Changeset View
Changeset View
Standalone View
Standalone View
auth2.c
Show First 20 Lines • Show All 270 Lines • ▼ Show 20 Lines | if (auth2_setup_methods_lists(authctxt) != 0) | ||||
strcmp(service, authctxt->service) != 0) { | strcmp(service, authctxt->service) != 0) { | ||||
packet_disconnect("Change of username or service not allowed: " | packet_disconnect("Change of username or service not allowed: " | ||||
"(%s,%s) -> (%s,%s)", | "(%s,%s) -> (%s,%s)", | ||||
authctxt->user, authctxt->service, user, service); | authctxt->user, authctxt->service, user, service); | ||||
} | } | ||||
#ifdef HAVE_LOGIN_CAP | #ifdef HAVE_LOGIN_CAP | ||||
if (authctxt->pw != NULL && | if (authctxt->pw != NULL && | ||||
(lc = login_getpwclass(authctxt->pw)) != NULL) { | (lc = PRIVSEP(login_getpwclass(authctxt->pw))) != NULL) { | ||||
logit("user %s login class %s", authctxt->pw->pw_name, | logit("user %s login class %s", authctxt->pw->pw_name, | ||||
authctxt->pw->pw_class); | authctxt->pw->pw_class); | ||||
from_host = auth_get_canonical_hostname(ssh, options.use_dns); | from_host = auth_get_canonical_hostname(ssh, options.use_dns); | ||||
from_ip = ssh_remote_ipaddr(ssh); | from_ip = ssh_remote_ipaddr(ssh); | ||||
if (!auth_hostok(lc, from_host, from_ip)) { | if (!auth_hostok(lc, from_host, from_ip)) { | ||||
logit("Denied connection for %.200s from %.200s [%.200s].", | logit("Denied connection for %.200s from %.200s [%.200s].", | ||||
authctxt->pw->pw_name, from_host, from_ip); | authctxt->pw->pw_name, from_host, from_ip); | ||||
packet_disconnect("Sorry, you are not allowed to connect."); | packet_disconnect("Sorry, you are not allowed to connect."); | ||||
} | } | ||||
if (!auth_timeok(lc, time(NULL))) { | if (!auth_timeok(lc, time(NULL))) { | ||||
logit("LOGIN %.200s REFUSED (TIME) FROM %.200s", | logit("LOGIN %.200s REFUSED (TIME) FROM %.200s", | ||||
authctxt->pw->pw_name, from_host); | authctxt->pw->pw_name, from_host); | ||||
packet_disconnect("Logins not available right now."); | packet_disconnect("Logins not available right now."); | ||||
} | } | ||||
login_close(lc); | PRIVSEP(login_close(lc)); | ||||
cem: I don't think it is valid to `login_close()` our PRIVSEP-allocated `login_cap_t*`.
FreeBSD… | |||||
Not Done Inline ActionsI see FreeBSD login_close() tries to free globally allocated memory and file descriptor. I will make mm_login_close() that frees just allocated memory by mm_login_getpwclass(). naito.yuichiro_gmail.com: I see FreeBSD `login_close()` tries to free globally allocated memory and file descriptor. I… | |||||
} | } | ||||
#endif /* HAVE_LOGIN_CAP */ | #endif /* HAVE_LOGIN_CAP */ | ||||
/* reset state */ | /* reset state */ | ||||
auth2_challenge_stop(ssh); | auth2_challenge_stop(ssh); | ||||
#ifdef GSSAPI | #ifdef GSSAPI | ||||
/* XXX move to auth2_gssapi_stop() */ | /* XXX move to auth2_gssapi_stop() */ | ||||
▲ Show 20 Lines • Show All 475 Lines • Show Last 20 Lines |
I don't think it is valid to login_close() our PRIVSEP-allocated login_cap_t*.
FreeBSD login_close() function does not only free the strings and struct. (And even if it only did that, the fact that it may change means we must not use it for the privsep-allocated login_cap_t anyway.)