| auth.c (100838) | auth.c (106130) |
|---|---|
| 1/* 2 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. --- 9 unchanged lines hidden (view full) --- 18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 */ 24 25#include "includes.h" | 1/* 2 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. --- 9 unchanged lines hidden (view full) --- 18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 */ 24 25#include "includes.h" |
| 26RCSID("$OpenBSD: auth.c,v 1.43 2002/05/17 14:27:55 millert Exp $"); 27RCSID("$FreeBSD: head/crypto/openssh/auth.c 100838 2002-07-29 00:36:24Z fanf $"); | 26RCSID("$OpenBSD: auth.c,v 1.45 2002/09/20 18:41:29 stevesk Exp $"); 27RCSID("$FreeBSD: head/crypto/openssh/auth.c 106130 2002-10-29 10:16:02Z des $"); |
| 28 29#ifdef HAVE_LOGIN_H 30#include <login.h> 31#endif 32#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) 33#include <shadow.h> 34#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ 35 --- 216 unchanged lines hidden (view full) --- 252 authlog("%s %s for %s%.100s from %.200s port %d%s", 253 authmsg, 254 method, 255 authctxt->valid ? "" : "illegal user ", 256 authctxt->user, 257 get_remote_ipaddr(), 258 get_remote_port(), 259 info); | 28 29#ifdef HAVE_LOGIN_H 30#include <login.h> 31#endif 32#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) 33#include <shadow.h> 34#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ 35 --- 216 unchanged lines hidden (view full) --- 252 authlog("%s %s for %s%.100s from %.200s port %d%s", 253 authmsg, 254 method, 255 authctxt->valid ? "" : "illegal user ", 256 authctxt->user, 257 get_remote_ipaddr(), 258 get_remote_port(), 259 info); |
| 260 261#ifdef WITH_AIXAUTHENTICATE 262 if (authenticated == 0 && strcmp(method, "password") == 0) 263 loginfailed(authctxt->user, 264 get_canonical_hostname(options.verify_reverse_mapping), 265 "ssh"); 266#endif /* WITH_AIXAUTHENTICATE */ 267 |
|
| 260} 261 262/* 263 * Check whether root logins are disallowed. 264 */ 265int 266auth_root_allowed(char *method) 267{ --- 120 unchanged lines hidden (view full) --- 388 debug2("check_key_in_hostfiles: key %s for %s", host_status == HOST_OK ? 389 "ok" : "not found", host); 390 return host_status; 391} 392 393 394/* 395 * Check a given file for security. This is defined as all components | 268} 269 270/* 271 * Check whether root logins are disallowed. 272 */ 273int 274auth_root_allowed(char *method) 275{ --- 120 unchanged lines hidden (view full) --- 396 debug2("check_key_in_hostfiles: key %s for %s", host_status == HOST_OK ? 397 "ok" : "not found", host); 398 return host_status; 399} 400 401 402/* 403 * Check a given file for security. This is defined as all components |
| 396 * of the path to the file must either be owned by either the owner of | 404 * of the path to the file must be owned by either the owner of |
| 397 * of the file or root and no directories must be group or world writable. 398 * 399 * XXX Should any specific check be done for sym links ? 400 * 401 * Takes an open file descriptor, the file name, a uid and and 402 * error buffer plus max size as arguments. 403 * 404 * Returns 0 on success and -1 on failure --- 67 unchanged lines hidden (view full) --- 472 extern login_cap_t *lc; 473#ifdef BSD_AUTH 474 auth_session_t *as; 475#endif 476#endif 477 struct passwd *pw; 478 479 pw = getpwnam(user); | 405 * of the file or root and no directories must be group or world writable. 406 * 407 * XXX Should any specific check be done for sym links ? 408 * 409 * Takes an open file descriptor, the file name, a uid and and 410 * error buffer plus max size as arguments. 411 * 412 * Returns 0 on success and -1 on failure --- 67 unchanged lines hidden (view full) --- 480 extern login_cap_t *lc; 481#ifdef BSD_AUTH 482 auth_session_t *as; 483#endif 484#endif 485 struct passwd *pw; 486 487 pw = getpwnam(user); |
| 480 if (pw == NULL || !allowed_user(pw)) | 488 if (pw == NULL) { 489 log("Illegal user %.100s from %.100s", 490 user, get_remote_ipaddr()); |
| 481 return (NULL); | 491 return (NULL); |
| 492 } 493 if (!allowed_user(pw)) 494 return (NULL); |
|
| 482#ifdef HAVE_LOGIN_CAP 483 if ((lc = login_getpwclass(pw)) == NULL) { 484 debug("unable to get login class: %s", user); 485 return (NULL); 486 } 487#ifdef BSD_AUTH 488 if ((as = auth_open()) == NULL || auth_setpwd(as, pw) != 0 || 489 auth_approval(as, lc, pw->pw_name, "ssh") <= 0) { --- 51 unchanged lines hidden --- | 495#ifdef HAVE_LOGIN_CAP 496 if ((lc = login_getpwclass(pw)) == NULL) { 497 debug("unable to get login class: %s", user); 498 return (NULL); 499 } 500#ifdef BSD_AUTH 501 if ((as = auth_open()) == NULL || auth_setpwd(as, pw) != 0 || 502 auth_approval(as, lc, pw->pw_name, "ssh") <= 0) { --- 51 unchanged lines hidden --- |