diff options
Diffstat (limited to 'auth.c')
-rw-r--r-- | auth.c | 14 |
1 files changed, 11 insertions, 3 deletions
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: auth.c,v 1.25 2001/06/25 17:54:48 provos Exp $"); | 26 | RCSID("$OpenBSD: auth.c,v 1.26 2001/06/27 04:48:52 markus Exp $"); |
27 | 27 | ||
28 | #ifdef HAVE_LOGIN_H | 28 | #ifdef HAVE_LOGIN_H |
29 | #include <login.h> | 29 | #include <login.h> |
@@ -65,6 +65,7 @@ int | |||
65 | allowed_user(struct passwd * pw) | 65 | allowed_user(struct passwd * pw) |
66 | { | 66 | { |
67 | struct stat st; | 67 | struct stat st; |
68 | const char *hostname = NULL, *ipaddr = NULL; | ||
68 | char *shell; | 69 | char *shell; |
69 | int i; | 70 | int i; |
70 | #ifdef WITH_AIXAUTHENTICATE | 71 | #ifdef WITH_AIXAUTHENTICATE |
@@ -109,16 +110,23 @@ allowed_user(struct passwd * pw) | |||
109 | if (!((st.st_mode & S_IFREG) && (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)))) | 110 | if (!((st.st_mode & S_IFREG) && (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)))) |
110 | return 0; | 111 | return 0; |
111 | 112 | ||
113 | if (options.num_deny_users > 0 || options.num_allow_users > 0) { | ||
114 | hostname = get_canonical_hostname(options.reverse_mapping_check); | ||
115 | ipaddr = get_remote_ipaddr(); | ||
116 | } | ||
117 | |||
112 | /* Return false if user is listed in DenyUsers */ | 118 | /* Return false if user is listed in DenyUsers */ |
113 | if (options.num_deny_users > 0) { | 119 | if (options.num_deny_users > 0) { |
114 | for (i = 0; i < options.num_deny_users; i++) | 120 | for (i = 0; i < options.num_deny_users; i++) |
115 | if (match_pattern(pw->pw_name, options.deny_users[i])) | 121 | if (match_user(pw->pw_name, hostname, ipaddr, |
122 | options.deny_users[i])) | ||
116 | return 0; | 123 | return 0; |
117 | } | 124 | } |
118 | /* Return false if AllowUsers isn't empty and user isn't listed there */ | 125 | /* Return false if AllowUsers isn't empty and user isn't listed there */ |
119 | if (options.num_allow_users > 0) { | 126 | if (options.num_allow_users > 0) { |
120 | for (i = 0; i < options.num_allow_users; i++) | 127 | for (i = 0; i < options.num_allow_users; i++) |
121 | if (match_pattern(pw->pw_name, options.allow_users[i])) | 128 | if (match_user(pw->pw_name, hostname, ipaddr, |
129 | options.allow_users[i])) | ||
122 | break; | 130 | break; |
123 | /* i < options.num_allow_users iff we break for loop */ | 131 | /* i < options.num_allow_users iff we break for loop */ |
124 | if (i >= options.num_allow_users) | 132 | if (i >= options.num_allow_users) |