/*
- * Copyright (c) 2000 Markus Friedl. All rights reserved.
+ * Copyright (c) 2000 Markus Friedl. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
*/
#include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.16 2001/02/04 15:32:22 stevesk Exp $");
+RCSID("$OpenBSD: auth.c,v 1.19 2001/03/02 18:54:31 deraadt Exp $");
#ifdef HAVE_LOGIN_H
#include <login.h>
return authctxt;
}
-struct passwd *
-pwcopy(struct passwd *pw)
-{
- struct passwd *copy = xmalloc(sizeof(*copy));
- memset(copy, 0, sizeof(*copy));
- copy->pw_name = xstrdup(pw->pw_name);
- copy->pw_passwd = xstrdup(pw->pw_passwd);
- copy->pw_uid = pw->pw_uid;
- copy->pw_gid = pw->pw_gid;
-#ifdef HAVE_PW_CLASS_IN_PASSWD
- copy->pw_class = xstrdup(pw->pw_class);
-#endif
- copy->pw_dir = xstrdup(pw->pw_dir);
- copy->pw_shell = xstrdup(pw->pw_shell);
- return copy;
-}
-
void
auth_log(Authctxt *authctxt, int authenticated, char *method, char *info)
{
}
/*
- * Check if the user is logging in as root and root logins are disallowed.
- * Note that root login is _allways_ allowed for forced commands.
+ * Check whether root logins are disallowed.
*/
int
-auth_root_allowed(void)
+auth_root_allowed(char *method)
{
- if (options.permit_root_login)
+ switch (options.permit_root_login) {
+ case PERMIT_YES:
return 1;
- if (forced_command) {
- log("Root login accepted for forced command.");
- return 1;
- } else {
- log("ROOT LOGIN REFUSED FROM %.200s", get_remote_ipaddr());
- return 0;
+ break;
+ case PERMIT_NO_PASSWD:
+ if (strcmp(method, "password") != 0)
+ return 1;
+ break;
+ case PERMIT_FORCED_ONLY:
+ if (forced_command) {
+ log("Root login accepted for forced command.");
+ return 1;
+ }
+ break;
}
+ log("ROOT LOGIN REFUSED FROM %.200s", get_remote_ipaddr());
+ return 0;
}