tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-31 01:35:11 +02:00
Code Issues Packages Projects Releases Wiki Activity

Oops, did not intend to commit this yet

Browse Source
This commit is contained in:
Darren Tucker 2005-01-20 13:29:51 +11:00
parent d231186fd0
commit d5bfa8f9d8
1 changed files with 10 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
auth-pam.c
View File

@ -47,7 +47,7 @@
/* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */
#include "includes.h" #include "includes.h"
RCSID("$Id: auth-pam.c,v 1.120 2005/01/20 02:27:56 dtucker Exp $"); RCSID("$Id: auth-pam.c,v 1.121 2005/01/20 02:29:51 dtucker Exp $");
#ifdef USE_PAM #ifdef USE_PAM
#if defined(HAVE_SECURITY_PAM_APPL_H) #if defined(HAVE_SECURITY_PAM_APPL_H)
@ -245,17 +245,6 @@ sshpam_password_change_required(int reqd)
} }
} }
/* Check ssh internal flags in addition to PAM */
static int
sshpam_login_allowed(Authctxt *ctxt)
{
if (ctxt->valid && (ctxt->pw->pw_uid != 0 ||
options.permit_root_login == PERMIT_YES))
return 1;
return 0;
}
/* Import regular and PAM environment from subprocess */ /* Import regular and PAM environment from subprocess */
static void static void
import_environments(Buffer *b) import_environments(Buffer *b)
@ -713,7 +702,9 @@ sshpam_query(void *ctx, char **name, char **info,
**prompts = NULL; **prompts = NULL;
} }
if (type == PAM_SUCCESS) { if (type == PAM_SUCCESS) {
if (!sshpam_login_allowed(sshpam_authctxt)) if (!sshpam_authctxt->valid ||
(sshpam_authctxt->pw->pw_uid == 0 &&
options.permit_root_login != PERMIT_YES))
fatal("Internal error: PAM auth " fatal("Internal error: PAM auth "
"succeeded when it should have " "succeeded when it should have "
"failed"); "failed");
@ -762,7 +753,9 @@ sshpam_respond(void *ctx, u_int num, char **resp)
return (-1); return (-1);
} }
buffer_init(&buffer); buffer_init(&buffer);
if (sshpam_login_allowed(sshpam_authctxt)) if (sshpam_authctxt->valid &&
(sshpam_authctxt->pw->pw_uid != 0 ||
options.permit_root_login == PERMIT_YES))
buffer_put_cstring(&buffer, *resp); buffer_put_cstring(&buffer, *resp);
else else
buffer_put_cstring(&buffer, badpw); buffer_put_cstring(&buffer, badpw);
@ -1125,7 +1118,8 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password)
* by PermitRootLogin, use an invalid password to prevent leaking * by PermitRootLogin, use an invalid password to prevent leaking
* information via timing (eg if the PAM config has a delay on fail). * information via timing (eg if the PAM config has a delay on fail).
*/ */
if (!sshpam_login_allowed(authctxt)) if (!authctxt->valid || (authctxt->pw->pw_uid == 0 &&
options.permit_root_login != PERMIT_YES))
sshpam_password = badpw; sshpam_password = badpw;
sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
@ -1136,7 +1130,7 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password)
sshpam_err = pam_authenticate(sshpam_handle, flags); sshpam_err = pam_authenticate(sshpam_handle, flags);
sshpam_password = NULL; sshpam_password = NULL;
if (sshpam_err == PAM_SUCCESS && sshpam_login_allowed(authctxt)) { if (sshpam_err == PAM_SUCCESS && authctxt->valid) {
debug("PAM: password authentication accepted for %.100s", debug("PAM: password authentication accepted for %.100s",
authctxt->user); authctxt->user);
return 1; return 1;