summaryrefslogtreecommitdiff
path: root/auth.c
diff options
context:
space:
mode:
Diffstat (limited to 'auth.c')
-rw-r--r--auth.c30
1 files changed, 15 insertions, 15 deletions
diff --git a/auth.c b/auth.c
index 1268accb1..514b0b456 100644
--- a/auth.c
+++ b/auth.c
@@ -102,19 +102,19 @@ allowed_user(struct passwd * pw)
102 * day after the day specified. 102 * day after the day specified.
103 */ 103 */
104 if (spw->sp_expire != -1 && today > spw->sp_expire) { 104 if (spw->sp_expire != -1 && today > spw->sp_expire) {
105 log("Account %.100s has expired", pw->pw_name); 105 logit("Account %.100s has expired", pw->pw_name);
106 return 0; 106 return 0;
107 } 107 }
108 108
109 if (spw->sp_lstchg == 0) { 109 if (spw->sp_lstchg == 0) {
110 log("User %.100s password has expired (root forced)", 110 logit("User %.100s password has expired (root forced)",
111 pw->pw_name); 111 pw->pw_name);
112 return 0; 112 return 0;
113 } 113 }
114 114
115 if (spw->sp_max != -1 && 115 if (spw->sp_max != -1 &&
116 today > spw->sp_lstchg + spw->sp_max) { 116 today > spw->sp_lstchg + spw->sp_max) {
117 log("User %.100s password has expired (password aged)", 117 logit("User %.100s password has expired (password aged)",
118 pw->pw_name); 118 pw->pw_name);
119 return 0; 119 return 0;
120 } 120 }
@@ -129,13 +129,13 @@ allowed_user(struct passwd * pw)
129 129
130 /* deny if shell does not exists or is not executable */ 130 /* deny if shell does not exists or is not executable */
131 if (stat(shell, &st) != 0) { 131 if (stat(shell, &st) != 0) {
132 log("User %.100s not allowed because shell %.100s does not exist", 132 logit("User %.100s not allowed because shell %.100s does not exist",
133 pw->pw_name, shell); 133 pw->pw_name, shell);
134 return 0; 134 return 0;
135 } 135 }
136 if (S_ISREG(st.st_mode) == 0 || 136 if (S_ISREG(st.st_mode) == 0 ||
137 (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) { 137 (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) {
138 log("User %.100s not allowed because shell %.100s is not executable", 138 logit("User %.100s not allowed because shell %.100s is not executable",
139 pw->pw_name, shell); 139 pw->pw_name, shell);
140 return 0; 140 return 0;
141 } 141 }
@@ -150,7 +150,7 @@ allowed_user(struct passwd * pw)
150 for (i = 0; i < options.num_deny_users; i++) 150 for (i = 0; i < options.num_deny_users; i++)
151 if (match_user(pw->pw_name, hostname, ipaddr, 151 if (match_user(pw->pw_name, hostname, ipaddr,
152 options.deny_users[i])) { 152 options.deny_users[i])) {
153 log("User %.100s not allowed because listed in DenyUsers", 153 logit("User %.100s not allowed because listed in DenyUsers",
154 pw->pw_name); 154 pw->pw_name);
155 return 0; 155 return 0;
156 } 156 }
@@ -163,7 +163,7 @@ allowed_user(struct passwd * pw)
163 break; 163 break;
164 /* i < options.num_allow_users iff we break for loop */ 164 /* i < options.num_allow_users iff we break for loop */
165 if (i >= options.num_allow_users) { 165 if (i >= options.num_allow_users) {
166 log("User %.100s not allowed because not listed in AllowUsers", 166 logit("User %.100s not allowed because not listed in AllowUsers",
167 pw->pw_name); 167 pw->pw_name);
168 return 0; 168 return 0;
169 } 169 }
@@ -171,7 +171,7 @@ allowed_user(struct passwd * pw)
171 if (options.num_deny_groups > 0 || options.num_allow_groups > 0) { 171 if (options.num_deny_groups > 0 || options.num_allow_groups > 0) {
