- markus@cvs.openbsd.org 2002/08/22 21:33:58

[auth1.c auth2.c]
     auth_root_allowed() is handled by the monitor in the privsep case,
     so skip this for use_privsep, ok stevesk@, fixes bugzilla #387/325

ChangeLog

@@ -23,6 +23,10 @@
    - stevesk@cvs.openbsd.org 2002/08/22 20:57:19
      [ssh-agent.c]
      shutdown(SHUT_RDWR) not needed before close here; ok markus@
+   - markus@cvs.openbsd.org 2002/08/22 21:33:58
+     [auth1.c auth2.c]
+     auth_root_allowed() is handled by the monitor in the privsep case,
+     so skip this for use_privsep, ok stevesk@, fixes bugzilla #387/325
 
 20020820
  - OpenBSD CVS Sync
@@ -1564,4 +1568,4 @@
  - (stevesk) entropy.c: typo in debug message
  - (djm) ssh-keygen -i needs seeded RNG; report from markus@
 
-$Id: ChangeLog,v 1.2433 2002/09/04 06:33:31 djm Exp $
+$Id: ChangeLog,v 1.2434 2002/09/04 06:37:26 djm Exp $

auth1.c

@@ -10,7 +10,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.41 2002/06/19 00:27:55 deraadt Exp $");
+RCSID("$OpenBSD: auth1.c,v 1.42 2002/08/22 21:33:58 markus Exp $");
 
 #include "xmalloc.h"
 #include "rsa.h"
@@ -301,7 +301,8 @@ do_authloop(Authctxt *authctxt)
 		}
 #else
 		/* Special handling for root */
-		if (authenticated && authctxt->pw->pw_uid == 0 &&
+		if (!use_privsep &&
+		    authenticated && authctxt->pw->pw_uid == 0 &&
 		    !auth_root_allowed(get_authname(type)))
 			authenticated = 0;
 #endif

auth2.c

@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.94 2002/06/30 21:54:16 deraadt Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.95 2002/08/22 21:33:58 markus Exp $");
 
 #include "ssh2.h"
 #include "xmalloc.h"
@@ -205,7 +205,8 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
 		    authctxt->user);
 
 	/* Special handling for root */
-	if (authenticated && authctxt->pw->pw_uid == 0 &&
+	if (!use_privsep &&
+	    authenticated && authctxt->pw->pw_uid == 0 &&
 	    !auth_root_allowed(method))
 		authenticated = 0;