summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2001-06-25 05:17:53 +0000
committerBen Lindstrom <mouring@eviladmin.org>2001-06-25 05:17:53 +0000
commitf0c50293dddf8b36e9511fdf1c2f3f443800e51c (patch)
treeda67f013d1129a39fab6e528ffb47e7e7cec392a
parent05209451795171b9c851daa3473e4a52745c50d5 (diff)
- markus@cvs.openbsd.org 2001/06/24 05:25:10
[auth-options.c match.c match.h] move ip+hostname check to match.c
-rw-r--r--ChangeLog5
-rw-r--r--auth-options.c19
-rw-r--r--match.c27
-rw-r--r--match.h26
4 files changed, 40 insertions, 37 deletions
diff --git a/ChangeLog b/ChangeLog
index a638c64c2..590ac5873 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -92,6 +92,9 @@
92 [sshconnect1.c] 92 [sshconnect1.c]
93 consistent with ssh2: skip key if empty passphrase is entered, 93 consistent with ssh2: skip key if empty passphrase is entered,
94 retry num_of_passwd_prompt times if passphrase is wrong. ok fgsch@ 94 retry num_of_passwd_prompt times if passphrase is wrong. ok fgsch@
95 - markus@cvs.openbsd.org 2001/06/24 05:25:10
96 [auth-options.c match.c match.h]
97 move ip+hostname check to match.c
95 98
9620010622 9920010622
97 - (stevesk) handle systems without pw_expire and pw_change. 100 - (stevesk) handle systems without pw_expire and pw_change.
@@ -5776,4 +5779,4 @@
5776 - Wrote replacements for strlcpy and mkdtemp 5779 - Wrote replacements for strlcpy and mkdtemp
5777 - Released 1.0pre1 5780 - Released 1.0pre1
5778 5781
5779$Id: ChangeLog,v 1.1319 2001/06/25 05:16:02 mouring Exp $ 5782$Id: ChangeLog,v 1.1320 2001/06/25 05:17:53 mouring Exp $
diff --git a/auth-options.c b/auth-options.c
index 210fbe7ea..83ef02c42 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -10,7 +10,7 @@
10 */ 10 */
11 11
12#include "includes.h" 12#include "includes.h"
13RCSID("$OpenBSD: auth-options.c,v 1.18 2001/05/31 10:30:12 markus Exp $"); 13RCSID("$OpenBSD: auth-options.c,v 1.19 2001/06/24 05:25:09 markus Exp $");
14 14
15#include "packet.h" 15#include "packet.h"
16#include "xmalloc.h" 16#include "xmalloc.h"
@@ -167,7 +167,6 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
167 } 167 }
168 cp = "from=\""; 168 cp = "from=\"";
169 if (strncasecmp(opts, cp, strlen(cp)) == 0) { 169 if (strncasecmp(opts, cp, strlen(cp)) == 0) {
170 int mname, mip;
171 const char *remote_ip = get_remote_ipaddr(); 170 const char *remote_ip = get_remote_ipaddr();
172 const char *remote_host = get_canonical_hostname( 171 const char *remote_host = get_canonical_hostname(
173 options.reverse_mapping_check); 172 options.reverse_mapping_check);
@@ -195,18 +194,9 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
195 } 194 }
196 patterns[i] = 0; 195 patterns[i] = 0;
197 opts++; 196 opts++;
198 /* 197 if (match_host_and_ip(remote_host, remote_ip,
199 * Deny access if we get a negative 198 patterns) != 1) {
200 * match for the hostname or the ip 199 xfree(patterns);
201 * or if we get not match at all
202 */
203 mname = match_hostname(remote_host, patterns,
204 strlen(patterns));
205 mip = match_hostname(remote_ip, patterns,
206 strlen(patterns));
207 xfree(patterns);
208 if (mname == -1 || mip == -1 ||
209 (mname != 1 && mip != 1)) {
210 log("Authentication tried for %.100s with " 200 log("Authentication tried for %.100s with "
211 "correct key but not from a permitted " 201 "correct key but not from a permitted "
212 "host (host=%.200s, ip=%.200s).", 202 "host (host=%.200s, ip=%.200s).",
@@ -217,6 +207,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
217 /* deny access */ 207 /* deny access */
218 return 0; 208 return 0;
219 } 209 }
