===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/Attic/auth1.c,v
retrieving revision 1.22.2.2
retrieving revision 1.22.2.3
diff -u -r1.22.2.2 -r1.22.2.3
--- src/usr.bin/ssh/Attic/auth1.c	2002/03/09 00:20:43	1.22.2.2
+++ src/usr.bin/ssh/Attic/auth1.c	2002/06/02 22:56:09	1.22.2.3
@@ -10,7 +10,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.22.2.2 2002/03/09 00:20:43 miod Exp $");
+RCSID("$OpenBSD: auth1.c,v 1.22.2.3 2002/06/02 22:56:09 miod Exp $");
 
 #include "xmalloc.h"
 #include "rsa.h"
@@ -24,8 +24,8 @@
 #include "auth.h"
 #include "channels.h"
 #include "session.h"
-#include "misc.h"
 #include "uidswap.h"
+#include "monitor_wrap.h"
 
 /* import */
 extern ServerOptions options;
@@ -84,7 +84,7 @@
 #if defined(KRB4) || defined(KRB5)
 	    (!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
 #endif
-	    auth_password(authctxt, "")) {
+	    PRIVSEP(auth_password(authctxt, ""))) {
 		auth_log(authctxt, 1, "without authentication", "");
 		return;
 	}
@@ -243,7 +243,7 @@
 			packet_check_eom();
 
 			/* Try authentication with the password. */
-			authenticated = auth_password(authctxt, password);
+			authenticated = PRIVSEP(auth_password(authctxt, password));
 
 			memset(password, 0, strlen(password));
 			xfree(password);
@@ -318,13 +318,12 @@
  * Performs authentication of an incoming connection.  Session key has already
  * been exchanged and encryption is enabled.
  */
-void
+Authctxt *
 do_authentication(void)
 {
 	Authctxt *authctxt;
-	struct passwd *pw;
 	u_int ulen;
-	char *p, *user, *style = NULL;
+	char *user, *style = NULL;
 
 	/* Get the name of the user that we wish to log in as. */
 	packet_read_expect(SSH_CMSG_USER);
@@ -336,32 +335,35 @@
 	if ((style = strchr(user, ':')) != NULL)
 		*style++ = '\0';
 
+#ifdef KRB5
 	/* XXX - SSH.com Kerberos v5 braindeath. */
-	if ((p = strchr(user, '@')) != NULL)
-		*p = '\0';
+	if ((datafellows & SSH_BUG_K5USER) &&
+	    options.kerberos_authentication) {
+		char *p;
+		if ((p = strchr(user, '@')) != NULL)
+			*p = '\0';
+	}
+#endif
 
 	authctxt = authctxt_new();
 	authctxt->user = user;
 	authctxt->style = style;
 
 	/* Verify that the user is a valid user. */
-	pw = getpwnam(user);
-	if (pw && allowed_user(pw)) {
+	if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL)
 		authctxt->valid = 1;
-		pw = pwcopy(pw);
-	} else {
+	else
 		debug("do_authentication: illegal user %s", user);
-		pw = NULL;
-	}
-	authctxt->pw = pw;
 
-	setproctitle("%s", pw ? user : "unknown");
+	setproctitle("%s%s", authctxt->pw ? user : "unknown",
+	    use_privsep ? " [net]" : "");
 
 	/*
 	 * If we are not running as root, the user must have the same uid as
 	 * the server.
 	 */
-	if (getuid() != 0 && pw && pw->pw_uid != getuid())
+	if (!use_privsep && getuid() != 0 && authctxt->pw &&
+	    authctxt->pw->pw_uid != getuid())
 		packet_disconnect("Cannot change user when server not running as root.");
 
 	/*
@@ -375,6 +377,5 @@
 	packet_send();
 	packet_write_wait();
 
-	/* Perform session preparation. */
-	do_authenticated(authctxt);
+	return (authctxt);
 }