- OpenBSD CVS change
[sshd.c] - disallow guessing of root password
This commit is contained in:
parent
eedc0ca23e
commit
02491e9632
|
@ -1,5 +1,8 @@
|
||||||
20000311
|
20000311
|
||||||
- Detect RSAref
|
- Detect RSAref
|
||||||
|
- OpenBSD CVS change
|
||||||
|
[sshd.c]
|
||||||
|
- disallow guessing of root password
|
||||||
|
|
||||||
20000309
|
20000309
|
||||||
- OpenBSD CVS updates to v1.2.3
|
- OpenBSD CVS updates to v1.2.3
|
||||||
|
|
25
sshd.c
25
sshd.c
|
@ -11,7 +11,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: sshd.c,v 1.90 2000/03/06 20:29:04 markus Exp $");
|
RCSID("$OpenBSD: sshd.c,v 1.91 2000/03/09 19:31:47 markus Exp $");
|
||||||
|
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "rsa.h"
|
#include "rsa.h"
|
||||||
|
@ -1275,14 +1275,6 @@ do_authentication()
|
||||||
do_authloop(pw);
|
do_authloop(pw);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Check if the user is logging in as root and root logins are disallowed. */
|
|
||||||
if (pw->pw_uid == 0 && !options.permit_root_login) {
|
|
||||||
if (forced_command)
|
|
||||||
log("Root login accepted for forced command.");
|
|
||||||
else
|
|
||||||
packet_disconnect("ROOT LOGIN REFUSED FROM %.200s",
|
|
||||||
get_canonical_hostname());
|
|
||||||
}
|
|
||||||
/* The user has been authenticated and accepted. */
|
/* The user has been authenticated and accepted. */
|
||||||
#ifdef WITH_AIXAUTHENTICATE
|
#ifdef WITH_AIXAUTHENTICATE
|
||||||
loginsuccess(user,get_canonical_hostname(),"ssh",&loginmsg);
|
loginsuccess(user,get_canonical_hostname(),"ssh",&loginmsg);
|
||||||
|
@ -1525,6 +1517,21 @@ do_authloop(struct passwd * pw)
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Check if the user is logging in as root and root logins
|
||||||
|
* are disallowed.
|
||||||
|
* Note that root login is allowed for forced commands.
|
||||||
|
*/
|
||||||
|
if (authenticated && pw->pw_uid == 0 && !options.permit_root_login) {
|
||||||
|
if (forced_command) {
|
||||||
|
log("Root login accepted for forced command.");
|
||||||
|
} else {
|
||||||
|
authenticated = 0;
|
||||||
|
log("ROOT LOGIN REFUSED FROM %.200s",
|
||||||
|
get_canonical_hostname());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/* Raise logging level */
|
/* Raise logging level */
|
||||||
if (authenticated ||
|
if (authenticated ||
|
||||||
attempt == AUTH_FAIL_LOG ||
|
attempt == AUTH_FAIL_LOG ||
|
||||||
|
|
Loading…
Reference in New Issue