210 xfree(patterns);
220 /* Host name matches. */ 211 /* Host name matches. */
221 goto next_option; 212 goto next_option;
222 } 213 }
diff --git a/match.c b/match.c
index ebb562ab3..2e2d63092 100644
--- a/match.c
+++ b/match.c
@@ -35,7 +35,7 @@
35 */ 35 */
36 36
37#include "includes.h" 37#include "includes.h"
38RCSID("$OpenBSD: match.c,v 1.12 2001/03/10 17:51:04 markus Exp $"); 38RCSID("$OpenBSD: match.c,v 1.13 2001/06/24 05:25:10 markus Exp $");
39 39
40#include "match.h" 40#include "match.h"
41#include "xmalloc.h" 41#include "xmalloc.h"
@@ -162,7 +162,32 @@ match_hostname(const char *host, const char *pattern, u_int len)
162 return got_positive; 162 return got_positive;
163} 163}
164 164
165/*
166 * returns 0 if we get a negative match for the hostname or the ip
167 * or if we get no match at all. returns 1 otherwise.
168 */
169int
170match_host_and_ip(const char *host, const char *ipaddr,
171 const char *patterns)
172{
173 int mhost, mip;
174
175 /* negative ipaddr match */
176 if ((mip = match_hostname(ipaddr, patterns, strlen(patterns))) == -1)
177 return 0;
178 /* negative hostname match */
179 if ((mhost = match_hostname(host, patterns, strlen(patterns))) == -1)
180 return 0;
181 /* no match at all */
182 if (mhost == 0 && mip == 0)
183 return 0;
184 return 1;
185}
165 186
187/*
188 * Returns first item from client-list that is also supported by server-list,
189 * caller must xfree() returned string.
190 */
166#define MAX_PROP 20 191#define MAX_PROP 20
167#define SEP "," 192#define SEP ","
168char * 193char *
diff --git a/match.h b/match.h
index 09c931168..5faf66819 100644
--- a/match.h
+++ b/match.h
@@ -1,11 +1,9 @@
1/* $OpenBSD: match.h,v 1.7 2001/03/10 17:51:04 markus Exp $ */ 1/* $OpenBSD: match.h,v 1.8 2001/06/24 05:25:10 markus Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
5 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
6 * All rights reserved 6 * All rights reserved
7 * This file contains various auxiliary functions related to multiple
8 * precision integers.
9 * 7 *
10 * As far as I am concerned, the code I have written for this software 8 * As far as I am concerned, the code I have written for this software
11 * can be used freely for any purpose. Any derived versions of this 9 * can be used freely for any purpose. Any derived versions of this
@@ -16,24 +14,10 @@
16#ifndef MATCH_H 14#ifndef MATCH_H
17#define MATCH_H 15#define MATCH_H
18 16
19/* 17int match_pattern(const char *s, const char *pattern);
20 * Returns true if the given string matches the pattern (which may contain ? 18int match_hostname(const char *host, const char *pattern, u_int len);
21 * and * as wildcards), and zero if it does not match. 19int match_host_and_ip(const char *host, const char *ip, const char *p);
22 */ 20int match_user(const char *u, const char *h, const char *i, const char *p);
23int match_pattern(const char *s, const char *pattern);
24
25/*
26 * Tries to match the host name (which must be in all lowercase) against the
27 * comma-separated sequence of subpatterns (each possibly preceded by ! to
28 * indicate negation). Returns -1 if negation matches, 1 if there is
29 * a positive match, 0 if there is no match at all.
30 */
31int match_hostname(const char *host, const char *pattern, u_int len);
32
33/*
34 * Returns first item from client-list that is also supported by server-list,
35 * caller must xfree() returned string.
36 */
37char *match_list(const char *client, const char *server, u_int *next); 21char *match_list(const char *client, const char *server, u_int *next);
38 22
39#endif 23#endif