/*
- * Copyright (c) 2000 Markus Friedl. All rights reserved.
+ * Copyright (c) 2000 Markus Friedl. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
*/
#include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.13 2001/01/18 16:59:59 markus Exp $");
+RCSID("$OpenBSD: auth.c,v 1.19 2001/03/02 18:54:31 deraadt Exp $");
-#include "xmalloc.h"
-#include "ssh.h"
-#include "match.h"
-#include "servconf.h"
-#include "groupaccess.h"
#ifdef HAVE_LOGIN_H
#include <login.h>
#endif
#include <shadow.h>
#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
+#include "xmalloc.h"
+#include "match.h"
+#include "groupaccess.h"
+#include "log.h"
+#include "servconf.h"
#include "auth.h"
#include "auth-options.h"
+#include "canohost.h"
/* import */
extern ServerOptions options;
return 0;
/* Check password expiry */
- if ((spw->sp_lstchg >= 0) && (spw->sp_max >= 0) &&
+ if ((spw->sp_lstchg >= 0) && (spw->sp_max >= 0) &&
(days > (spw->sp_lstchg + spw->sp_max)))
return 0;
}
Authctxt *
authctxt_new(void)
{
- Authctxt *authctxt = xmalloc(sizeof(*authctxt));
- memset(authctxt, 0, sizeof(*authctxt));
- return authctxt;
-}
-
-struct passwd *
-pwcopy(struct passwd *pw)
-{
- struct passwd *copy = xmalloc(sizeof(*copy));
- memset(copy, 0, sizeof(*copy));
- copy->pw_name = xstrdup(pw->pw_name);
- copy->pw_passwd = xstrdup(pw->pw_passwd);
- copy->pw_uid = pw->pw_uid;
- copy->pw_gid = pw->pw_gid;
-#ifdef HAVE_PW_CLASS_IN_PASSWD
- copy->pw_class = xstrdup(pw->pw_class);
-#endif
- copy->pw_dir = xstrdup(pw->pw_dir);
- copy->pw_shell = xstrdup(pw->pw_shell);
- return copy;
+ Authctxt *authctxt = xmalloc(sizeof(*authctxt));
+ memset(authctxt, 0, sizeof(*authctxt));
+ return authctxt;
}
void
}
/*
- * Check if the user is logging in as root and root logins are disallowed.
- * Note that root login is _allways_ allowed for forced commands.
+ * Check whether root logins are disallowed.
*/
int
-auth_root_allowed(void)
+auth_root_allowed(char *method)
{
- if (options.permit_root_login)
+ switch (options.permit_root_login) {
+ case PERMIT_YES:
return 1;
- if (forced_command) {
- log("Root login accepted for forced command.");
- return 1;
- } else {
- log("ROOT LOGIN REFUSED FROM %.200s", get_canonical_hostname());
- return 0;
+ break;
+ case PERMIT_NO_PASSWD:
+ if (strcmp(method, "password") != 0)
+ return 1;
+ break;
+ case PERMIT_FORCED_ONLY:
+ if (forced_command) {
+ log("Root login accepted for forced command.");
+ return 1;
+ }
+ break;
}
+ log("ROOT LOGIN REFUSED FROM %.200s", get_remote_ipaddr());
+ return 0;
}