diff options
| author | ru <ru@FreeBSD.org> | 2002-03-26 12:52:28 +0000 |
|---|---|---|
| committer | ru <ru@FreeBSD.org> | 2002-03-26 12:52:28 +0000 |
| commit | 065ea04bd88fea07a99cd23a16fe51d92d340e2c (patch) | |
| tree | e352a6b9a5d29d9cd8f84432f8c5e8f8971ac83b /crypto | |
| parent | 833cdae90669254b5fca898fc0ff90cf0641e72c (diff) | |
| download | FreeBSD-src-065ea04bd88fea07a99cd23a16fe51d92d340e2c.zip FreeBSD-src-065ea04bd88fea07a99cd23a16fe51d92d340e2c.tar.gz | |
Switch over to using pam_login_access(8) module in sshd(8).
(Fixes static compilation. Reduces diffs to OpenSSH.)
Reviewed by: bde
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/openssh/auth1.c | 11 | ||||
| -rw-r--r-- | crypto/openssh/auth2.c | 12 |
2 files changed, 4 insertions, 19 deletions
diff --git a/crypto/openssh/auth1.c b/crypto/openssh/auth1.c index 54a23d5..9611c6d 100644 --- a/crypto/openssh/auth1.c +++ b/crypto/openssh/auth1.c @@ -88,12 +88,12 @@ do_authloop(Authctxt *authctxt) #ifdef USE_PAM struct inverted_pam_cookie *pam_cookie; #endif /* USE_PAM */ -#if defined(HAVE_LOGIN_CAP) || defined(LOGIN_ACCESS) +#if defined(HAVE_LOGIN_CAP) const char *from_host, *from_ip; from_host = get_canonical_hostname(options.verify_reverse_mapping); from_ip = get_remote_ipaddr(); -#endif /* HAVE_LOGIN_CAP || LOGIN_ACCESS */ +#endif /* HAVE_LOGIN_CAP */ debug("Attempting authentication for %s%.100s.", authctxt->valid ? "" : "illegal user ", authctxt->user); @@ -369,13 +369,6 @@ do_authloop(Authctxt *authctxt) lc = NULL; } #endif /* HAVE_LOGIN_CAP */ -#ifdef LOGIN_ACCESS - if (pw != NULL && !login_access(pw->pw_name, from_host)) { - log("Denied connection for %.200s from %.200s [%.200s].", - pw->pw_name, from_host, from_ip); - packet_disconnect("Sorry, you are not allowed to connect."); - } -#endif /* LOGIN_ACCESS */ #ifdef BSD_AUTH if (authctxt->as) { auth_close(authctxt->as); diff --git a/crypto/openssh/auth2.c b/crypto/openssh/auth2.c index 1592da2..117415d 100644 --- a/crypto/openssh/auth2.c +++ b/crypto/openssh/auth2.c @@ -174,12 +174,12 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) #ifdef HAVE_LOGIN_CAP login_cap_t *lc; #endif /* HAVE_LOGIN_CAP */ -#if defined(HAVE_LOGIN_CAP) || defined(LOGIN_ACCESS) +#if defined(HAVE_LOGIN_CAP) const char *from_host, *from_ip; from_host = get_canonical_hostname(options.verify_reverse_mapping); from_ip = get_remote_ipaddr(); -#endif /* HAVE_LOGIN_CAP || LOGIN_ACCESS */ +#endif /* HAVE_LOGIN_CAP */ if (authctxt == NULL) fatal("input_userauth_request: no authctxt"); @@ -238,14 +238,6 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) lc = NULL; } #endif /* HAVE_LOGIN_CAP */ -#ifdef LOGIN_ACCESS - if (authctxt->pw != NULL && - !login_access(authctxt->pw->pw_name, from_host)) { - log("Denied connection for %.200s from %.200s [%.200s].", - authctxt->pw->pw_name, from_host, from_ip); - packet_disconnect("Sorry, you are not allowed to connect."); - } -#endif /* LOGIN_ACCESS */ /* reset state */ auth2_challenge_stop(authctxt); authctxt->postponed = 0; |
