diff options
| author | Ben Lindstrom <mouring@eviladmin.org> | 2002-03-05 01:42:42 +0000 |
|---|---|---|
| committer | Ben Lindstrom <mouring@eviladmin.org> | 2002-03-05 01:42:42 +0000 |
| commit | 3fb5d00ffdaa93a99466858c667e2721cd2b39cb (patch) | |
| tree | 403c6c6f634eb64f16624c1946a56cd70572ff7b /auth.c | |
| parent | 6ef9ec6b6ba6d52a16a4e63a75b042f321bcb6fa (diff) | |
- markus@cvs.openbsd.org 2002/03/01 13:12:10
[auth.c match.c match.h]
undo the 'delay hostname lookup' change
match.c must not use compress.c (via canonhost.c/packet.c)
thanks to wilfried@
Diffstat (limited to 'auth.c')
| -rw-r--r-- | auth.c | 12 |
1 files changed, 9 insertions, 3 deletions
| @@ -23,7 +23,7 @@ | |||
| 23 | */ | 23 | */ |
| 24 | 24 | ||
| 25 | #include "includes.h" | 25 | #include "includes.h" |
| 26 | RCSID("$OpenBSD: auth.c,v 1.34 2002/02/28 20:56:00 stevesk Exp $"); | 26 | RCSID("$OpenBSD: auth.c,v 1.35 2002/03/01 13:12:10 markus Exp $"); |
| 27 | 27 | ||
| 28 | #ifdef HAVE_LOGIN_H | 28 | #ifdef HAVE_LOGIN_H |
| 29 | #include <login.h> | 29 | #include <login.h> |
| @@ -65,6 +65,7 @@ int | |||
| 65 | allowed_user(struct passwd * pw) | 65 | allowed_user(struct passwd * pw) |
| 66 | { | 66 | { |
| 67 | struct stat st; | 67 | struct stat st; |
| 68 | const char *hostname = NULL, *ipaddr = NULL; | ||
| 68 | char *shell; | 69 | char *shell; |
| 69 | int i; | 70 | int i; |
| 70 | #ifdef WITH_AIXAUTHENTICATE | 71 | #ifdef WITH_AIXAUTHENTICATE |
| @@ -115,10 +116,15 @@ allowed_user(struct passwd * pw) | |||
| 115 | return 0; | 116 | return 0; |
| 116 | } | 117 | } |
| 117 | 118 | ||
| 119 | if (options.num_deny_users > 0 || options.num_allow_users > 0) { | ||
| 120 | hostname = get_canonical_hostname(options.verify_reverse_mapping); | ||
| 121 | ipaddr = get_remote_ipaddr(); | ||
| 122 | } | ||
| 123 | |||
| 118 | /* Return false if user is listed in DenyUsers */ | 124 | /* Return false if user is listed in DenyUsers */ |
| 119 | if (options.num_deny_users > 0) { | 125 | if (options.num_deny_users > 0) { |
| 120 | for (i = 0; i < options.num_deny_users; i++) | 126 | for (i = 0; i < options.num_deny_users; i++) |
| 121 | if (match_user(pw->pw_name, options.verify_reverse_mapping, | 127 | if (match_user(pw->pw_name, hostname, ipaddr, |
| 122 | options.deny_users[i])) { | 128 | options.deny_users[i])) { |
| 123 | log("User %.100s not allowed because listed in DenyUsers", | 129 | log("User %.100s not allowed because listed in DenyUsers", |
| 124 | pw->pw_name); | 130 | pw->pw_name); |
| @@ -128,7 +134,7 @@ allowed_user(struct passwd * pw) | |||
| 128 | /* Return false if AllowUsers isn't empty and user isn't listed there */ | 134 | /* Return false if AllowUsers isn't empty and user isn't listed there */ |
| 129 | if (options.num_allow_users > 0) { | 135 | if (options.num_allow_users > 0) { |
| 130 | for (i = 0; i < options.num_allow_users; i++) | 136 | for (i = 0; i < options.num_allow_users; i++) |
| 131 | if (match_user(pw->pw_name, options.verify_reverse_mapping, | 137 | if (match_user(pw->pw_name, hostname, ipaddr, |
| 132 | options.allow_users[i])) | 138 | options.allow_users[i])) |
| 133 | break; | 139 | break; |
| 134 | /* i < options.num_allow_users iff we break for loop */ | 140 | /* i < options.num_allow_users iff we break for loop */ |