Repair a broken conflict resolution in r1.2 which had the effect of nullifying

the login_cap and login.access checks for whether a user/host is allowed access to the system for users other than root. But since we currently don't have a similar check in the ssh2 code path anyway, it's um, "okay". Submitted by: gshapiro
2000-09-02 05:40:50 +00:00 · 2000-09-02 05:40:50 +00:00 · 80bbcbe344
commit 80bbcbe344
parent 14ef7e2794
1 changed files with 23 additions and 23 deletions
--- a/crypto/openssh/auth1.c
+++ b/crypto/openssh/auth1.c
@ -449,35 +449,35 @@ do_authloop(struct passwd * pw)
 				log("ROOT LOGIN REFUSED FROM %.200s",
 				    get_canonical_hostname());
 			}
+		}

 #ifdef LOGIN_CAP
-			lc = login_getpwclass(pw);
-			if (lc == NULL)
-			  lc = login_getclassbyname(NULL, pw);
-			if (!auth_hostok(lc, from_host, from_ip)) {
-			  log("Denied connection for %.200s from %.200s [%.200s].",
-			      pw->pw_name, from_host, from_ip);
-			  packet_disconnect("Sorry, you are not allowed to connect.");
-			}
-			if (!auth_timeok(lc, time(NULL))) {
-			  log("LOGIN %.200s REFUSED (TIME) FROM %.200s",
-			      pw->pw_name, from_host);
-			  packet_disconnect("Logins not available right now.");
-			}
-			login_close(lc);
+		lc = login_getpwclass(pw);
+		if (lc == NULL)
+		  lc = login_getclassbyname(NULL, pw);
+		if (!auth_hostok(lc, from_host, from_ip)) {
+		  log("Denied connection for %.200s from %.200s [%.200s].",
+		      pw->pw_name, from_host, from_ip);
+		  packet_disconnect("Sorry, you are not allowed to connect.");
+		}
+		if (!auth_timeok(lc, time(NULL))) {
+		  log("LOGIN %.200s REFUSED (TIME) FROM %.200s",
+		      pw->pw_name, from_host);
+		  packet_disconnect("Logins not available right now.");
+		}
+		login_close(lc);
 #endif  /* LOGIN_CAP */
 #ifdef LOGIN_ACCESS
-			if (!login_access(pw->pw_name, from_host)) {
-			  log("Denied connection for %.200s from %.200s [%.200s].",
-			      pw->pw_name, from_host, from_ip);
-			  packet_disconnect("Sorry, you are not allowed to connect.");
-			}
+		if (!login_access(pw->pw_name, from_host)) {
+		  log("Denied connection for %.200s from %.200s [%.200s].",
+		      pw->pw_name, from_host, from_ip);
+		  packet_disconnect("Sorry, you are not allowed to connect.");
+		}
 #endif /* LOGIN_ACCESS */

-			if (pw->pw_uid == 0)
-			  log("ROOT LOGIN as '%.100s' from %.100s",
-			      pw->pw_name, get_canonical_hostname());
-		}
+		if (pw->pw_uid == 0)
+		  log("ROOT LOGIN as '%.100s' from %.100s",
+		      pw->pw_name, get_canonical_hostname());

 		/* Raise logging level */
 		if (authenticated ||