diff options
Diffstat (limited to 'auth1.c')
| -rw-r--r-- | auth1.c | 30 |
1 files changed, 22 insertions, 8 deletions
| @@ -26,8 +26,13 @@ RCSID("$OpenBSD: auth1.c,v 1.35 2002/02/03 17:53:25 markus Exp $"); | |||
| 26 | #include "session.h" | 26 | #include "session.h" |
| 27 | #include "misc.h" | 27 | #include "misc.h" |
| 28 | #include "uidswap.h" | 28 | #include "uidswap.h" |
| 29 | #include "monitor.h" | ||
| 30 | #include "monitor_wrap.h" | ||
| 29 | 31 | ||
| 30 | /* import */ | 32 | /* import */ |
| 33 | extern int use_privsep; | ||
| 34 | extern int mm_recvfd; | ||
| 35 | |||
| 31 | extern ServerOptions options; | 36 | extern ServerOptions options; |
| 32 | 37 | ||
| 33 | /* | 38 | /* |
| @@ -355,12 +360,13 @@ do_authloop(Authctxt *authctxt) | |||
| 355 | * Performs authentication of an incoming connection. Session key has already | 360 | * Performs authentication of an incoming connection. Session key has already |
| 356 | * been exchanged and encryption is enabled. | 361 | * been exchanged and encryption is enabled. |
| 357 | */ | 362 | */ |
| 358 | void | 363 | Authctxt * |
| 359 | do_authentication(void) | 364 | do_authentication(void) |
| 360 | { | 365 | { |
| 361 | Authctxt *authctxt; | 366 | Authctxt *authctxt; |
| 362 | struct passwd *pw; | 367 | struct passwd *pw = NULL, *pwent; |
| 363 | u_int ulen; | 368 | u_int ulen; |
| 369 | int allowed; | ||
| 364 | char *p, *user, *style = NULL; | 370 | char *p, *user, *style = NULL; |
| 365 | 371 | ||
| 366 | /* Get the name of the user that we wish to log in as. */ | 372 | /* Get the name of the user that we wish to log in as. */ |
| @@ -382,17 +388,26 @@ do_authentication(void) | |||
| 382 | authctxt->style = style; | 388 | authctxt->style = style; |
| 383 | 389 | ||
| 384 | /* Verify that the user is a valid user. */ | 390 | /* Verify that the user is a valid user. */ |
| 385 | pw = getpwnam(user); | 391 | if (!use_privsep) { |
| 386 | if (pw && allowed_user(pw)) { | 392 | pwent = getpwnam(user); |
| 393 | allowed = pwent ? allowed_user(pwent) : 0; | ||
| 394 | } else | ||
| 395 | pwent = mm_getpwnamallow(mm_recvfd, user, &allowed); | ||
| 396 | if (pwent && allowed) { | ||
| 387 | authctxt->valid = 1; | 397 | authctxt->valid = 1; |
| 388 | pw = pwcopy(pw); | 398 | pw = pwcopy(pwent); |
| 389 | } else { | 399 | } else { |
| 390 | debug("do_authentication: illegal user %s", user); | 400 | debug("do_authentication: illegal user %s", user); |
| 391 | pw = NULL; | 401 | pw = NULL; |
| 392 | } | 402 | } |
| 403 | /* Free memory */ | ||
| 404 | if (use_privsep) | ||
| 405 | pwfree(pwent); | ||
| 406 | |||
| 393 | authctxt->pw = pw; | 407 | authctxt->pw = pw; |
| 394 | 408 | ||
| 395 | setproctitle("%s", pw ? user : "unknown"); | 409 | setproctitle("%s%s", use_privsep ? " [net]" : "", |
| 410 | pw ? user : "unknown"); | ||
| 396 | 411 | ||
| 397 | #ifdef USE_PAM | 412 | #ifdef USE_PAM |
| 398 | start_pam(pw == NULL ? "NOUSER" : user); | 413 | start_pam(pw == NULL ? "NOUSER" : user); |
| @@ -418,6 +433,5 @@ do_authentication(void) | |||
| 418 | packet_send(); | 433 | packet_send(); |
| 419 | packet_write_wait(); | 434 | packet_write_wait(); |
| 420 | 435 | ||
| 421 | /* Perform session preparation. */ | 436 | return (authctxt); |
| 422 | do_authenticated(authctxt); | ||
| 423 | } | 437 | } |