summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog7
-rw-r--r--auth.c12
-rw-r--r--match.c9
-rw-r--r--match.h4
4 files changed, 20 insertions, 12 deletions
diff --git a/ChangeLog b/ChangeLog
index 21c719332..21f88610f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -33,6 +33,11 @@
33 - stevesk@cvs.openbsd.org 2002/02/28 20:56:00 33 - stevesk@cvs.openbsd.org 2002/02/28 20:56:00
34 [auth.c] 34 [auth.c]
35 log user not allowed details, from dwd@bell-labs.com; ok markus@ 35 log user not allowed details, from dwd@bell-labs.com; ok markus@
36 - markus@cvs.openbsd.org 2002/03/01 13:12:10
37 [auth.c match.c match.h]
38 undo the 'delay hostname lookup' change
39 match.c must not use compress.c (via canonhost.c/packet.c)
40 thanks to wilfried@
36 41
3720020226 4220020226
38 - (tim) Bug 12 [configure.ac] add sys/bitypes.h to int64_t tests 43 - (tim) Bug 12 [configure.ac] add sys/bitypes.h to int64_t tests
@@ -7764,4 +7769,4 @@
7764 - Wrote replacements for strlcpy and mkdtemp 7769 - Wrote replacements for strlcpy and mkdtemp
7765 - Released 1.0pre1 7770 - Released 1.0pre1
7766 7771
7767$Id: ChangeLog,v 1.1900 2002/03/05 01:40:37 mouring Exp $ 7772$Id: ChangeLog,v 1.1901 2002/03/05 01:42:42 mouring Exp $
diff --git a/auth.c b/auth.c
index a58bf9b74..26dce5b67 100644
--- a/auth.c
+++ b/auth.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: auth.c,v 1.34 2002/02/28 20:56:00 stevesk Exp $"); 26RCSID("$OpenBSD: auth.c,v 1.35 2002/03/01 13:12:10 markus Exp $");
27 27
28#ifdef HAVE_LOGIN_H 28#ifdef HAVE_LOGIN_H
29#include <login.h> 29#include <login.h>
@@ -65,6 +65,7 @@ int
65allowed_user(struct passwd * pw) 65allowed_user(struct passwd * pw)
66{ 66{
67 struct stat st; 67 struct stat st;
68 const char *hostname = NULL, *ipaddr = NULL;
68 char *shell; 69 char *shell;
69 int i; 70 int i;
70#ifdef WITH_AIXAUTHENTICATE 71#ifdef WITH_AIXAUTHENTICATE
@@ -115,10 +116,15 @@ allowed_user(struct passwd * pw)
115 return 0; 116 return 0;
116 } 117 }
117 118
119 if (options.num_deny_users > 0 || options.num_allow_users > 0) {
120 hostname = get_canonical_hostname(options.verify_reverse_mapping);
121 ipaddr = get_remote_ipaddr();
122 }
123
118 /* Return false if user is listed in DenyUsers */ 124 /* Return false if user is listed in DenyUsers */
119 if (options.num_deny_users > 0) { 125 if (options.num_deny_users > 0) {
120 for (i = 0; i < options.num_deny_users; i++) 126 for (i = 0; i < options.num_deny_users; i++)
121 if (match_user(pw->pw_name, options.verify_reverse_mapping, 127 if (match_user(pw->pw_name, hostname, ipaddr,
122 options.deny_users[i])) { 128 options.deny_users[i])) {
123 log("User %.100s not allowed because listed in DenyUsers", 129 log("User %.100s not allowed because listed in DenyUsers",
124 pw->pw_name); 130 pw->pw_name);
@@ -128,7 +134,7 @@ allowed_user(struct passwd * pw)
128 /* Return false if AllowUsers isn't empty and user isn't listed there */ 134 /* Return false if AllowUsers isn't empty and user isn't listed there */
129 if (options.num_allow_users > 0) { 135 if (options.num_allow_users > 0) {
130 for (i = 0; i < options.num_allow_users; i++) 136 for (i = 0; i < options.num_allow_users; i++)
131 if (match_user(pw->pw_name, options.verify_reverse_mapping, 137 if (match_user(pw->pw_name, hostname, ipaddr,
132 options.allow_users[i])) 138 options.allow_users[i]))
133 break; 139 break;
134 /* i < options.num_allow_users iff we break for loop */ 140 /* i < options.num_allow_users iff we break for loop */
diff --git a/match.c b/match.c
index e73ed2aa2..3ddb62730 100644
--- a/match.c
+++ b/match.c
@@ -35,10 +35,9 @@
35 */ 35 */
36 36
37#include "includes.h" 37#include "includes.h"
38RCSID("$OpenBSD: match.c,v 1.18 2002/02/28 19:36:28 stevesk Exp $"); 38RCSID("$OpenBSD: match.c,v 1.19 2002/03/01 13:12:10 markus Exp $");
39 39
40#include "match.h" 40#include "match.h"
41#include "canohost.h"
42#include "xmalloc.h" 41#include "xmalloc.h"
43 42
44/* 43/*
@@ -203,7 +202,7 @@ match_host_and_ip(const char *host, const char *ipaddr,
203 * match user, user@host_or_ip, user@host_or_ip_list against pattern 202 * match user, user@host_or_ip, user@host_or_ip_list against pattern
204 */ 203 */
205int 204int
206match_user(const char *user, int verify_reverse_mapping, 205match_user(const char *user, const char *host, const char *ipaddr,
207 const char *pattern) 206 const char *pattern)
208{ 207{
209 char *p, *pat; 208 char *p, *pat;
@@ -217,9 +216,7 @@ match_user(const char *user, int verify_reverse_mapping,
217 *p++ = '\0'; 216 *p++ = '\0';
218 217
219 if ((ret = match_pattern(user, pat)) == 1) 218 if ((ret = match_pattern(user, pat)) == 1)
220 ret = match_host_and_ip( 219 ret = match_host_and_ip(host, ipaddr, p);
221 get_canonical_hostname(verify_reverse_mapping),
222 get_remote_ipaddr(), p);
223 xfree(pat); 220 xfree(pat);
224 221
225 return ret; 222 return ret;
diff --git a/match.h b/match.h
index a5e85a9d8..a0764e001 100644
--- a/match.h
+++ b/match.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: match.h,v 1.11 2002/02/28 19:36:28 stevesk Exp $ */ 1/* $OpenBSD: match.h,v 1.12 2002/03/01 13:12:10 markus Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -18,7 +18,7 @@ int match_pattern(const char *, const char *);
18int match_pattern_list(const char *, const char *, u_int, int); 18int match_pattern_list(const char *, const char *, u_int, int);
19int match_hostname(const char *, const char *, u_int); 19int match_hostname(const char *, const char *, u_int);
20int match_host_and_ip(const char *, const char *, const char *); 20int match_host_and_ip(const char *, const char *, const char *);
21int match_user(const char *, int, const char *); 21int match_user(const char *, const char *, const char *, const char *);
22char *match_list(const char *, const char *, u_int *); 22char *match_list(const char *, const char *, u_int *);
23 23
24#endif 24#endif
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-18 13:26:37 +0000