summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog6
-rw-r--r--auth.c12
-rw-r--r--match.c9
-rw-r--r--match.h4
4 files changed, 16 insertions, 15 deletions
diff --git a/ChangeLog b/ChangeLog
index 7b0ed44ca..f595caff9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -20,6 +20,10 @@
20 - markus@cvs.openbsd.org 2002/02/28 15:46:33 20 - markus@cvs.openbsd.org 2002/02/28 15:46:33
21 [authfile.c kex.c kexdh.c kexgex.c key.c ssh-dss.c] 21 [authfile.c kex.c kexdh.c kexgex.c key.c ssh-dss.c]
22 add some const EVP_MD for openssl-0.9.7 22 add some const EVP_MD for openssl-0.9.7
23 - stevesk@cvs.openbsd.org 2002/02/28 19:36:28
24 [auth.c match.c match.h]
25 delay hostname lookup until we see a ``@'' in DenyUsers and AllowUsers
26 for sshd -u0; ok markus@
23 27
2420020226 2820020226
25 - (tim) Bug 12 [configure.ac] add sys/bitypes.h to int64_t tests 29 - (tim) Bug 12 [configure.ac] add sys/bitypes.h to int64_t tests
@@ -7751,4 +7755,4 @@
7751 - Wrote replacements for strlcpy and mkdtemp 7755 - Wrote replacements for strlcpy and mkdtemp
7752 - Released 1.0pre1 7756 - Released 1.0pre1
7753 7757
7754$Id: ChangeLog,v 1.1896 2002/03/05 01:33:36 mouring Exp $ 7758$Id: ChangeLog,v 1.1897 2002/03/05 01:35:23 mouring Exp $
diff --git a/auth.c b/auth.c
index efa7ee28b..eae6a7bdf 100644
--- a/auth.c
+++ b/auth.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: auth.c,v 1.32 2002/01/29 14:32:03 markus Exp $"); 26RCSID("$OpenBSD: auth.c,v 1.33 2002/02/28 19:36:28 stevesk Exp $");
27 27
28#ifdef HAVE_LOGIN_H 28#ifdef HAVE_LOGIN_H
29#include <login.h> 29#include <login.h>
@@ -65,7 +65,6 @@ int
65allowed_user(struct passwd * pw) 65allowed_user(struct passwd * pw)
66{ 66{
67 struct stat st; 67 struct stat st;
68 const char *hostname = NULL, *ipaddr = NULL;
69 char *shell; 68 char *shell;
70 int i; 69 int i;
71#ifdef WITH_AIXAUTHENTICATE 70#ifdef WITH_AIXAUTHENTICATE
@@ -110,22 +109,17 @@ allowed_user(struct passwd * pw)
110 if (!((st.st_mode & S_IFREG) && (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)))) 109 if (!((st.st_mode & S_IFREG) && (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP))))
111 return 0; 110 return 0;
112 111
113 if (options.num_deny_users > 0 || options.num_allow_users > 0) {
114 hostname = get_canonical_hostname(options.verify_reverse_mapping);
115 ipaddr = get_remote_ipaddr();
116 }
117
118 /* Return false if user is listed in DenyUsers */ 112 /* Return false if user is listed in DenyUsers */
119 if (options.num_deny_users > 0) { 113 if (options.num_deny_users > 0) {
120 for (i = 0; i < options.num_deny_users; i++) 114 for (i = 0; i < options.num_deny_users; i++)
121 if (match_user(pw->pw_name, hostname, ipaddr, 115 if (match_user(pw->pw_name, options.verify_reverse_mapping,
122 options.deny_users[i])) 116 options.deny_users[i]))
123 return 0; 117 return 0;
124 } 118 }
125 /* Return false if AllowUsers isn't empty and user isn't listed there */ 119 /* Return false if AllowUsers isn't empty and user isn't listed there */
126 if (options.num_allow_users > 0) { 120 if (options.num_allow_users > 0) {
127 for (i = 0; i < options.num_allow_users; i++) 121 for (i = 0; i < options.num_allow_users; i++)
128 if (match_user(pw->pw_name, hostname, ipaddr, 122 if (match_user(pw->pw_name, options.verify_reverse_mapping,
129 options.allow_users[i])) 123 options.allow_users[i]))
130 break; 124 break;
131 /* i < options.num_allow_users iff we break for loop */ 125 /* i < options.num_allow_users iff we break for loop */
diff --git a/match.c b/match.c
index c82c28a8b..e73ed2aa2 100644
--- a/match.c
+++ b/match.c
@@ -35,9 +35,10 @@
35 */ 35 */
36 36
37#include "includes.h" 37#include "includes.h"
38RCSID("$OpenBSD: match.c,v 1.17 2002/02/11 16:21:42 markus Exp $"); 38RCSID("$OpenBSD: match.c,v 1.18 2002/02/28 19:36:28 stevesk Exp $");
39 39
40#include "match.h" 40#include "match.h"
41#include "canohost.h"
41#include "xmalloc.h" 42#include "xmalloc.h"
42 43
43/* 44/*
@@ -202,7 +203,7 @@ match_host_and_ip(const char *host, const char *ipaddr,
202 * match user, user@host_or_ip, user@host_or_ip_list against pattern 203 * match user, user@host_or_ip, user@host_or_ip_list against pattern
203 */ 204 */
204int 205int
205match_user(const char *user, const char *host, const char *ipaddr, 206match_user(const char *user, int verify_reverse_mapping,
206 const char *pattern) 207 const char *pattern)
207{ 208{
208 char *p, *pat; 209 char *p, *pat;
@@ -216,7 +217,9 @@ match_user(const char *user, const char *host, const char *ipaddr,
216 *p++ = '\0'; 217 *p++ = '\0';
217 218
218 if ((ret = match_pattern(user, pat)) == 1) 219 if ((ret = match_pattern(user, pat)) == 1)
219 ret = match_host_and_ip(host, ipaddr, p); 220 ret = match_host_and_ip(
221 get_canonical_hostname(verify_reverse_mapping),
222 get_remote_ipaddr(), p);
220 xfree(pat); 223 xfree(pat);
221 224
222 return ret; 225 return ret;
diff --git a/match.h b/match.h
index 7b777de3d..a5e85a9d8 100644
--- a/match.h
+++ b/match.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: match.h,v 1.10 2001/12/05 16:54:51 markus Exp $ */ 1/* $OpenBSD: match.h,v 1.11 2002/02/28 19:36:28 stevesk Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -18,7 +18,7 @@ int match_pattern(const char *, const char *);
18int match_pattern_list(const char *, const char *, u_int, int); 18int match_pattern_list(const char *, const char *, u_int, int);
19int match_hostname(const char *, const char *, u_int); 19int match_hostname(const char *, const char *, u_int);
20int match_host_and_ip(const char *, const char *, const char *); 20int match_host_and_ip(const char *, const char *, const char *);
21int match_user(const char *, const char *, const char *, const char *); 21int match_user(const char *, int, const char *);
22char *match_list(const char *, const char *, u_int *); 22char *match_list(const char *, const char *, u_int *);
23 23
24#endif 24#endif
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-05 05:07:52 +0000