From 2ae18f40a70632eb87eca114980649dae8c476ff Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Fri, 22 Mar 2002 01:24:38 +0000 Subject: [PATCH] - provos@cvs.openbsd.org 2002/03/17 20:25:56 [auth.c auth.h auth1.c auth2.c] getpwnamallow returns struct passwd * only if user valid; okay markus@ --- ChangeLog | 5 ++++- auth.c | 14 +++++++++++++- auth.h | 3 ++- auth1.c | 6 +++--- auth2.c | 6 +++--- 5 files changed, 25 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index d516cd90e..8fc1f1381 100644 --- a/ChangeLog +++ b/ChangeLog @@ -30,6 +30,9 @@ - stevesk@cvs.openbsd.org 2002/03/16 17:41:25 [auth-krb5.c] BSD license. from Daniel Kouril via Dug Song. ok markus@ + - provos@cvs.openbsd.org 2002/03/17 20:25:56 + [auth.c auth.h auth1.c auth2.c] + getpwnamallow returns struct passwd * only if user valid; okay markus@ 20020317 - (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is wanted, @@ -7876,4 +7879,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1933 2002/03/22 01:22:27 mouring Exp $ +$Id: ChangeLog,v 1.1934 2002/03/22 01:24:38 mouring Exp $ diff --git a/auth.c b/auth.c index de004515f..19ef605f4 100644 --- a/auth.c +++ b/auth.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth.c,v 1.36 2002/03/15 11:00:38 itojun Exp $"); +RCSID("$OpenBSD: auth.c,v 1.37 2002/03/17 20:25:56 provos Exp $"); #ifdef HAVE_LOGIN_H #include @@ -439,3 +439,15 @@ secure_filename(FILE *f, const char *file, struct passwd *pw, } return 0; } + +struct passwd * +getpwnamallow(const char *user) +{ + struct passwd *pw; + + pw = getpwnam(user); + if (pw != NULL && !allowed_user(pw)) + pw = NULL; + + return (pw); +} diff --git a/auth.h b/auth.h index 83471a0a6..5f0ed7da4 100644 --- a/auth.h +++ b/auth.h @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.h,v 1.31 2002/03/16 17:22:09 markus Exp $ */ +/* $OpenBSD: auth.h,v 1.32 2002/03/17 20:25:56 provos Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -133,6 +133,7 @@ int auth2_challenge(Authctxt *, char *); void auth2_challenge_stop(Authctxt *); int allowed_user(struct passwd *); +struct passwd * getpwnamallow(const char *user); char *get_challenge(Authctxt *); int verify_response(Authctxt *, const char *); diff --git a/auth1.c b/auth1.c index c2d99895f..013c74188 100644 --- a/auth1.c +++ b/auth1.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth1.c,v 1.35 2002/02/03 17:53:25 markus Exp $"); +RCSID("$OpenBSD: auth1.c,v 1.36 2002/03/17 20:25:56 provos Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -382,8 +382,8 @@ do_authentication(void) authctxt->style = style; /* Verify that the user is a valid user. */ - pw = getpwnam(user); - if (pw && allowed_user(pw)) { + pw = getpwnamallow(user); + if (pw) { authctxt->valid = 1; pw = pwcopy(pw); } else { diff --git a/auth2.c b/auth2.c index f2a801ecc..c5ab08067 100644 --- a/auth2.c +++ b/auth2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2.c,v 1.85 2002/02/24 19:14:59 markus Exp $"); +RCSID("$OpenBSD: auth2.c,v 1.86 2002/03/17 20:25:56 provos Exp $"); #include @@ -184,8 +184,8 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) if (authctxt->attempt++ == 0) { /* setup auth context */ struct passwd *pw = NULL; - pw = getpwnam(user); - if (pw && allowed_user(pw) && strcmp(service, "ssh-connection")==0) { + pw = getpwnamallow(user); + if (pw && strcmp(service, "ssh-connection")==0) { authctxt->pw = pwcopy(pw); authctxt->valid = 1; debug2("input_userauth_request: setting up authctxt for %s", user);