diff options
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | auth.c | 12 | ||||
-rw-r--r-- | match.c | 9 | ||||
-rw-r--r-- | match.h | 4 |
4 files changed, 20 insertions, 12 deletions
@@ -33,6 +33,11 @@ | |||
33 | - stevesk@cvs.openbsd.org 2002/02/28 20:56:00 | 33 | - stevesk@cvs.openbsd.org 2002/02/28 20:56:00 |
34 | [auth.c] | 34 | [auth.c] |
35 | log user not allowed details, from dwd@bell-labs.com; ok markus@ | 35 | log user not allowed details, from dwd@bell-labs.com; ok markus@ |
36 | - markus@cvs.openbsd.org 2002/03/01 13:12:10 | ||
37 | [auth.c match.c match.h] | ||
38 | undo the 'delay hostname lookup' change | ||
39 | match.c must not use compress.c (via canonhost.c/packet.c) | ||
40 | thanks to wilfried@ | ||
36 | 41 | ||
37 | 20020226 | 42 | 20020226 |
38 | - (tim) Bug 12 [configure.ac] add sys/bitypes.h to int64_t tests | 43 | - (tim) Bug 12 [configure.ac] add sys/bitypes.h to int64_t tests |
@@ -7764,4 +7769,4 @@ | |||
7764 | - Wrote replacements for strlcpy and mkdtemp | 7769 | - Wrote replacements for strlcpy and mkdtemp |
7765 | - Released 1.0pre1 | 7770 | - Released 1.0pre1 |
7766 | 7771 | ||
7767 | $Id: ChangeLog,v 1.1900 2002/03/05 01:40:37 mouring Exp $ | 7772 | $Id: ChangeLog,v 1.1901 2002/03/05 01:42:42 mouring Exp $ |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: auth.c,v 1.34 2002/02/28 20:56:00 stevesk Exp $"); | 26 | RCSID("$OpenBSD: auth.c,v 1.35 2002/03/01 13:12:10 markus Exp $"); |
27 | 27 | ||
28 | #ifdef HAVE_LOGIN_H | 28 | #ifdef HAVE_LOGIN_H |
29 | #include <login.h> | 29 | #include <login.h> |
@@ -65,6 +65,7 @@ int | |||
65 | allowed_user(struct passwd * pw) | 65 | allowed_user(struct passwd * pw) |
66 | { | 66 | { |
67 | struct stat st; | 67 | struct stat st; |
68 | const char *hostname = NULL, *ipaddr = NULL; | ||
68 | char *shell; | 69 | char *shell; |
69 | int i; | 70 | int i; |
70 | #ifdef WITH_AIXAUTHENTICATE | 71 | #ifdef WITH_AIXAUTHENTICATE |
@@ -115,10 +116,15 @@ allowed_user(struct passwd * pw) | |||
115 | return 0; | 116 | return 0; |
116 | } | 117 | } |
117 | 118 | ||
119 | if (options.num_deny_users > 0 || options.num_allow_users > 0) { | ||
120 | hostname = get_canonical_hostname(options.verify_reverse_mapping); | ||
121 | ipaddr = get_remote_ipaddr(); | ||
122 | } | ||
123 | |||
118 | /* Return false if user is listed in DenyUsers */ | 124 | /* Return false if user is listed in DenyUsers */ |
119 | if (options.num_deny_users > 0) { | 125 | if (options.num_deny_users > 0) { |
120 | for (i = 0; i < options.num_deny_users; i++) | 126 | for (i = 0; i < options.num_deny_users; i++) |
121 | if (match_user(pw->pw_name, options.verify_reverse_mapping, | 127 | if (match_user(pw->pw_name, hostname, ipaddr, |
122 | options.deny_users[i])) { | 128 | options.deny_users[i])) { |
123 | log("User %.100s not allowed because listed in DenyUsers", | 129 | log("User %.100s not allowed because listed in DenyUsers", |
124 | pw->pw_name); | 130 | pw->pw_name); |
@@ -128,7 +134,7 @@ allowed_user(struct passwd * pw) | |||
128 | /* Return false if AllowUsers isn't empty and user isn't listed there */ | 134 | /* Return false if AllowUsers isn't empty and user isn't listed there */ |
