diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2002-03-22 01:35:47 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2002-03-22 01:35:47 +0000 |
commit | b481e1323e305a0de4934b3341b4f0d5fe759cea (patch) | |
tree | 3771e9dc6c3a14c042cbdbcd670c1a197c0800ec | |
parent | abf314406499e53661079f4cb25a74ef1f0a2182 (diff) |
- provos@cvs.openbsd.org 2002/03/18 03:41:08
[auth.c session.c]
move auth_approval into getpwnamallow with help from millert@
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | auth.c | 26 | ||||
-rw-r--r-- | session.c | 16 |
3 files changed, 29 insertions, 18 deletions
@@ -41,6 +41,9 @@ | |||
41 | [auth-krb4.c] | 41 | [auth-krb4.c] |
42 | set client to NULL after xfree(), from Rolf Braun | 42 | set client to NULL after xfree(), from Rolf Braun |
43 | <rbraun+ssh@andrew.cmu.edu> | 43 | <rbraun+ssh@andrew.cmu.edu> |
44 | - provos@cvs.openbsd.org 2002/03/18 03:41:08 | ||
45 | [auth.c session.c] | ||
46 | move auth_approval into getpwnamallow with help from millert@ | ||
44 | 47 | ||
45 | 20020317 | 48 | 20020317 |
46 | - (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is wanted, | 49 | - (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is wanted, |
@@ -7887,4 +7890,4 @@ | |||
7887 | - Wrote replacements for strlcpy and mkdtemp | 7890 | - Wrote replacements for strlcpy and mkdtemp |
7888 | - Released 1.0pre1 | 7891 | - Released 1.0pre1 |
7889 | 7892 | ||
7890 | $Id: ChangeLog,v 1.1936 2002/03/22 01:30:40 mouring Exp $ | 7893 | $Id: ChangeLog,v 1.1937 2002/03/22 01:35:47 mouring Exp $ |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: auth.c,v 1.37 2002/03/17 20:25:56 provos Exp $"); | 26 | RCSID("$OpenBSD: auth.c,v 1.38 2002/03/18 03:41:08 provos Exp $"); |
27 | 27 | ||
28 | #ifdef HAVE_LOGIN_H | 28 | #ifdef HAVE_LOGIN_H |
29 | #include <login.h> | 29 | #include <login.h> |
@@ -443,11 +443,31 @@ secure_filename(FILE *f, const char *file, struct passwd *pw, | |||
443 | struct passwd * | 443 | struct passwd * |
444 | getpwnamallow(const char *user) | 444 | getpwnamallow(const char *user) |
445 | { | 445 | { |
446 | #ifdef HAVE_LOGIN_CAP | ||
447 | extern login_cap_t *lc; | ||
448 | #ifdef BSD_AUTH | ||
449 | auth_session_t *as; | ||
450 | #endif | ||
451 | #endif | ||
446 | struct passwd *pw; | 452 | struct passwd *pw; |
447 | 453 | ||
448 | pw = getpwnam(user); | 454 | pw = getpwnam(user); |
449 | if (pw != NULL && !allowed_user(pw)) | 455 | if (pw == NULL || !allowed_user(pw)) |
456 | return (NULL); | ||
457 | #ifdef HAVE_LOGIN_CAP | ||
458 | if ((lc = login_getclass(pw->pw_class)) == NULL) { | ||
459 | debug("unable to get login class: %s", user); | ||
460 | return (NULL); | ||
461 | } | ||
462 | #ifdef BSD_AUTH | ||
463 | if ((as = auth_open()) == NULL || auth_setpwd(as, pw) != 0 || | ||
464 | auth_approval(NULL, lc, pw->pw_name, "ssh") <= 0) { | ||
465 | debug("Approval failure for %s", user); | ||
450 | pw = NULL; | 466 | pw = NULL; |
451 | 467 | } | |
468 | if (as != NULL) | ||
469 | auth_close(as); | ||
470 | #endif | ||
471 | #endif | ||
452 | return (pw); | 472 | return (pw); |
453 | } | 473 | } |
@@ -33,7 +33,7 @@ | |||
33 | */ | 33 | */ |
34 | 34 | ||
35 | #include "includes.h" | 35 | #include "includes.h" |
36 | RCSID("$OpenBSD: session.c,v 1.128 2002/02/16 00:51:44 markus Exp $"); | 36 | RCSID("$OpenBSD: session.c,v 1.129 2002/03/18 03:41:08 provos Exp $"); |
37 | 37 | ||
38 | #include "ssh.h" | 38 | #include "ssh.h" |
39 | #include "ssh1.h" | 39 | #include "ssh1.h" |
@@ -136,7 +136,7 @@ char *aixloginmsg; | |||
136 | #endif /* WITH_AIXAUTHENTICATE */ | 136 | #endif /* WITH_AIXAUTHENTICATE */ |
137 | 137 | ||
138 | #ifdef HAVE_LOGIN_CAP | 138 | #ifdef HAVE_LOGIN_CAP |
139 | static login_cap_t *lc; | 139 | login_cap_t *lc; |
140 | #endif | 140 | #endif |
141 | 141 | ||
142 | void | 142 | void |
@@ -151,18 +151,6 @@ do_authenticated(Authctxt *authctxt) | |||
151 | close(startup_pipe); | 151 | close(startup_pipe); |
152 | startup_pipe = -1; | 152 | startup_pipe = -1; |
153 | } | 153 | } |
154 | #if defined(HAVE_LOGIN_CAP) && defined(HAVE_PW_CLASS_IN_PASSWD) | ||
155 | if ((lc = login_getclass(authctxt->pw->pw_class)) == NULL) { | ||
156 | error("unable to get login class"); | ||
157 | return; | ||
158 | } | ||
159 | #ifdef BSD_AUTH | ||
160 | if (auth_approval(NULL, lc, authctxt->pw->pw_name, "ssh") <= 0) { | ||
161 | packet_disconnect("Approval failure for %s", | ||
162 | authctxt->pw->pw_name); | ||
163 | } | ||
164 | #endif | ||
165 | #endif | ||
166 | #ifdef WITH_AIXAUTHENTICATE | 154 | #ifdef WITH_AIXAUTHENTICATE |
167 | /* We don't have a pty yet, so just label the line as "ssh" */ | 155 | /* We don't have a pty yet, so just label the line as "ssh" */ |
168 | if (loginsuccess(authctxt->user, | 156 | if (loginsuccess(authctxt->user, |