diff options
| author | Niels Provos <provos@cvs.openbsd.org> | 2002-03-18 03:41:09 +0000 |
|---|---|---|
| committer | Niels Provos <provos@cvs.openbsd.org> | 2002-03-18 03:41:09 +0000 |
| commit | 347eb9fcbf09376d003c9de19184571e7110dd36 (patch) | |
| tree | f671e55bece6a10428ce5ec978b3212b9b832eaf /usr.bin/ssh/auth.c | |
| parent | d89e0da5d027bbdbf64baa6815eed0899d63850b (diff) | |
move auth_approval into getpwnamallow with help from millert@
Diffstat (limited to 'usr.bin/ssh/auth.c')
| -rw-r--r-- | usr.bin/ssh/auth.c | 26 |
1 files changed, 23 insertions, 3 deletions
diff --git a/usr.bin/ssh/auth.c b/usr.bin/ssh/auth.c index 61de90b272f..6f2f98df3a2 100644 --- a/usr.bin/ssh/auth.c +++ b/usr.bin/ssh/auth.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth.c,v 1.37 2002/03/17 20:25:56 provos Exp $"); +RCSID("$OpenBSD: auth.c,v 1.38 2002/03/18 03:41:08 provos Exp $"); #include <libgen.h> @@ -391,11 +391,31 @@ secure_filename(FILE *f, const char *file, struct passwd *pw, struct passwd * getpwnamallow(const char *user) { +#ifdef HAVE_LOGIN_CAP + extern login_cap_t *lc; +#ifdef BSD_AUTH + auth_session_t *as; +#endif +#endif struct passwd *pw; pw = getpwnam(user); - if (pw != NULL && !allowed_user(pw)) + if (pw == NULL || !allowed_user(pw)) + return (NULL); +#ifdef HAVE_LOGIN_CAP + if ((lc = login_getclass(pw->pw_class)) == NULL) { + debug("unable to get login class: %s", user); + return (NULL); + } +#ifdef BSD_AUTH + if ((as = auth_open()) == NULL || auth_setpwd(as, pw) != 0 || + auth_approval(NULL, lc, pw->pw_name, "ssh") <= 0) { + debug("Approval failure for %s", user); pw = NULL; - + } + if (as != NULL) + auth_close(as); +#endif +#endif return (pw); } |