129 | if (options.num_allow_users > 0) { | 135 | if (options.num_allow_users > 0) { |
130 | for (i = 0; i < options.num_allow_users; i++) | 136 | for (i = 0; i < options.num_allow_users; i++) |
131 | if (match_user(pw->pw_name, options.verify_reverse_mapping, | 137 | if (match_user(pw->pw_name, hostname, ipaddr, |
132 | options.allow_users[i])) | 138 | options.allow_users[i])) |
133 | break; | 139 | break; |
134 | /* i < options.num_allow_users iff we break for loop */ | 140 | /* i < options.num_allow_users iff we break for loop */ |
@@ -35,10 +35,9 @@ | |||
35 | */ | 35 | */ |
36 | 36 | ||
37 | #include "includes.h" | 37 | #include "includes.h" |
38 | RCSID("$OpenBSD: match.c,v 1.18 2002/02/28 19:36:28 stevesk Exp $"); | 38 | RCSID("$OpenBSD: match.c,v 1.19 2002/03/01 13:12:10 markus Exp $"); |
39 | 39 | ||
40 | #include "match.h" | 40 | #include "match.h" |
41 | #include "canohost.h" | ||
42 | #include "xmalloc.h" | 41 | #include "xmalloc.h" |
43 | 42 | ||
44 | /* | 43 | /* |
@@ -203,7 +202,7 @@ match_host_and_ip(const char *host, const char *ipaddr, | |||
203 | * match user, user@host_or_ip, user@host_or_ip_list against pattern | 202 | * match user, user@host_or_ip, user@host_or_ip_list against pattern |
204 | */ | 203 | */ |
205 | int | 204 | int |
206 | match_user(const char *user, int verify_reverse_mapping, | 205 | match_user(const char *user, const char *host, const char *ipaddr, |
207 | const char *pattern) | 206 | const char *pattern) |
208 | { | 207 | { |
209 | char *p, *pat; | 208 | char *p, *pat; |
@@ -217,9 +216,7 @@ match_user(const char *user, int verify_reverse_mapping, | |||
217 | *p++ = '\0'; | 216 | *p++ = '\0'; |
218 | 217 | ||
219 | if ((ret = match_pattern(user, pat)) == 1) | 218 | if ((ret = match_pattern(user, pat)) == 1) |
220 | ret = match_host_and_ip( | 219 | ret = match_host_and_ip(host, ipaddr, p); |
221 | get_canonical_hostname(verify_reverse_mapping), | ||
222 | get_remote_ipaddr(), p); | ||
223 | xfree(pat); | 220 | xfree(pat); |
224 | 221 | ||
225 | return ret; | 222 | return ret; |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: match.h,v 1.11 2002/02/28 19:36:28 stevesk Exp $ */ | 1 | /* $OpenBSD: match.h,v 1.12 2002/03/01 13:12:10 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -18,7 +18,7 @@ int match_pattern(const char *, const char *); | |||
18 | int match_pattern_list(const char *, const char *, u_int, int); | 18 | int match_pattern_list(const char *, const char *, u_int, int); |
19 | int match_hostname(const char *, const char *, u_int); | 19 | int match_hostname(const char *, const char *, u_int); |
20 | int match_host_and_ip(const char *, const char *, const char *); | 20 | int match_host_and_ip(const char *, const char *, const char *); |
21 | int match_user(const char *, int, const char *); | 21 | int match_user(const char *, const char *, const char *, const char *); |
22 | char *match_list(const char *, const char *, u_int *); | 22 | char *match_list(const char *, const char *, u_int *); |
23 | 23 | ||
24 | #endif | 24 | #endif |