X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/2b87da3b1fb7c5ca907cb65aa048fada4ad29803..54b974dcab3a3e8486caf6181ad0555efd181154:/auth.c diff --git a/auth.c b/auth.c index d08a9336..3e31a448 100644 --- a/auth.c +++ b/auth.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 Markus Friedl. All rights reserved. + * Copyright (c) 2000 Markus Friedl. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth.c,v 1.15 2001/02/03 10:08:37 markus Exp $"); +RCSID("$OpenBSD: auth.c,v 1.19 2001/03/02 18:54:31 deraadt Exp $"); #ifdef HAVE_LOGIN_H #include @@ -170,23 +170,6 @@ authctxt_new(void) return authctxt; } -struct passwd * -pwcopy(struct passwd *pw) -{ - struct passwd *copy = xmalloc(sizeof(*copy)); - memset(copy, 0, sizeof(*copy)); - copy->pw_name = xstrdup(pw->pw_name); - copy->pw_passwd = xstrdup(pw->pw_passwd); - copy->pw_uid = pw->pw_uid; - copy->pw_gid = pw->pw_gid; -#ifdef HAVE_PW_CLASS_IN_PASSWD - copy->pw_class = xstrdup(pw->pw_class); -#endif - copy->pw_dir = xstrdup(pw->pw_dir); - copy->pw_shell = xstrdup(pw->pw_shell); - return copy; -} - void auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) { @@ -216,19 +199,26 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) } /* - * Check if the user is logging in as root and root logins are disallowed. - * Note that root login is _allways_ allowed for forced commands. + * Check whether root logins are disallowed. */ int -auth_root_allowed(void) +auth_root_allowed(char *method) { - if (options.permit_root_login) + switch (options.permit_root_login) { + case PERMIT_YES: return 1; - if (forced_command) { - log("Root login accepted for forced command."); - return 1; - } else { - log("ROOT LOGIN REFUSED FROM %.200s", get_remote_ipaddr()); - return 0; + break; + case PERMIT_NO_PASSWD: + if (strcmp(method, "password") != 0) + return 1; + break; + case PERMIT_FORCED_ONLY: + if (forced_command) { + log("Root login accepted for forced command."); + return 1; + } + break; } + log("ROOT LOGIN REFUSED FROM %.200s", get_remote_ipaddr()); + return 0; }