172 /* Get the user's group access list (primary and supplementary) */ 172 /* Get the user's group access list (primary and supplementary) */
173 if (ga_init(pw->pw_name, pw->pw_gid) == 0) { 173 if (ga_init(pw->pw_name, pw->pw_gid) == 0) {
174 log("User %.100s not allowed because not in any group", 174 logit("User %.100s not allowed because not in any group",
175 pw->pw_name); 175 pw->pw_name);
176 return 0; 176 return 0;
177 } 177 }
@@ -181,7 +181,7 @@ allowed_user(struct passwd * pw)
181 if (ga_match(options.deny_groups, 181 if (ga_match(options.deny_groups,
182 options.num_deny_groups)) { 182 options.num_deny_groups)) {
183 ga_free(); 183 ga_free();
184 log("User %.100s not allowed because a group is listed in DenyGroups", 184 logit("User %.100s not allowed because a group is listed in DenyGroups",
185 pw->pw_name); 185 pw->pw_name);
186 return 0; 186 return 0;
187 } 187 }
@@ -193,7 +193,7 @@ allowed_user(struct passwd * pw)
193 if (!ga_match(options.allow_groups, 193 if (!ga_match(options.allow_groups,
194 options.num_allow_groups)) { 194 options.num_allow_groups)) {
195 ga_free(); 195 ga_free();
196 log("User %.100s not allowed because none of user's groups are listed in AllowGroups", 196 logit("User %.100s not allowed because none of user's groups are listed in AllowGroups",
197 pw->pw_name); 197 pw->pw_name);
198 return 0; 198 return 0;
199 } 199 }
@@ -219,7 +219,7 @@ allowed_user(struct passwd * pw)
219 } 219 }
220 /* Remove trailing newline */ 220 /* Remove trailing newline */
221 *--p = '\0'; 221 *--p = '\0';
222 log("Login restricted for %s: %.100s", pw->pw_name, 222 logit("Login restricted for %s: %.100s", pw->pw_name,
223 loginmsg); 223 loginmsg);
224 } 224 }
225 /* Don't fail if /etc/nologin set */ 225 /* Don't fail if /etc/nologin set */
@@ -293,12 +293,12 @@ auth_root_allowed(char *method)
293 break; 293 break;
294 case PERMIT_FORCED_ONLY: 294 case PERMIT_FORCED_ONLY:
295 if (forced_command) { 295 if (forced_command) {
296 log("Root login accepted for forced command."); 296 logit("Root login accepted for forced command.");
297 return 1; 297 return 1;
298 } 298 }
299 break; 299 break;
300 } 300 }
301 log("ROOT LOGIN REFUSED FROM %.200s", get_remote_ipaddr()); 301 logit("ROOT LOGIN REFUSED FROM %.200s", get_remote_ipaddr());
302 return 0; 302 return 0;
303} 303}
304 304
@@ -390,7 +390,7 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,
390 (stat(user_hostfile, &st) == 0) && 390 (stat(user_hostfile, &st) == 0) &&
391 ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || 391 ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
392 (st.st_mode & 022) != 0)) { 392 (st.st_mode & 022) != 0)) {
393 log("Authentication refused for %.100s: " 393 logit("Authentication refused for %.100s: "
394 "bad owner or modes for %.200s", 394 "bad owner or modes for %.200s",
395 pw->pw_name, user_hostfile); 395 pw->pw_name, user_hostfile);
396 } else { 396 } else {
@@ -494,7 +494,7 @@ getpwnamallow(const char *user)
494 494
495 pw = getpwnam(user); 495 pw = getpwnam(user);
496 if (pw == NULL) { 496 if (pw == NULL) {
497 log("Illegal user %.100s from %.100s", 497 logit("Illegal user %.100s from %.100s",
498 user, get_remote_ipaddr()); 498 user, get_remote_ipaddr());
499#ifdef WITH_AIXAUTHENTICATE 499#ifdef WITH_AIXAUTHENTICATE
500 loginfailed(user, 500 loginfailed(user,