summaryrefslogtreecommitdiff
path: root/auth.c
diff options
context:
space:
mode:
Diffstat (limited to 'auth.c')
-rw-r--r--auth.c42
1 files changed, 10 insertions, 32 deletions
diff --git a/auth.c b/auth.c
index 6d999221c..0956b0b19 100644
--- a/auth.c
+++ b/auth.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: auth.c,v 1.51 2003/11/21 11:57:02 djm Exp $"); 26RCSID("$OpenBSD: auth.c,v 1.56 2004/07/28 09:40:29 markus Exp $");
27 27
28#ifdef HAVE_LOGIN_H 28#ifdef HAVE_LOGIN_H
29#include <login.h> 29#include <login.h>
@@ -47,7 +47,6 @@ RCSID("$OpenBSD: auth.c,v 1.51 2003/11/21 11:57:02 djm Exp $");
47#include "buffer.h" 47#include "buffer.h"
48#include "bufaux.h" 48#include "bufaux.h"
49#include "uidswap.h" 49#include "uidswap.h"
50#include "tildexpand.h"
51#include "misc.h" 50#include "misc.h"
52#include "bufaux.h" 51#include "bufaux.h"
53#include "packet.h" 52#include "packet.h"
@@ -204,31 +203,10 @@ allowed_user(struct passwd * pw)
204 ga_free(); 203 ga_free();
205 } 204 }
206 205
207#ifdef WITH_AIXAUTHENTICATE 206#ifdef CUSTOM_SYS_AUTH_ALLOWED_USER
208 /* 207 if (!sys_auth_allowed_user(pw))
209 * Don't check loginrestrictions() for root account (use 208 return 0;
210 * PermitRootLogin to control logins via ssh), or if running as 209#endif
211 * non-root user (since loginrestrictions will always fail).
212 */
213 if ((pw->pw_uid != 0) && (geteuid() == 0)) {
214 char *msg;
215
216 if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &msg) != 0) {
217 int loginrestrict_errno = errno;
218
219 if (msg && *msg) {
220 buffer_append(&loginmsg, msg, strlen(msg));
221 aix_remove_embedded_newlines(msg);
222 logit("Login restricted for %s: %.100s",
223 pw->pw_name, msg);
224 }
225 /* Don't fail if /etc/nologin set */
226 if (!(loginrestrict_errno == EPERM &&
227 stat(_PATH_NOLOGIN, &st) == 0))
228 return 0;
229 }
230 }
231#endif /* WITH_AIXAUTHENTICATE */
232 210
233 /* We found no reason not to let this user try to log on... */ 211 /* We found no reason not to let this user try to log on... */
234 return 1; 212 return 1;
@@ -243,7 +221,7 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info)
243 /* Raise logging level */ 221 /* Raise logging level */
244 if (authenticated == 1 || 222 if (authenticated == 1 ||
245 !authctxt->valid || 223 !authctxt->valid ||
246 authctxt->failures >= AUTH_FAIL_LOG || 224 authctxt->failures >= options.max_authtries / 2 ||
247 strcmp(method, "password") == 0) 225 strcmp(method, "password") == 0)
248 authlog = logit; 226 authlog = logit;
249 227
@@ -255,7 +233,7 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info)
255 authlog("%s %s for %s%.100s from %.200s port %d%s", 233 authlog("%s %s for %s%.100s from %.200s port %d%s",
256 authmsg, 234 authmsg,
257 method, 235 method,
258 authctxt->valid ? "" : "illegal user ", 236 authctxt->valid ? "" : "invalid user ",
259 authctxt->user, 237 authctxt->user,
260 get_remote_ipaddr(), 238 get_remote_ipaddr(),
261 get_remote_port(), 239 get_remote_port(),
@@ -484,7 +462,7 @@ getpwnamallow(const char *user)
484 462
485 pw = getpwnam(user); 463 pw = getpwnam(user);
486 if (pw == NULL) { 464 if (pw == NULL) {
487 logit("Illegal user %.100s from %.100s", 465 logit("Invalid user %.100s from %.100s",
488 user, get_remote_ipaddr()); 466 user, get_remote_ipaddr());
489#ifdef CUSTOM_FAILED_LOGIN 467#ifdef CUSTOM_FAILED_LOGIN
490 record_failed_login(user, "ssh"); 468 record_failed_login(user, "ssh");
@@ -563,8 +541,8 @@ fakepw(void)
563 fake.pw_passwd = 541 fake.pw_passwd =
564 "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK"; 542 "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK";
565 fake.pw_gecos = "NOUSER"; 543 fake.pw_gecos = "NOUSER";
566 fake.pw_uid = -1; 544 fake.pw_uid = (uid_t)-1;
567 fake.pw_gid = -1; 545 fake.pw_gid = (gid_t)-1;
568#ifdef HAVE_PW_CLASS_IN_PASSWD 546#ifdef HAVE_PW_CLASS_IN_PASSWD
569 fake.pw_class = ""; 547 fake.pw_class = "";
570#endif 548#endif
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-18 04:44:10 +0000