diff options
| author | Damien Miller <djm@mindrot.org> | 2000-03-11 11:58:28 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2000-03-11 11:58:28 +1100 |
| commit | 02491e9632dc03c8aa75a9d406ff98445aa28786 (patch) | |
| tree | 3c4290b414a343fc403948d2d8f73ff8257762ec | |
| parent | eedc0ca23e06fa5a342d531db395badaf783bbd7 (diff) | |
- OpenBSD CVS change
[sshd.c]
- disallow guessing of root password
| -rw-r--r-- | ChangeLog | 3 | ||||
| -rw-r--r-- | sshd.c | 25 |
2 files changed, 19 insertions, 9 deletions
| @@ -1,5 +1,8 @@ | |||
| 1 | 20000311 | 1 | 20000311 |
| 2 | - Detect RSAref | 2 | - Detect RSAref |
| 3 | - OpenBSD CVS change | ||
| 4 | [sshd.c] | ||
| 5 | - disallow guessing of root password | ||
| 3 | 6 | ||
| 4 | 20000309 | 7 | 20000309 |
| 5 | - OpenBSD CVS updates to v1.2.3 | 8 | - OpenBSD CVS updates to v1.2.3 |
| @@ -11,7 +11,7 @@ | |||
| 11 | */ | 11 | */ |
| 12 | 12 | ||
| 13 | #include "includes.h" | 13 | #include "includes.h" |
| 14 | RCSID("$OpenBSD: sshd.c,v 1.90 2000/03/06 20:29:04 markus Exp $"); | 14 | RCSID("$OpenBSD: sshd.c,v 1.91 2000/03/09 19:31:47 markus Exp $"); |
| 15 | 15 | ||
| 16 | #include "xmalloc.h" | 16 | #include "xmalloc.h" |
| 17 | #include "rsa.h" | 17 | #include "rsa.h" |
| @@ -1275,14 +1275,6 @@ do_authentication() | |||
| 1275 | do_authloop(pw); | 1275 | do_authloop(pw); |
| 1276 | } | 1276 | } |
| 1277 | 1277 | ||
| 1278 | /* Check if the user is logging in as root and root logins are disallowed. */ | ||
| 1279 | if (pw->pw_uid == 0 && !options.permit_root_login) { | ||
| 1280 | if (forced_command) | ||
| 1281 | log("Root login accepted for forced command."); | ||
| 1282 | else | ||
| 1283 | packet_disconnect("ROOT LOGIN REFUSED FROM %.200s", | ||
| 1284 | get_canonical_hostname()); | ||
| 1285 | } | ||
| 1286 | /* The user has been authenticated and accepted. */ | 1278 | /* The user has been authenticated and accepted. */ |
| 1287 | #ifdef WITH_AIXAUTHENTICATE | 1279 | #ifdef WITH_AIXAUTHENTICATE |
| 1288 | loginsuccess(user,get_canonical_hostname(),"ssh",&loginmsg); | 1280 | loginsuccess(user,get_canonical_hostname(),"ssh",&loginmsg); |
| @@ -1525,6 +1517,21 @@ do_authloop(struct passwd * pw) | |||
| 1525 | break; | 1517 | break; |
| 1526 | } | 1518 | } |
| 1527 | 1519 | ||
| 1520 | /* | ||
| 1521 | * Check if the user is logging in as root and root logins | ||
| 1522 | * are disallowed. | ||
| 1523 | * Note that root login is allowed for forced commands. | ||
| 1524 | */ | ||
| 1525 | if (authenticated && pw->pw_uid == 0 && !options.permit_root_login) { | ||
| 1526 | if (forced_command) { | ||
| 1527 | log("Root login accepted for forced command."); | ||
| 1528 | } else { | ||
| 1529 | authenticated = 0; | ||
| 1530 | log("ROOT LOGIN REFUSED FROM %.200s", | ||
| 1531 | get_canonical_hostname()); | ||
| 1532 | } | ||
| 1533 | } | ||
| 1534 | |||
| 1528 | /* Raise logging level */ | 1535 | /* Raise logging level */ |
| 1529 | if (authenticated || | 1536 | if (authenticated || |
| 1530 | attempt == AUTH_FAIL_LOG || | 1537 | attempt == AUTH_FAIL_LOG || |