*/
#include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.57 2005/01/22 08:17:59 dtucker Exp $");
+RCSID("$OpenBSD: auth.c,v 1.58 2005/03/14 11:44:42 dtucker Exp $");
#ifdef HAVE_LOGIN_H
#include <login.h>
return 0;
}
- if (options.num_deny_users > 0 || options.num_allow_users > 0) {
+ if (options.num_deny_users > 0 || options.num_allow_users > 0 ||
+ options.num_deny_groups > 0 || options.num_allow_groups > 0) {
hostname = get_canonical_hostname(options.use_dns);
ipaddr = get_remote_ipaddr();
}
}
#ifdef CUSTOM_SYS_AUTH_ALLOWED_USER
- if (!sys_auth_allowed_user(pw))
+ if (!sys_auth_allowed_user(pw, &loginmsg))
return 0;
#endif
record_failed_login(authctxt->user,
get_canonical_hostname(options.use_dns), "ssh");
#endif
-#ifdef AUDIT_EVENTS
+#ifdef SSH_AUDIT_EVENTS
if (authenticated == 0 && !authctxt->postponed) {
ssh_audit_event_t event;
*/
event = audit_classify_auth(method);
switch(event) {
- case AUTH_FAIL_NONE:
- case AUTH_FAIL_PASSWD:
- case AUTH_FAIL_KBDINT:
+ case SSH_AUTH_FAIL_NONE:
+ case SSH_AUTH_FAIL_PASSWD:
+ case SSH_AUTH_FAIL_KBDINT:
if (geteuid() == 0)
audit_event(event);
break;
- case AUTH_FAIL_PUBKEY:
- case AUTH_FAIL_HOSTBASED:
- case AUTH_FAIL_GSSAPI:
+ case SSH_AUTH_FAIL_PUBKEY:
+ case SSH_AUTH_FAIL_HOSTBASED:
+ case SSH_AUTH_FAIL_GSSAPI:
/*
* This is required to handle the case where privsep
* is enabled but it's root logging in, since
record_failed_login(user,
get_canonical_hostname(options.use_dns), "ssh");
#endif
-#ifdef AUDIT_EVENTS
- audit_event(INVALID_USER);
-#endif /* AUDIT_EVENTS */
+#ifdef SSH_AUDIT_EVENTS
+ audit_event(SSH_INVALID_USER);
+#endif /* SSH_AUDIT_EVENTS */
return (NULL);
}
if (!allowed_user(pw))