From 916d83d208d751b9a3605165893370c8d429bba5 Mon Sep 17 00:00:00 2001
From: Ben Lindstrom <mouring@eviladmin.org>
Date: Tue, 5 Mar 2002 01:35:23 +0000
Subject:    - stevesk@cvs.openbsd.org 2002/02/28 19:36:28      [auth.c match.c
 match.h]      delay hostname lookup until we see a ``@'' in DenyUsers and
 AllowUsers      for sshd -u0; ok markus@

---
 auth.c | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

(limited to 'auth.c')

diff --git a/auth.c b/auth.c
index efa7ee28b..eae6a7bdf 100644
--- a/auth.c
+++ b/auth.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.32 2002/01/29 14:32:03 markus Exp $");
+RCSID("$OpenBSD: auth.c,v 1.33 2002/02/28 19:36:28 stevesk Exp $");
 
 #ifdef HAVE_LOGIN_H
 #include <login.h>
@@ -65,7 +65,6 @@ int
 allowed_user(struct passwd * pw)
 {
 	struct stat st;
-	const char *hostname = NULL, *ipaddr = NULL;
 	char *shell;
 	int i;
 #ifdef WITH_AIXAUTHENTICATE
@@ -110,22 +109,17 @@ allowed_user(struct passwd * pw)
 	if (!((st.st_mode & S_IFREG) && (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP))))
 		return 0;
 
-	if (options.num_deny_users > 0 || options.num_allow_users > 0) {
-		hostname = get_canonical_hostname(options.verify_reverse_mapping);
-		ipaddr = get_remote_ipaddr();
-	}
-
 	/* Return false if user is listed in DenyUsers */
 	if (options.num_deny_users > 0) {
 		for (i = 0; i < options.num_deny_users; i++)
-			if (match_user(pw->pw_name, hostname, ipaddr,
+			if (match_user(pw->pw_name, options.verify_reverse_mapping,
 			    options.deny_users[i]))
 				return 0;
 	}
 	/* Return false if AllowUsers isn't empty and user isn't listed there */
 	if (options.num_allow_users > 0) {
 		for (i = 0; i < options.num_allow_users; i++)
-			if (match_user(pw->pw_name, hostname, ipaddr,
+			if (match_user(pw->pw_name, options.verify_reverse_mapping,
 			    options.allow_users[i]))
 				break;
 		/* i < options.num_allow_users iff we break for loop */
-- 
cgit v1.2.3