- provos@cvs.openbsd.org 2002/03/17 20:25:56

     [auth.c auth.h auth1.c auth2.c]
     getpwnamallow returns struct passwd * only if user valid; okay markus@

diff --git a/ChangeLog b/ChangeLog
index be0e371f65b8dfb65834cbec5ffa2bc346864afd..2a7daf77f062a96204313450de2f39c2154ff7f8 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -30,6 +30,9 @@
    - stevesk@cvs.openbsd.org 2002/03/16 17:41:25
      [auth-krb5.c]
      BSD license.  from Daniel Kouril via Dug Song.  ok markus@
+   - provos@cvs.openbsd.org 2002/03/17 20:25:56
+     [auth.c auth.h auth1.c auth2.c]
+     getpwnamallow returns struct passwd * only if user valid; okay markus@
 
 20020317
  - (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is wanted,

diff --git a/auth.c b/auth.c
index de004515fa99dd9e22a2e52640c3170bfefc5be3..19ef605f430208af623e952db02fc2839e9a5720 100644 (file)
--- a/auth.c
+++ b/auth.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.36 2002/03/15 11:00:38 itojun Exp $");
+RCSID("$OpenBSD: auth.c,v 1.37 2002/03/17 20:25:56 provos Exp $");
 
 #ifdef HAVE_LOGIN_H
 #include <login.h>
@@ -439,3 +439,15 @@ secure_filename(FILE *f, const char *file, struct passwd *pw,
        }
        return 0;
 }
+
+struct passwd *
+getpwnamallow(const char *user)
+{
+       struct passwd *pw;
+
+       pw = getpwnam(user);
+       if (pw != NULL && !allowed_user(pw))
+               pw = NULL;
+
+       return (pw);
+}

diff --git a/auth.h b/auth.h
index 83471a0a6059cd9cd3b110151342dea077a91fb7..5f0ed7da4a28ce69414fbb7f74b0e03b35749ccb 100644 (file)
--- a/auth.h
+++ b/auth.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: auth.h,v 1.31 2002/03/16 17:22:09 markus Exp $        */
+/*     $OpenBSD: auth.h,v 1.32 2002/03/17 20:25:56 provos Exp $        */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -133,6 +133,7 @@ int auth2_challenge(Authctxt *, char *);
 void   auth2_challenge_stop(Authctxt *);
 
 int    allowed_user(struct passwd *);
+struct passwd * getpwnamallow(const char *user);
 
 char   *get_challenge(Authctxt *);
 int    verify_response(Authctxt *, const char *);

diff --git a/auth1.c b/auth1.c
index c2d99895f430b563bf7d09af9d4bf58248049a45..013c741886bfafc929a88fe20ec1089fead92656 100644 (file)
--- a/auth1.c
+++ b/auth1.c
@@ -10,7 +10,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.35 2002/02/03 17:53:25 markus Exp $");
+RCSID("$OpenBSD: auth1.c,v 1.36 2002/03/17 20:25:56 provos Exp $");
 
 #include "xmalloc.h"
 #include "rsa.h"
@@ -382,8 +382,8 @@ do_authentication(void)
        authctxt->style = style;
 
        /* Verify that the user is a valid user. */
-       pw = getpwnam(user);
-       if (pw && allowed_user(pw)) {
+       pw = getpwnamallow(user);
+       if (pw) {
                authctxt->valid = 1;
                pw = pwcopy(pw);
        } else {

diff --git a/auth2.c b/auth2.c
index f2a801ecc8207b4dbee68803c9f0cc62b9cfd7e4..c5ab08067ff1bc7d3ce89a5d24a85299c6324c3e 100644 (file)
--- a/auth2.c
+++ b/auth2.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.85 2002/02/24 19:14:59 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.86 2002/03/17 20:25:56 provos Exp $");
 
 #include <openssl/evp.h>
 
@@ -184,8 +184,8 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
        if (authctxt->attempt++ == 0) {
                /* setup auth context */
                struct passwd *pw = NULL;
-               pw = getpwnam(user);
-               if (pw && allowed_user(pw) && strcmp(service, "ssh-connection")==0) {
+               pw = getpwnamallow(user);
+               if (pw && strcmp(service, "ssh-connection")==0) {
                        authctxt->pw = pwcopy(pw);
                        authctxt->valid = 1;
                        debug2("input_userauth_request: setting up authctxt for %s", user);