]> andersk Git - openssh.git/blobdiff - auth.c
andersk / openssh.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
- millert@cvs.openbsd.org 2001/03/04 17:42:28
[openssh.git] / auth.c
diff --git a/auth.c b/auth.c
index 814506d7cc44afe4c845f3701dc70b6cb21b46ac..3e31a448d4aa26b87050d8bdcecbb85f9fff32be 100644 (file)
--- a/auth.c
+++ b/auth.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000 Markus Friedl. All rights reserved.
+ * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -23,13 +23,8 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.13 2001/01/18 16:59:59 markus Exp $");
+RCSID("$OpenBSD: auth.c,v 1.19 2001/03/02 18:54:31 deraadt Exp $");
 
-#include "xmalloc.h"
-#include "ssh.h"
-#include "match.h"
-#include "servconf.h"
-#include "groupaccess.h"
 #ifdef HAVE_LOGIN_H
 #include <login.h>
 #endif
@@ -37,8 +32,14 @@ RCSID("$OpenBSD: auth.c,v 1.13 2001/01/18 16:59:59 markus Exp $");
 #include <shadow.h>
 #endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
 
+#include "xmalloc.h"
+#include "match.h"
+#include "groupaccess.h"
+#include "log.h"
+#include "servconf.h"
 #include "auth.h"
 #include "auth-options.h"
+#include "canohost.h"
 
 /* import */
 extern ServerOptions options;
@@ -78,7 +79,7 @@ allowed_user(struct passwd * pw)
                        return 0;
 
                /* Check password expiry */
-               if ((spw->sp_lstchg >= 0) && (spw->sp_max >= 0) && 
+               if ((spw->sp_lstchg >= 0) && (spw->sp_max >= 0) &&
                    (days > (spw->sp_lstchg + spw->sp_max)))
                        return 0;
        }
@@ -164,26 +165,9 @@ allowed_user(struct passwd * pw)
 Authctxt *
 authctxt_new(void)
 {
-        Authctxt *authctxt = xmalloc(sizeof(*authctxt));
-        memset(authctxt, 0, sizeof(*authctxt));
-        return authctxt;
-}
-
-struct passwd *
-pwcopy(struct passwd *pw)
-{
-       struct passwd *copy = xmalloc(sizeof(*copy));
-       memset(copy, 0, sizeof(*copy));
-       copy->pw_name = xstrdup(pw->pw_name);
-       copy->pw_passwd = xstrdup(pw->pw_passwd);
-       copy->pw_uid = pw->pw_uid;
-       copy->pw_gid = pw->pw_gid;
-#ifdef HAVE_PW_CLASS_IN_PASSWD
-       copy->pw_class = xstrdup(pw->pw_class);
-#endif
-       copy->pw_dir = xstrdup(pw->pw_dir);
-       copy->pw_shell = xstrdup(pw->pw_shell);
-       return copy;
+       Authctxt *authctxt = xmalloc(sizeof(*authctxt));
+       memset(authctxt, 0, sizeof(*authctxt));
+       return authctxt;
 }
 
 void
@@ -215,19 +199,26 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info)
 }
 
 /*
- * Check if the user is logging in as root and root logins are disallowed.
- * Note that root login is _allways_ allowed for forced commands.
+ * Check whether root logins are disallowed.
  */
 int
-auth_root_allowed(void)
+auth_root_allowed(char *method)
 {
-       if (options.permit_root_login)
+       switch (options.permit_root_login) {
+       case PERMIT_YES:
                return 1;
-       if (forced_command) {
-               log("Root login accepted for forced command.");
-               return 1;
-       } else {
-               log("ROOT LOGIN REFUSED FROM %.200s", get_canonical_hostname());
-               return 0;
+               break;
+       case PERMIT_NO_PASSWD:
+               if (strcmp(method, "password") != 0)
+                       return 1;
+               break;
+       case PERMIT_FORCED_ONLY:
+               if (forced_command) {
+                       log("Root login accepted for forced command.");
+                       return 1;
+               }
+               break;
        }
+       log("ROOT LOGIN REFUSED FROM %.200s", get_remote_ipaddr());
+       return 0;
 }
git-cvsimport mirror of OpenSSH
This page took 0.03255 seconds and 4 git commands to generate.