diff options
Diffstat (limited to 'auth.c')
-rw-r--r-- | auth.c | 22 |
1 files changed, 16 insertions, 6 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth.c,v 1.116 2016/08/13 17:47:41 markus Exp $ */ | 1 | /* $OpenBSD: auth.c,v 1.117 2016/11/06 05:46:37 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -103,6 +103,7 @@ allowed_user(struct passwd * pw) | |||
103 | struct stat st; | 103 | struct stat st; |
104 | const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL; | 104 | const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL; |
105 | u_int i; | 105 | u_int i; |
106 | int r; | ||
106 | #ifdef USE_SHADOW | 107 | #ifdef USE_SHADOW |
107 | struct spwd *spw = NULL; | 108 | struct spwd *spw = NULL; |
108 | #endif | 109 | #endif |
@@ -192,8 +193,12 @@ allowed_user(struct passwd * pw) | |||
192 | /* Return false if user is listed in DenyUsers */ | 193 | /* Return false if user is listed in DenyUsers */ |
193 | if (options.num_deny_users > 0) { | 194 | if (options.num_deny_users > 0) { |
194 | for (i = 0; i < options.num_deny_users; i++) | 195 | for (i = 0; i < options.num_deny_users; i++) |
195 | if (match_user(pw->pw_name, hostname, ipaddr, | 196 | r = match_user(pw->pw_name, hostname, ipaddr, |
196 | options.deny_users[i])) { | 197 | options.deny_users[i]); |
198 | if (r < 0) { | ||
199 | fatal("Invalid DenyUsers pattern \"%.100s\"", | ||
200 | options.deny_users[i]); | ||
201 | } else if (r != 1) { | ||
197 | logit("User %.100s from %.100s not allowed " | 202 | logit("User %.100s from %.100s not allowed " |
198 | "because listed in DenyUsers", | 203 | "because listed in DenyUsers", |
199 | pw->pw_name, hostname); | 204 | pw->pw_name, hostname); |
@@ -202,10 +207,15 @@ allowed_user(struct passwd * pw) | |||
202 | } | 207 | } |
203 | /* Return false if AllowUsers isn't empty and user isn't listed there */ | 208 | /* Return false if AllowUsers isn't empty and user isn't listed there */ |
204 | if (options.num_allow_users > 0) { | 209 | if (options.num_allow_users > 0) { |
205 | for (i = 0; i < options.num_allow_users; i++) | 210 | for (i = 0; i < options.num_allow_users; i++) { |
206 | if (match_user(pw->pw_name, hostname, ipaddr, | 211 | r = match_user(pw->pw_name, hostname, ipaddr, |
207 | options.allow_users[i])) | 212 | options.allow_users[i]); |
213 | if (r < 0) { | ||
214 | fatal("Invalid AllowUsers pattern \"%.100s\"", | ||
215 | options.allow_users[i]); | ||
216 | } else if (r == 1) | ||
208 | break; | 217 | break; |
218 | } | ||
209 | /* i < options.num_allow_users iff we break for loop */ | 219 | /* i < options.num_allow_users iff we break for loop */ |
210 | if (i >= options.num_allow_users) { | 220 | if (i >= options.num_allow_users) { |
211 | logit("User %.100s from %.100s not allowed because " | 221 | logit("User %.100s from %.100s not allowed because " |