summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog6
-rw-r--r--auth.c25
2 files changed, 19 insertions, 12 deletions
diff --git a/ChangeLog b/ChangeLog
index f33f2c242..fa31ec3ac 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,10 @@
5 Warn in advance for password and account expiry; initialize loginmsg 5 Warn in advance for password and account expiry; initialize loginmsg
6 buffer earlier and clear it after privsep fork. ok and help dtucker@ 6 buffer earlier and clear it after privsep fork. ok and help dtucker@
7 markus@ 7 markus@
8 - dtucker@cvs.openbsd.org 2005/01/22 08:17:59
9 [auth.c]
10 Log source of connections denied by AllowUsers, DenyUsers, AllowGroups and
11 DenyGroups. bz #909, ok djm@
8 12
920050120 1320050120
10 - (dtucker) OpenBSD CVS Sync 14 - (dtucker) OpenBSD CVS Sync
@@ -2023,4 +2027,4 @@
2023 - (djm) Trim deprecated options from INSTALL. Mention UsePAM 2027 - (djm) Trim deprecated options from INSTALL. Mention UsePAM
2024 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu 2028 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
2025 2029
2026$Id: ChangeLog,v 1.3621 2005/01/24 10:55:49 dtucker Exp $ 2030$Id: ChangeLog,v 1.3622 2005/01/24 10:56:48 dtucker Exp $
diff --git a/auth.c b/auth.c
index 0956b0b19..4698e3990 100644
--- a/auth.c
+++ b/auth.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: auth.c,v 1.56 2004/07/28 09:40:29 markus Exp $"); 26RCSID("$OpenBSD: auth.c,v 1.57 2005/01/22 08:17:59 dtucker Exp $");
27 27
28#ifdef HAVE_LOGIN_H 28#ifdef HAVE_LOGIN_H
29#include <login.h> 29#include <login.h>
@@ -153,8 +153,9 @@ allowed_user(struct passwd * pw)
153 for (i = 0; i < options.num_deny_users; i++) 153 for (i = 0; i < options.num_deny_users; i++)
154 if (match_user(pw->pw_name, hostname, ipaddr, 154 if (match_user(pw->pw_name, hostname, ipaddr,
155 options.deny_users[i])) { 155 options.deny_users[i])) {
156 logit("User %.100s not allowed because listed in DenyUsers", 156 logit("User %.100s from %.100s not allowed "
157 pw->pw_name); 157 "because listed in DenyUsers",
158 pw->pw_name, hostname);
158 return 0; 159 return 0;
159 } 160 }
160 } 161 }
@@ -166,16 +167,16 @@ allowed_user(struct passwd * pw)
166 break; 167 break;
167 /* i < options.num_allow_users iff we break for loop */ 168 /* i < options.num_allow_users iff we break for loop */
168 if (i >= options.num_allow_users) { 169 if (i >= options.num_allow_users) {
169 logit("User %.100s not allowed because not listed in AllowUsers", 170 logit("User %.100s from %.100s not allowed because "
170 pw->pw_name); 171 "not listed in AllowUsers", pw->pw_name, hostname);
171 return 0; 172 return 0;
172 } 173 }
173 } 174 }
174 if (options.num_deny_groups > 0 || options.num_allow_groups > 0) { 175 if (options.num_deny_groups > 0 || options.num_allow_groups > 0) {
175 /* Get the user's group access list (primary and supplementary) */ 176 /* Get the user's group access list (primary and supplementary) */
176 if (ga_init(pw->pw_name, pw->pw_gid) == 0) { 177 if (ga_init(pw->pw_name, pw->pw_gid) == 0) {
177 logit("User %.100s not allowed because not in any group", 178 logit("User %.100s from %.100s not allowed because "
178 pw->pw_name); 179 "not in any group", pw->pw_name, hostname);
179 return 0; 180 return 0;
180 } 181 }
181 182
@@ -184,8 +185,9 @@ allowed_user(struct passwd * pw)
184 if (ga_match(options.deny_groups, 185 if (ga_match(options.deny_groups,
185 options.num_deny_groups)) { 186 options.num_deny_groups)) {
186 ga_free(); 187 ga_free();
187 logit("User %.100s not allowed because a group is listed in DenyGroups", 188 logit("User %.100s from %.100s not allowed "
188 pw->pw_name); 189 "because a group is listed in DenyGroups",
190 pw->pw_name, hostname);
189 return 0; 191 return 0;
190 } 192 }
191 /* 193 /*
@@ -196,8 +198,9 @@ allowed_user(struct passwd * pw)
196 if (!ga_match(options.allow_groups, 198 if (!ga_match(options.allow_groups,
197 options.num_allow_groups)) { 199 options.num_allow_groups)) {
198 ga_free(); 200 ga_free();
199 logit("User %.100s not allowed because none of user's groups are listed in AllowGroups", 201 logit("User %.100s from %.100s not allowed "
200 pw->pw_name); 202 "because none of user's groups are listed "
203 "in AllowGroups", pw->pw_name, hostname);
201 return 0; 204 return 0;
202 } 205 }
203 ga_free(); 206 ga_free();