search for: login_getcapstr

...nnect("ROOT LOGIN REFUSED FROM %.200s", get_canonical_hostname()); } + +#ifdef LOGIN_CAP + lc = login_getpwclass(pw); + if (lc == NULL) + lc = login_getclassbyname(NULL, pw); + from_host = get_canonical_hostname(); + from_ip = get_remote_ipaddr(); + + denied = 0; + if ((hosts = login_getcapstr(lc, "host.deny", NULL, NULL)) != NULL) { + denied = match_hostname(from_host, hosts, strlen(hosts)); + if (!denied) + denied = match_hostname(from_ip, hosts, strlen(hosts)); + } + if (!denied && + (hosts = login_getcapstr(lc, "host.allow", NULL, NULL)) != NULL) {...

...ctory %s", user_dir); + + pw->pw_dir = new_root; + break; + } + new_root += 2; + } +# endif /* CHROOT */ + if (setgid(pw->pw_gid) < 0) { perror("setgid"); exit(1); @@ -1122,7 +1148,6 @@ #ifdef HAVE_LOGIN_CAP shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell); #endif - #ifdef AFS /* Try to get AFS tokens for the local cell. */ if (k_hasafs()) { -------------- next part -------------- diff -u openssh-2.3.0p1/acconfig.h openssh-2.3.0p1-chroot/acconfig.h --- openssh-2.3.0p1/acconfig.h Wed Oct 18 14...

nuqneH, I've tried using TIS authsrv authentication via bsd auth and found it quite limited. The most important restriction it does not log ip and fqdn of the remote peer, nor the application name, to the authentication server. It does not matter much for TIS authsrv, but since other applications do provide such information, our authsrv version uses it for extra authentication restrictions.

...session(pw->pw_name, s->tty); > + do_pam_setcred(); > +#endif /* USE_PAM */ > + > /* Fork the child. */ > if ((pid = fork()) == 0) { > /* Child. Reinitialize the log because the pid has changed. */ > @@ -1142,11 +1151,6 @@ > #ifdef HAVE_LOGIN_CAP > shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell); > #endif > - > -#ifdef USE_PAM > - do_pam_session(pw->pw_name, ttyname); > - do_pam_setcred(); > -#endif /* USE_PAM */ > > #ifdef AFS > /* Try to get AFS tokens for the local cell. */ > > >

...env(s, shell); + + /* + * The shell specifed in login class overrides the shell in passwd, + * but, according to the login.conf(5), the SHELL env variable must + * contain the value from passwd, so we do this *after* setting up + * child's environment. + */ #ifdef HAVE_LOGIN_CAP shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell); #endif - - env = do_setup_env(s, shell); /* we have to stash the hostname before we close our socket. */ if (options.use_login) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the...

..._login = 0; -#if !defined(HAVE_OSF_SIA) +#ifndef _CRAY +# if !defined(HAVE_OSF_SIA) if (!options.use_login) { -# ifdef HAVE_LOGIN_CAP +# ifdef HAVE_LOGIN_CAP if (!login_getcapbool(lc, "ignorenologin", 0) && pw->pw_uid) f = fopen(login_getcapstr(lc, "nologin", _PATH_NOLOGIN, _PATH_NOLOGIN), "r"); -# else /* HAVE_LOGIN_CAP */ +# else /* HAVE_LOGIN_CAP */ if (pw->pw_uid) f = fopen(_PATH_NOLOGIN, "r"); -# endif /* HAVE_LOGIN_CAP */ +# endif...

...195,12 @@ * Get the shell from the password data. An empty shell field is * legal, and means /bin/sh. */ + if(forced_shell != NULL) { + shell = forced_shell; + } + else { shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell; + } #ifdef HAVE_LOGIN_CAP shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell); #endif -------------- next part -------------- #!/usr/bin/perl # Changes root to APPROOT as current user and runs given command or bash # -Don Mahurin my(@command) = @ARGV; if(@command) { if ($command[0] =~ m:^-:) { unshift(@command,"b...

hi, the man page for sshd(1) says about /etc/nologin: "The file should be world-readable". However, nologin has no effect if it's not readable by the connecting user: if (pw->pw_uid) f = fopen(_PATH_NOLOGIN, "r"); if (f) { /* /etc/nologin exists. Print its contents and exit. */ ... ... return(254) if root has a

...string = ctime(&last_login_time); if (strchr(time_string, '\n')) *************** *** 760,765 **** --- 796,803 ---- else printf("Last login: %s from %s\r\n", time_string, hostname); } + #endif + if (options.print_motd) { #ifdef HAVE_LOGIN_CAP f = fopen(login_getcapstr(lc, "welcome", "/etc/motd",

...USE_PAM @@ -758,6 +754,19 @@ else printf("Last login: %s from %s\r\n", time_string, hostname); } + + do_motd(); +} + +/* + * Display the message of the day. + */ +void +do_motd(void) +{ + FILE *f; + char buf[256]; + if (options.print_motd) { #ifdef HAVE_LOGIN_CAP f = fopen(login_getcapstr(lc, "welcome", "/etc/motd", @@ -1023,7 +1032,7 @@ if (options.use_login && command != NULL) options.use_login = 0; -#ifndef USE_PAM /* pam_nologin handles this */ +#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA) if (!options.use_login) { # ifdef HAVE_LO...

...ctory %s", user_dir); + + pw->pw_dir = new_root; + break; + } + new_root += 2; + } +# endif /* CHROOT */ + if (setgid(pw->pw_gid) < 0) { perror("setgid"); exit(1); @@ -1024,7 +1048,6 @@ #ifdef HAVE_LOGIN_CAP shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell); #endif - #ifdef AFS /* Try to get AFS tokens for the local cell. */ if (k_hasafs()) { -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 524 bytes Desc: n...