summaryrefslogtreecommitdiff
path: root/auth1.c
diff options
context:
space:
mode:
Diffstat (limited to 'auth1.c')
-rw-r--r--auth1.c25
1 files changed, 15 insertions, 10 deletions
diff --git a/auth1.c b/auth1.c
index 4c295215f..ca288958e 100644
--- a/auth1.c
+++ b/auth1.c
@@ -10,7 +10,7 @@
10 */ 10 */
11 11
12#include "includes.h" 12#include "includes.h"
13RCSID("$OpenBSD: auth1.c,v 1.37 2002/03/18 01:12:14 provos Exp $"); 13RCSID("$OpenBSD: auth1.c,v 1.38 2002/03/18 17:50:31 provos Exp $");
14 14
15#include "xmalloc.h" 15#include "xmalloc.h"
16#include "rsa.h" 16#include "rsa.h"
@@ -26,6 +26,7 @@ RCSID("$OpenBSD: auth1.c,v 1.37 2002/03/18 01:12:14 provos Exp $");
26#include "session.h" 26#include "session.h"
27#include "misc.h" 27#include "misc.h"
28#include "uidswap.h" 28#include "uidswap.h"
29#include "monitor_wrap.h"
29 30
30/* import */ 31/* import */
31extern ServerOptions options; 32extern ServerOptions options;
@@ -89,7 +90,7 @@ do_authloop(Authctxt *authctxt)
89#elif defined(HAVE_OSF_SIA) 90#elif defined(HAVE_OSF_SIA)
90 0) { 91 0) {
91#else 92#else
92 auth_password(authctxt, "")) { 93 PRIVSEP(auth_password(authctxt, ""))) {
93#endif 94#endif
94 auth_log(authctxt, 1, "without authentication", ""); 95 auth_log(authctxt, 1, "without authentication", "");
95 return; 96 return;
@@ -253,9 +254,8 @@ do_authloop(Authctxt *authctxt)
253 /* Do SIA auth with password */ 254 /* Do SIA auth with password */
254 authenticated = auth_sia_password(authctxt->user, 255 authenticated = auth_sia_password(authctxt->user,
255 password); 256 password);
256#else /* !USE_PAM && !HAVE_OSF_SIA */
257 /* Try authentication with the password. */ 257 /* Try authentication with the password. */
258 authenticated = auth_password(authctxt, password); 258 authenticated = PRIVSEP(auth_password(authctxt, password));
259#endif /* USE_PAM */ 259#endif /* USE_PAM */
260 260
261 memset(password, 0, strlen(password)); 261 memset(password, 0, strlen(password));
@@ -359,7 +359,7 @@ Authctxt *
359do_authentication(void) 359do_authentication(void)
360{ 360{
361 Authctxt *authctxt; 361 Authctxt *authctxt;
362 struct passwd *pw; 362 struct passwd *pw = NULL, *pwent;
363 u_int ulen; 363 u_int ulen;
364 char *p, *user, *style = NULL; 364 char *p, *user, *style = NULL;
365 365
@@ -382,17 +382,22 @@ do_authentication(void)
382 authctxt->style = style; 382 authctxt->style = style;
383 383
384 /* Verify that the user is a valid user. */ 384 /* Verify that the user is a valid user. */
385 pw = getpwnamallow(user); 385 pwent = PRIVSEP(getpwnamallow(user));
386 if (pw) { 386 if (pwent) {
387 authctxt->valid = 1; 387 authctxt->valid = 1;
388 pw = pwcopy(pw); 388 pw = pwcopy(pwent);
389 } else { 389 } else {
390 debug("do_authentication: illegal user %s", user); 390 debug("do_authentication: illegal user %s", user);
391 pw = NULL; 391 pw = NULL;
392 } 392 }
393 /* Free memory */
394 if (use_privsep && pwent != NULL)
395 pwfree(pwent);
396
393 authctxt->pw = pw; 397 authctxt->pw = pw;
394 398
395 setproctitle("%s", pw ? user : "unknown"); 399 setproctitle("%s%s", pw ? user : "unknown",
400 use_privsep ? " [net]" : "");
396 401
397#ifdef USE_PAM 402#ifdef USE_PAM
398 start_pam(pw == NULL ? "NOUSER" : user); 403 start_pam(pw == NULL ? "NOUSER" : user);
@@ -403,7 +408,7 @@ do_authentication(void)
403 * the server. (Unless you are running Windows) 408 * the server. (Unless you are running Windows)
404 */ 409 */
405#ifndef HAVE_CYGWIN 410#ifndef HAVE_CYGWIN
406 if (getuid() != 0 && pw && pw->pw_uid != getuid()) 411 if (!use_privsep && getuid() != 0 && pw && pw->pw_uid != getuid())
407 packet_disconnect("Cannot change user when server not running as root."); 412 packet_disconnect("Cannot change user when server not running as root.");
408#endif 413#endif
409 414
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-08 09:09:38 +0000