diff options
author | kris <kris@FreeBSD.org> | 2000-09-02 05:40:50 +0000 |
---|---|---|
committer | kris <kris@FreeBSD.org> | 2000-09-02 05:40:50 +0000 |
commit | 458b9e5882d4136a11790a1efbacf16115588910 (patch) | |
tree | 3abba4a0d7a5df98abcfb715afd98885465410e9 /crypto/openssh | |
parent | 8b99f6e1dc18e8fa3045cde566c39256e6f967f3 (diff) | |
download | FreeBSD-src-458b9e5882d4136a11790a1efbacf16115588910.zip FreeBSD-src-458b9e5882d4136a11790a1efbacf16115588910.tar.gz |
Repair a broken conflict resolution in r1.2 which had the effect of nullifying
the login_cap and login.access checks for whether a user/host is allowed
access to the system for users other than root. But since we currently don't
have a similar check in the ssh2 code path anyway, it's um, "okay".
Submitted by: gshapiro
Diffstat (limited to 'crypto/openssh')
-rw-r--r-- | crypto/openssh/auth1.c | 46 |
1 files changed, 23 insertions, 23 deletions
diff --git a/crypto/openssh/auth1.c b/crypto/openssh/auth1.c index f9d16b2..cc949c4 100644 --- a/crypto/openssh/auth1.c +++ b/crypto/openssh/auth1.c @@ -449,35 +449,35 @@ do_authloop(struct passwd * pw) log("ROOT LOGIN REFUSED FROM %.200s", get_canonical_hostname()); } + } #ifdef LOGIN_CAP - lc = login_getpwclass(pw); - if (lc == NULL) - lc = login_getclassbyname(NULL, pw); - if (!auth_hostok(lc, from_host, from_ip)) { - log("Denied connection for %.200s from %.200s [%.200s].", - pw->pw_name, from_host, from_ip); - packet_disconnect("Sorry, you are not allowed to connect."); - } - if (!auth_timeok(lc, time(NULL))) { - log("LOGIN %.200s REFUSED (TIME) FROM %.200s", - pw->pw_name, from_host); - packet_disconnect("Logins not available right now."); - } - login_close(lc); + lc = login_getpwclass(pw); + if (lc == NULL) + lc = login_getclassbyname(NULL, pw); + if (!auth_hostok(lc, from_host, from_ip)) { + log("Denied connection for %.200s from %.200s [%.200s].", + pw->pw_name, from_host, from_ip); + packet_disconnect("Sorry, you are not allowed to connect."); + } + if (!auth_timeok(lc, time(NULL))) { + log("LOGIN %.200s REFUSED (TIME) FROM %.200s", + pw->pw_name, from_host); + packet_disconnect("Logins not available right now."); + } + login_close(lc); #endif /* LOGIN_CAP */ #ifdef LOGIN_ACCESS - if (!login_access(pw->pw_name, from_host)) { - log("Denied connection for %.200s from %.200s [%.200s].", - pw->pw_name, from_host, from_ip); - packet_disconnect("Sorry, you are not allowed to connect."); - } + if (!login_access(pw->pw_name, from_host)) { + log("Denied connection for %.200s from %.200s [%.200s].", + pw->pw_name, from_host, from_ip); + packet_disconnect("Sorry, you are not allowed to connect."); + } #endif /* LOGIN_ACCESS */ - if (pw->pw_uid == 0) - log("ROOT LOGIN as '%.100s' from %.100s", - pw->pw_name, get_canonical_hostname()); - } + if (pw->pw_uid == 0) + log("ROOT LOGIN as '%.100s' from %.100s", + pw->pw_name, get_canonical_hostname()); /* Raise logging level */ if (authenticated || |