diff options
Diffstat (limited to 'auth1.c')
-rw-r--r-- | auth1.c | 25 |
1 files changed, 15 insertions, 10 deletions
@@ -10,7 +10,7 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include "includes.h" | 12 | #include "includes.h" |
13 | RCSID("$OpenBSD: auth1.c,v 1.37 2002/03/18 01:12:14 provos Exp $"); | 13 | RCSID("$OpenBSD: auth1.c,v 1.38 2002/03/18 17:50:31 provos Exp $"); |
14 | 14 | ||
15 | #include "xmalloc.h" | 15 | #include "xmalloc.h" |
16 | #include "rsa.h" | 16 | #include "rsa.h" |
@@ -26,6 +26,7 @@ RCSID("$OpenBSD: auth1.c,v 1.37 2002/03/18 01:12:14 provos Exp $"); | |||
26 | #include "session.h" | 26 | #include "session.h" |
27 | #include "misc.h" | 27 | #include "misc.h" |
28 | #include "uidswap.h" | 28 | #include "uidswap.h" |
29 | #include "monitor_wrap.h" | ||
29 | 30 | ||
30 | /* import */ | 31 | /* import */ |
31 | extern ServerOptions options; | 32 | extern ServerOptions options; |
@@ -89,7 +90,7 @@ do_authloop(Authctxt *authctxt) | |||
89 | #elif defined(HAVE_OSF_SIA) | 90 | #elif defined(HAVE_OSF_SIA) |
90 | 0) { | 91 | 0) { |
91 | #else | 92 | #else |
92 | auth_password(authctxt, "")) { | 93 | PRIVSEP(auth_password(authctxt, ""))) { |
93 | #endif | 94 | #endif |
94 | auth_log(authctxt, 1, "without authentication", ""); | 95 | auth_log(authctxt, 1, "without authentication", ""); |
95 | return; | 96 | return; |
@@ -253,9 +254,8 @@ do_authloop(Authctxt *authctxt) | |||
253 | /* Do SIA auth with password */ | 254 | /* Do SIA auth with password */ |
254 | authenticated = auth_sia_password(authctxt->user, | 255 | authenticated = auth_sia_password(authctxt->user, |
255 | password); | 256 | password); |
256 | #else /* !USE_PAM && !HAVE_OSF_SIA */ | ||
257 | /* Try authentication with the password. */ | 257 | /* Try authentication with the password. */ |
258 | authenticated = auth_password(authctxt, password); | 258 | authenticated = PRIVSEP(auth_password(authctxt, password)); |
259 | #endif /* USE_PAM */ | 259 | #endif /* USE_PAM */ |
260 | 260 | ||
261 | memset(password, 0, strlen(password)); | 261 | memset(password, 0, strlen(password)); |
@@ -359,7 +359,7 @@ Authctxt * | |||
359 | do_authentication(void) | 359 | do_authentication(void) |
360 | { | 360 | { |
361 | Authctxt *authctxt; | 361 | Authctxt *authctxt; |
362 | struct passwd *pw; | 362 | struct passwd *pw = NULL, *pwent; |
363 | u_int ulen; | 363 | u_int ulen; |
364 | char *p, *user, *style = NULL; | 364 | char *p, *user, *style = NULL; |
365 | 365 | ||
@@ -382,17 +382,22 @@ do_authentication(void) | |||
382 | authctxt->style = style; | 382 | authctxt->style = style; |
383 | 383 | ||
384 | /* Verify that the user is a valid user. */ | 384 | /* Verify that the user is a valid user. */ |
385 | pw = getpwnamallow(user); | 385 | pwent = PRIVSEP(getpwnamallow(user)); |
386 | if (pw) { | 386 | if (pwent) { |
387 | authctxt->valid = 1; | 387 | authctxt->valid = 1; |
388 | pw = pwcopy(pw); | 388 | pw = pwcopy(pwent); |
389 | } else { | 389 | } else { |
390 | debug("do_authentication: illegal user %s", user); | 390 | debug("do_authentication: illegal user %s", user); |
391 | pw = NULL; | 391 | pw = NULL; |
392 | } | 392 | } |
393 | /* Free memory */ | ||
394 | if (use_privsep && pwent != NULL) | ||
395 | pwfree(pwent); | ||
396 | |||
393 | authctxt->pw = pw; | 397 | authctxt->pw = pw; |
394 | 398 | ||
395 | setproctitle("%s", pw ? user : "unknown"); | 399 | setproctitle("%s%s", pw ? user : "unknown", |
400 | use_privsep ? " [net]" : ""); | ||
396 | 401 | ||
397 | #ifdef USE_PAM | 402 | #ifdef USE_PAM |
398 | start_pam(pw == NULL ? "NOUSER" : user); | 403 | start_pam(pw == NULL ? "NOUSER" : user); |
@@ -403,7 +408,7 @@ do_authentication(void) | |||
403 | * the server. (Unless you are running Windows) | 408 | * the server. (Unless you are running Windows) |
404 | */ | 409 | */ |
405 | #ifndef HAVE_CYGWIN | 410 | #ifndef HAVE_CYGWIN |
406 | if (getuid() != 0 && pw && pw->pw_uid != getuid()) | 411 | if (!use_privsep && getuid() != 0 && pw && pw->pw_uid != getuid()) |
407 | packet_disconnect("Cannot change user when server not running as root."); | 412 | packet_disconnect("Cannot change user when server not running as root."); |
408 | #endif | 413 | #endif |
409 | 414 | ||