diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2008-06-11 09:34:46 +1000 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2008-06-11 09:34:46 +1000 |
| commit | 896ad5a4e40c48fa9bea71624830cc9cc3ce4fe0 (patch) | |
| tree | aa6eaa6f9ce31379b0843fed78b7487c87e0f7f3 /auth-options.c | |
| parent | 8901fa9c88d52ac1f099e7a3ce5bd75089e7e731 (diff) | |
- djm@cvs.openbsd.org 2008/06/10 23:06:19
[auth-options.c match.c servconf.c addrmatch.c sshd.8]
support CIDR address matching in .ssh/authorized_keys from="..." stanzas
ok and extensive testing dtucker@
Diffstat (limited to 'auth-options.c')
| -rw-r--r-- | auth-options.c | 25 |
1 files changed, 17 insertions, 8 deletions
diff --git a/auth-options.c b/auth-options.c index 3a6c3c0f3..25361455e 100644 --- a/auth-options.c +++ b/auth-options.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: auth-options.c,v 1.42 2008/05/08 12:02:23 djm Exp $ */ | 1 | /* $OpenBSD: auth-options.c,v 1.43 2008/06/10 23:06:19 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -226,8 +226,19 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
| 226 | } | 226 | } |
| 227 | patterns[i] = '\0'; | 227 | patterns[i] = '\0'; |
| 228 | opts++; | 228 | opts++; |
| 229 | if (match_host_and_ip(remote_host, remote_ip, | 229 | switch (match_host_and_ip(remote_host, remote_ip, |
| 230 | patterns) != 1) { | 230 | patterns)) { |
| 231 | case 1: | ||
| 232 | xfree(patterns); | ||
| 233 | /* Host name matches. */ | ||
| 234 | goto next_option; | ||
| 235 | case -1: | ||
| 236 | debug("%.100s, line %lu: invalid criteria", | ||
| 237 | file, linenum); | ||
| 238 | auth_debug_add("%.100s, line %lu: " | ||
| 239 | "invalid criteria", file, linenum); | ||
| 240 | /* FALLTHROUGH */ | ||
| 241 | case 0: | ||
| 231 | xfree(patterns); | 242 | xfree(patterns); |
| 232 | logit("Authentication tried for %.100s with " | 243 | logit("Authentication tried for %.100s with " |
| 233 | "correct key but not from a permitted " | 244 | "correct key but not from a permitted " |
| @@ -236,12 +247,10 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
| 236 | auth_debug_add("Your host '%.200s' is not " | 247 | auth_debug_add("Your host '%.200s' is not " |
| 237 | "permitted to use this key for login.", | 248 | "permitted to use this key for login.", |
| 238 | remote_host); | 249 | remote_host); |
| 239 | /* deny access */ | 250 | break; |
| 240 | return 0; | ||
| 241 | } | 251 | } |
| 242 | xfree(patterns); | 252 | /* deny access */ |
| 243 | /* Host name matches. */ | 253 | return 0; |
| 244 | goto next_option; | ||
| 245 | } | 254 | } |
| 246 | cp = "permitopen=\""; | 255 | cp = "permitopen=\""; |
| 247 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { | 256 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { |