diff options
author | Damien Miller <djm@mindrot.org> | 2002-03-13 12:47:54 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2002-03-13 12:47:54 +1100 |
commit | 646e7cf3d7e7d4231c2d97d27c09fe5fe1d749e2 (patch) | |
tree | a693368c47d2d044514878fbb1516f87b487f78b /auth1.c | |
parent | 29bdd2c9bca2737e7a246ed50fd827a6ccba0c61 (diff) |
Import of Niels Provos' 20020312 ssh-complete.diff
PAM, Cygwin and OSF SIA will not work for sure
Diffstat (limited to 'auth1.c')
-rw-r--r-- | auth1.c | 30 |
1 files changed, 22 insertions, 8 deletions
@@ -26,8 +26,13 @@ RCSID("$OpenBSD: auth1.c,v 1.35 2002/02/03 17:53:25 markus Exp $"); | |||
26 | #include "session.h" | 26 | #include "session.h" |
27 | #include "misc.h" | 27 | #include "misc.h" |
28 | #include "uidswap.h" | 28 | #include "uidswap.h" |
29 | #include "monitor.h" | ||
30 | #include "monitor_wrap.h" | ||
29 | 31 | ||
30 | /* import */ | 32 | /* import */ |
33 | extern int use_privsep; | ||
34 | extern int mm_recvfd; | ||
35 | |||
31 | extern ServerOptions options; | 36 | extern ServerOptions options; |
32 | 37 | ||
33 | /* | 38 | /* |
@@ -355,12 +360,13 @@ do_authloop(Authctxt *authctxt) | |||
355 | * Performs authentication of an incoming connection. Session key has already | 360 | * Performs authentication of an incoming connection. Session key has already |
356 | * been exchanged and encryption is enabled. | 361 | * been exchanged and encryption is enabled. |
357 | */ | 362 | */ |
358 | void | 363 | Authctxt * |
359 | do_authentication(void) | 364 | do_authentication(void) |
360 | { | 365 | { |
361 | Authctxt *authctxt; | 366 | Authctxt *authctxt; |
362 | struct passwd *pw; | 367 | struct passwd *pw = NULL, *pwent; |
363 | u_int ulen; | 368 | u_int ulen; |
369 | int allowed; | ||
364 | char *p, *user, *style = NULL; | 370 | char *p, *user, *style = NULL; |
365 | 371 | ||
366 | /* Get the name of the user that we wish to log in as. */ | 372 | /* Get the name of the user that we wish to log in as. */ |
@@ -382,17 +388,26 @@ do_authentication(void) | |||
382 | authctxt->style = style; | 388 | authctxt->style = style; |
383 | 389 | ||
384 | /* Verify that the user is a valid user. */ | 390 | /* Verify that the user is a valid user. */ |
385 | pw = getpwnam(user); | 391 | if (!use_privsep) { |
386 | if (pw && allowed_user(pw)) { | 392 | pwent = getpwnam(user); |
393 | allowed = pwent ? allowed_user(pwent) : 0; | ||
394 | } else | ||
395 | pwent = mm_getpwnamallow(mm_recvfd, user, &allowed); | ||
396 | if (pwent && allowed) { | ||
387 | authctxt->valid = 1; | 397 | authctxt->valid = 1; |
388 | pw = pwcopy(pw); | 398 | pw = pwcopy(pwent); |
389 | } else { | 399 | } else { |
390 | debug("do_authentication: illegal user %s", user); | 400 | debug("do_authentication: illegal user %s", user); |
391 | pw = NULL; | 401 | pw = NULL; |
392 | } | 402 | } |
403 | /* Free memory */ | ||
404 | if (use_privsep) | ||
405 | pwfree(pwent); | ||
406 | |||
393 | authctxt->pw = pw; | 407 | authctxt->pw = pw; |
394 | 408 | ||
395 | setproctitle("%s", pw ? user : "unknown"); | 409 | setproctitle("%s%s", use_privsep ? " [net]" : "", |
410 | pw ? user : "unknown"); | ||
396 | 411 | ||
397 | #ifdef USE_PAM | 412 | #ifdef USE_PAM |
398 | start_pam(pw == NULL ? "NOUSER" : user); | 413 | start_pam(pw == NULL ? "NOUSER" : user); |
@@ -418,6 +433,5 @@ do_authentication(void) | |||
418 | packet_send(); | 433 | packet_send(); |
419 | packet_write_wait(); | 434 | packet_write_wait(); |
420 | 435 | ||
421 | /* Perform session preparation. */ | 436 | return (authctxt); |
422 | do_authenticated(authctxt); | ||
423 | } | 437 | } |