[auth-krb4.c]
set client to NULL after xfree(), from Rolf Braun
<rbraun+ssh@andrew.cmu.edu>
+ - provos@cvs.openbsd.org 2002/03/18 03:41:08
+ [auth.c session.c]
+ move auth_approval into getpwnamallow with help from millert@
20020317
- (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is wanted,
*/
#include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.37 2002/03/17 20:25:56 provos Exp $");
+RCSID("$OpenBSD: auth.c,v 1.38 2002/03/18 03:41:08 provos Exp $");
#ifdef HAVE_LOGIN_H
#include <login.h>
struct passwd *
getpwnamallow(const char *user)
{
+#ifdef HAVE_LOGIN_CAP
+ extern login_cap_t *lc;
+#ifdef BSD_AUTH
+ auth_session_t *as;
+#endif
+#endif
struct passwd *pw;
pw = getpwnam(user);
- if (pw != NULL && !allowed_user(pw))
+ if (pw == NULL || !allowed_user(pw))
+ return (NULL);
+#ifdef HAVE_LOGIN_CAP
+ if ((lc = login_getclass(pw->pw_class)) == NULL) {
+ debug("unable to get login class: %s", user);
+ return (NULL);
+ }
+#ifdef BSD_AUTH
+ if ((as = auth_open()) == NULL || auth_setpwd(as, pw) != 0 ||
+ auth_approval(NULL, lc, pw->pw_name, "ssh") <= 0) {
+ debug("Approval failure for %s", user);
pw = NULL;
-
+ }
+ if (as != NULL)
+ auth_close(as);
+#endif
+#endif
return (pw);
}
*/
#include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.128 2002/02/16 00:51:44 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.129 2002/03/18 03:41:08 provos Exp $");
#include "ssh.h"
#include "ssh1.h"
#endif /* WITH_AIXAUTHENTICATE */
#ifdef HAVE_LOGIN_CAP
-static login_cap_t *lc;
+login_cap_t *lc;
#endif
void
close(startup_pipe);
startup_pipe = -1;
}
-#if defined(HAVE_LOGIN_CAP) && defined(HAVE_PW_CLASS_IN_PASSWD)
- if ((lc = login_getclass(authctxt->pw->pw_class)) == NULL) {
- error("unable to get login class");
- return;
- }
-#ifdef BSD_AUTH
- if (auth_approval(NULL, lc, authctxt->pw->pw_name, "ssh") <= 0) {
- packet_disconnect("Approval failure for %s",
- authctxt->pw->pw_name);
- }
-#endif
-#endif
#ifdef WITH_AIXAUTHENTICATE
/* We don't have a pty yet, so just label the line as "ssh" */
if (loginsuccess(authctxt->user,