*/
#include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.95 2002/08/22 21:33:58 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.96 2003/02/06 21:22:43 markus Exp $");
#include "ssh2.h"
#include "ssh1.h"
authctxt->style = style ? xstrdup(style) : NULL;
if (use_privsep && (authctxt->attempt == 1))
mm_inform_authserv(service, style);
+ } else if (strcmp(service, authctxt->service) != 0) {
+ packet_disconnect("Change of service not allowed: "
+ "(%s,%s) -> (%s,%s)",
+ authctxt->user, authctxt->service, user, service);
}
/* reset state */
auth2_challenge_stop(authctxt);
debug2("input_userauth_request: try method %s", method);
authenticated = m->userauth(authctxt);
}
-
userauth_finish(authctxt, authenticated, method);
xfree(service);
authctxt->user);
/* Special handling for root */
- if (!use_privsep &&
- authenticated && authctxt->pw->pw_uid == 0 &&
+ if (authenticated && authctxt->pw->pw_uid == 0 &&
!auth_root_allowed(method))
authenticated = 0;