diff options
| author | Niels Provos <provos@cvs.openbsd.org> | 2002-03-17 20:25:57 +0000 |
|---|---|---|
| committer | Niels Provos <provos@cvs.openbsd.org> | 2002-03-17 20:25:57 +0000 |
| commit | b1c153652482f4a01274f1467de1a1b8f7afccfa (patch) | |
| tree | 1bbad2d04c075bd910f23b98ba5b7084796e4b1b | |
| parent | fd24b767bd3ea1411182aa064901d35024339207 (diff) | |
getpwnamallow returns struct passwd * only if user valid; okay markus@
| -rw-r--r-- | usr.bin/ssh/auth.c | 14 | ||||
| -rw-r--r-- | usr.bin/ssh/auth.h | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/auth1.c | 6 | ||||
| -rw-r--r-- | usr.bin/ssh/auth2.c | 6 |
4 files changed, 21 insertions, 8 deletions
diff --git a/usr.bin/ssh/auth.c b/usr.bin/ssh/auth.c index d5c482a9751..61de90b272f 100644 --- a/usr.bin/ssh/auth.c +++ b/usr.bin/ssh/auth.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth.c,v 1.36 2002/03/15 11:00:38 itojun Exp $"); +RCSID("$OpenBSD: auth.c,v 1.37 2002/03/17 20:25:56 provos Exp $"); #include <libgen.h> @@ -387,3 +387,15 @@ secure_filename(FILE *f, const char *file, struct passwd *pw, } return 0; } + +struct passwd * +getpwnamallow(const char *user) +{ + struct passwd *pw; + + pw = getpwnam(user); + if (pw != NULL && !allowed_user(pw)) + pw = NULL; + + return (pw); +} diff --git a/usr.bin/ssh/auth.h b/usr.bin/ssh/auth.h index 54c7ad83f0e..8fc5b93544d 100644 --- a/usr.bin/ssh/auth.h +++ b/usr.bin/ssh/auth.h @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.h,v 1.31 2002/03/16 17:22:09 markus Exp $ */ +/* $OpenBSD: auth.h,v 1.32 2002/03/17 20:25:56 provos Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -130,6 +130,7 @@ int auth2_challenge(Authctxt *, char *); void auth2_challenge_stop(Authctxt *); int allowed_user(struct passwd *); +struct passwd * getpwnamallow(const char *user); char *get_challenge(Authctxt *); int verify_response(Authctxt *, const char *); diff --git a/usr.bin/ssh/auth1.c b/usr.bin/ssh/auth1.c index 7460b6f5716..238e7387a99 100644 --- a/usr.bin/ssh/auth1.c +++ b/usr.bin/ssh/auth1.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth1.c,v 1.35 2002/02/03 17:53:25 markus Exp $"); +RCSID("$OpenBSD: auth1.c,v 1.36 2002/03/17 20:25:56 provos Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -345,8 +345,8 @@ do_authentication(void) authctxt->style = style; /* Verify that the user is a valid user. */ - pw = getpwnam(user); - if (pw && allowed_user(pw)) { + pw = getpwnamallow(user); + if (pw) { authctxt->valid = 1; pw = pwcopy(pw); } else { diff --git a/usr.bin/ssh/auth2.c b/usr.bin/ssh/auth2.c index 21f46a3fcf6..8a0c39c3454 100644 --- a/usr.bin/ssh/auth2.c +++ b/usr.bin/ssh/auth2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2.c,v 1.85 2002/02/24 19:14:59 markus Exp $"); +RCSID("$OpenBSD: auth2.c,v 1.86 2002/03/17 20:25:56 provos Exp $"); #include <openssl/evp.h> @@ -182,8 +182,8 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) if (authctxt->attempt++ == 0) { /* setup auth context */ struct passwd *pw = NULL; - pw = getpwnam(user); - if (pw && allowed_user(pw) && strcmp(service, "ssh-connection")==0) { + pw = getpwnamallow(user); + if (pw && strcmp(service, "ssh-connection")==0) { authctxt->pw = pwcopy(pw); authctxt->valid = 1; debug2("input_userauth_request: setting up authctxt for %s", user); |