[BACK]Return to auth1.c CVS log [TXT][DIR] Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/Attic/auth1.c between version 1.25.2.1 and 1.25.2.2

version 1.25.2.1, 2002/03/07 17:37:46 version 1.25.2.2, 2002/05/17 00:03:23
Line 24 
Line 24 
 #include "auth.h"  #include "auth.h"
 #include "channels.h"  #include "channels.h"
 #include "session.h"  #include "session.h"
 #include "misc.h"  
 #include "uidswap.h"  #include "uidswap.h"
   #include "monitor_wrap.h"
   
 /* import */  /* import */
 extern ServerOptions options;  extern ServerOptions options;
Line 84 
Line 84 
 #if defined(KRB4) || defined(KRB5)  #if defined(KRB4) || defined(KRB5)
             (!options.kerberos_authentication || options.kerberos_or_local_passwd) &&              (!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
 #endif  #endif
             auth_password(authctxt, "")) {              PRIVSEP(auth_password(authctxt, ""))) {
                 auth_log(authctxt, 1, "without authentication", "");                  auth_log(authctxt, 1, "without authentication", "");
                 return;                  return;
         }          }
Line 243 
Line 243 
                         packet_check_eom();                          packet_check_eom();
   
                         /* Try authentication with the password. */                          /* Try authentication with the password. */
                         authenticated = auth_password(authctxt, password);                          authenticated = PRIVSEP(auth_password(authctxt, password));
   
                         memset(password, 0, strlen(password));                          memset(password, 0, strlen(password));
                         xfree(password);                          xfree(password);
Line 318 
Line 318 
  * Performs authentication of an incoming connection.  Session key has already   * Performs authentication of an incoming connection.  Session key has already
  * been exchanged and encryption is enabled.   * been exchanged and encryption is enabled.
  */   */
 void  Authctxt *
 do_authentication(void)  do_authentication(void)
 {  {
         Authctxt *authctxt;          Authctxt *authctxt;
         struct passwd *pw;  
         u_int ulen;          u_int ulen;
         char *p, *user, *style = NULL;          char *user, *style = NULL;
   
         /* Get the name of the user that we wish to log in as. */          /* Get the name of the user that we wish to log in as. */
         packet_read_expect(SSH_CMSG_USER);          packet_read_expect(SSH_CMSG_USER);
Line 336 
Line 335 
         if ((style = strchr(user, ':')) != NULL)          if ((style = strchr(user, ':')) != NULL)
                 *style++ = '\0';                  *style++ = '\0';
   
   #ifdef KRB5
         /* XXX - SSH.com Kerberos v5 braindeath. */          /* XXX - SSH.com Kerberos v5 braindeath. */
         if ((p = strchr(user, '@')) != NULL)          if ((datafellows & SSH_BUG_K5USER) &&
                 *p = '\0';              options.kerberos_authentication) {
                   char *p;
                   if ((p = strchr(user, '@')) != NULL)
                           *p = '\0';
           }
   #endif
   
         authctxt = authctxt_new();          authctxt = authctxt_new();
         authctxt->user = user;          authctxt->user = user;
         authctxt->style = style;          authctxt->style = style;
   
         /* Verify that the user is a valid user. */          /* Verify that the user is a valid user. */
         pw = getpwnam(user);          if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL)
         if (pw && allowed_user(pw)) {  
                 authctxt->valid = 1;                  authctxt->valid = 1;
                 pw = pwcopy(pw);          else
         } else {  
                 debug("do_authentication: illegal user %s", user);                  debug("do_authentication: illegal user %s", user);
                 pw = NULL;  
         }  
         authctxt->pw = pw;  
   
         setproctitle("%s", pw ? user : "unknown");          setproctitle("%s%s", authctxt->pw ? user : "unknown",
               use_privsep ? " [net]" : "");
   
         /*          /*
          * If we are not running as root, the user must have the same uid as           * If we are not running as root, the user must have the same uid as
          * the server.           * the server.
          */           */
         if (getuid() != 0 && pw && pw->pw_uid != getuid())          if (!use_privsep && getuid() != 0 && authctxt->pw &&
               authctxt->pw->pw_uid != getuid())
                 packet_disconnect("Cannot change user when server not running as root.");                  packet_disconnect("Cannot change user when server not running as root.");
   
         /*          /*
Line 375 
Line 377 
         packet_send();          packet_send();
         packet_write_wait();          packet_write_wait();
   
         /* Perform session preparation. */          return (authctxt);
         do_authenticated(authctxt);  
 }  }
Legend:
Removed from v.1.25.2.1  
changed lines
  Added in v.1.25.2.2