===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/sshd.c,v
retrieving revision 1.90
retrieving revision 1.91
diff -u -r1.90 -r1.91
--- src/usr.bin/ssh/sshd.c	2000/03/06 20:29:04	1.90
+++ src/usr.bin/ssh/sshd.c	2000/03/09 19:31:47	1.91
@@ -11,7 +11,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.90 2000/03/06 20:29:04 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.91 2000/03/09 19:31:47 markus Exp $");
 
 #include "xmalloc.h"
 #include "rsa.h"
@@ -1244,14 +1244,6 @@
 		do_authloop(pw);
 	}
 
-	/* Check if the user is logging in as root and root logins are disallowed. */
-	if (pw->pw_uid == 0 && !options.permit_root_login) {
-		if (forced_command)
-			log("Root login accepted for forced command.");
-		else
-			packet_disconnect("ROOT LOGIN REFUSED FROM %.200s",
-					  get_canonical_hostname());
-	}
 	/* The user has been authenticated and accepted. */
 	packet_start(SSH_SMSG_SUCCESS);
 	packet_send();
@@ -1487,6 +1479,21 @@
 			 */
 			log("Unknown message during authentication: type %d", type);
 			break;
+		}
+
+		/*
+		 * Check if the user is logging in as root and root logins
+		 * are disallowed.
+		 * Note that root login is allowed for forced commands.
+		 */
+		if (authenticated && pw->pw_uid == 0 && !options.permit_root_login) {
+			if (forced_command) {
+				log("Root login accepted for forced command.");
+			} else {
+				authenticated = 0;
+				log("ROOT LOGIN REFUSED FROM %.200s",
+				    get_canonical_hostname());
+			}
 		}
 
 		/* Raise logging level */