kouril via Dug Song. ok markus@ + - provos@cvs.openbsd.org 2002/03/17 20:25:56 + [auth.c auth.h auth1.c auth2.c] + getpwnamallow returns struct passwd * only if user valid; okay markus@ 20020317 - (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is wanted, @@ -7876,4 +7879,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1933 2002/03/22 01:22:27 mouring Exp $ +$Id: ChangeLog,v 1.1934 2002/03/22 01:24:38 mouring Exp $ @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth.c,v 1.36 2002/03/15 11:00:38 itojun Exp $"); +RCSID("$OpenBSD: auth.c,v 1.37 2002/03/17 20:25:56 provos Exp $"); #ifdef HAVE_LOGIN_H #include <login.h> @@ -439,3 +439,15 @@ secure_filename(FILE *f, const char *file, struct passwd *pw, } return 0; } + +struct passwd * +getpwnamallow(const char *user) +{ + struct passwd *pw; + + pw = getpwnam(user); + if (pw != NULL && !allowed_user(pw)) + pw = NULL; + + return (pw); +} @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.h,v 1.31 2002/03/16 17:22:09 markus Exp $ */ +/* $OpenBSD: auth.h,v 1.32 2002/03/17 20:25:56 provos Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -133,6 +133,7 @@ int auth2_challenge(Authctxt *, char *); void auth2_challenge_stop(Authctxt *); int allowed_user(struct passwd *); +struct passwd * getpwnamallow(const char *user); char *get_challenge(Authctxt *); int verify_response(Authctxt *, const char *); @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth1.c,v 1.35 2002/02/03 17:53:25 markus Exp $"); +RCSID("$OpenBSD: auth1.c,v 1.36 2002/03/17 20:25:56 provos Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -382,8 +382,8 @@ do_authentication(void) authctxt->style = style; /* Verify that the user is a valid user. */ - pw = getpwnam(user); - if (pw && allowed_user(pw)) { + pw = getpwnamallow(user); + if (pw) { authctxt->valid = 1; pw = pwcopy(pw); } else { @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2.c,v 1.85 2002/02/24 19:14:59 markus Exp $"); +RCSID("$OpenBSD: auth2.c,v 1.86 2002/03/17 20:25:56 provos Exp $"); #include <openssl/evp.h> @@ -184,8 +184,8 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) if (authctxt->attempt++ == 0) { /* setup auth context */ struct passwd *pw = NULL; - pw = getpwnam(user); - if (pw && allowed_user(pw) && strcmp(service, "ssh-connection")==0) { + pw = getpwnamallow(user); + if (pw && strcmp(service, "ssh-connection")==0) { authctxt->pw = pwcopy(pw); authctxt->valid = 1; debug2("input_userauth_request: setting up authctxt for %s", user); |