diff options
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | auth.c | 25 |
2 files changed, 19 insertions, 12 deletions
@@ -5,6 +5,10 @@ | |||
5 | Warn in advance for password and account expiry; initialize loginmsg | 5 | Warn in advance for password and account expiry; initialize loginmsg |
6 | buffer earlier and clear it after privsep fork. ok and help dtucker@ | 6 | buffer earlier and clear it after privsep fork. ok and help dtucker@ |
7 | markus@ | 7 | markus@ |
8 | - dtucker@cvs.openbsd.org 2005/01/22 08:17:59 | ||
9 | [auth.c] | ||
10 | Log source of connections denied by AllowUsers, DenyUsers, AllowGroups and | ||
11 | DenyGroups. bz #909, ok djm@ | ||
8 | 12 | ||
9 | 20050120 | 13 | 20050120 |
10 | - (dtucker) OpenBSD CVS Sync | 14 | - (dtucker) OpenBSD CVS Sync |
@@ -2023,4 +2027,4 @@ | |||
2023 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 2027 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
2024 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 2028 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
2025 | 2029 | ||
2026 | $Id: ChangeLog,v 1.3621 2005/01/24 10:55:49 dtucker Exp $ | 2030 | $Id: ChangeLog,v 1.3622 2005/01/24 10:56:48 dtucker Exp $ |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: auth.c,v 1.56 2004/07/28 09:40:29 markus Exp $"); | 26 | RCSID("$OpenBSD: auth.c,v 1.57 2005/01/22 08:17:59 dtucker Exp $"); |
27 | 27 | ||
28 | #ifdef HAVE_LOGIN_H | 28 | #ifdef HAVE_LOGIN_H |
29 | #include <login.h> | 29 | #include <login.h> |
@@ -153,8 +153,9 @@ allowed_user(struct passwd * pw) | |||
153 | for (i = 0; i < options.num_deny_users; i++) | 153 | for (i = 0; i < options.num_deny_users; i++) |
154 | if (match_user(pw->pw_name, hostname, ipaddr, | 154 | if (match_user(pw->pw_name, hostname, ipaddr, |
155 | options.deny_users[i])) { | 155 | options.deny_users[i])) { |
156 | logit("User %.100s not allowed because listed in DenyUsers", | 156 | logit("User %.100s from %.100s not allowed " |
157 | pw->pw_name); | 157 | "because listed in DenyUsers", |
158 | pw->pw_name, hostname); | ||
158 | return 0; | 159 | return 0; |
159 | } | 160 | } |
160 | } | 161 | } |
@@ -166,16 +167,16 @@ allowed_user(struct passwd * pw) | |||
166 | break; | 167 | break; |
167 | /* i < options.num_allow_users iff we break for loop */ | 168 | /* i < options.num_allow_users iff we break for loop */ |
168 | if (i >= options.num_allow_users) { | 169 | if (i >= options.num_allow_users) { |
169 | logit("User %.100s not allowed because not listed in AllowUsers", | 170 | logit("User %.100s from %.100s not allowed because " |
170 | pw->pw_name); | 171 | "not listed in AllowUsers", pw->pw_name, hostname); |
171 | return 0; | 172 | return 0; |
172 | } | 173 | } |
173 | } | 174 | } |
174 | if (options.num_deny_groups > 0 || options.num_allow_groups > 0) { | 175 | if (options.num_deny_groups > 0 || options.num_allow_groups > 0) { |
175 | /* Get the user's group access list (primary and supplementary) */ | 176 | /* Get the user's group access list (primary and supplementary) */ |
176 | if (ga_init(pw->pw_name, pw->pw_gid) == 0) { | 177 | if (ga_init(pw->pw_name, pw->pw_gid) == 0) { |
177 | logit("User %.100s not allowed because not in any group", | 178 | logit("User %.100s from %.100s not allowed because " |
178 | pw->pw_name); | 179 | "not in any group", pw->pw_name, hostname); |
179 | return 0; | 180 | return 0; |
180 | } | 181 | } |
181 | 182 | ||
@@ -184,8 +185,9 @@ allowed_user(struct passwd * pw) | |||
184 | if (ga_match(options.deny_groups, | 185 | if (ga_match(options.deny_groups, |
185 | options.num_deny_groups)) { | 186 | options.num_deny_groups)) { |
186 | ga_free(); | 187 | ga_free(); |
187 | logit("User %.100s not allowed because a group is listed in DenyGroups", | 188 | logit("User %.100s from %.100s not allowed " |
188 | pw->pw_name); | 189 | "because a group is listed in DenyGroups", |
190 | pw->pw_name, hostname); | ||
189 | return 0; | 191 | return 0; |
190 | } | 192 | } |
191 | /* | 193 | /* |
@@ -196,8 +198,9 @@ allowed_user(struct passwd * pw) | |||
196 | if (!ga_match(options.allow_groups, | 198 | if (!ga_match(options.allow_groups, |
197 | options.num_allow_groups)) { | 199 | options.num_allow_groups)) { |
198 | ga_free(); | 200 | ga_free(); |
199 | logit("User %.100s not allowed because none of user's groups are listed in AllowGroups", | 201 | logit("User %.100s from %.100s not allowed " |
200 | pw->pw_name); | 202 | "because none of user's groups are listed " |
203 | "in AllowGroups", pw->pw_name, hostname); | ||
201 | return 0; | 204 | return 0; |
202 | } | 205 | } |
203 | ga_free(); | 206 | ga_free(); |