diff options
| author | Ben Lindstrom <mouring@eviladmin.org> | 2002-03-05 02:42:42 +0100 |
|---|---|---|
| committer | Ben Lindstrom <mouring@eviladmin.org> | 2002-03-05 02:42:42 +0100 |
| commit | 3fb5d00ffdaa93a99466858c667e2721cd2b39cb (patch) | |
| tree | 403c6c6f634eb64f16624c1946a56cd70572ff7b | |
| parent | - stevesk@cvs.openbsd.org 2002/02/28 20:56:00 (diff) | |
| download | openssh-3fb5d00ffdaa93a99466858c667e2721cd2b39cb.tar.xz openssh-3fb5d00ffdaa93a99466858c667e2721cd2b39cb.zip | |
- markus@cvs.openbsd.org 2002/03/01 13:12:10
[auth.c match.c match.h]
undo the 'delay hostname lookup' change
match.c must not use compress.c (via canonhost.c/packet.c)
thanks to wilfried@
| -rw-r--r-- | ChangeLog | 7 | ||||
| -rw-r--r-- | auth.c | 12 | ||||
| -rw-r--r-- | match.c | 9 | ||||
| -rw-r--r-- | match.h | 4 |
4 files changed, 20 insertions, 12 deletions
@@ -33,6 +33,11 @@ - stevesk@cvs.openbsd.org 2002/02/28 20:56:00 [auth.c] log user not allowed details, from dwd@bell-labs.com; ok markus@ + - markus@cvs.openbsd.org 2002/03/01 13:12:10 + [auth.c match.c match.h] + undo the 'delay hostname lookup' change + match.c must not use compress.c (via canonhost.c/packet.c) + thanks to wilfried@ 20020226 - (tim) Bug 12 [configure.ac] add sys/bitypes.h to int64_t tests @@ -7764,4 +7769,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1900 2002/03/05 01:40:37 mouring Exp $ +$Id: ChangeLog,v 1.1901 2002/03/05 01:42:42 mouring Exp $ @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth.c,v 1.34 2002/02/28 20:56:00 stevesk Exp $"); +RCSID("$OpenBSD: auth.c,v 1.35 2002/03/01 13:12:10 markus Exp $"); #ifdef HAVE_LOGIN_H #include <login.h> @@ -65,6 +65,7 @@ int allowed_user(struct passwd * pw) { struct stat st; + const char *hostname = NULL, *ipaddr = NULL; char *shell; int i; #ifdef WITH_AIXAUTHENTICATE @@ -115,10 +116,15 @@ allowed_user(struct passwd * pw) return 0; } + if (options.num_deny_users > 0 || options.num_allow_users > 0) { + hostname = get_canonical_hostname(options.verify_reverse_mapping); + ipaddr = get_remote_ipaddr(); + } + /* Return false if user is listed in DenyUsers */ if (options.num_deny_users > 0) { for (i = 0; i < options.num_deny_users; i++) - if (match_user(pw->pw_name, options.verify_reverse_mapping, + if (match_user(pw->pw_name, hostname, ipaddr, options.deny_users[i])) { log("User %.100s not allowed because listed in DenyUsers", pw->pw_name); @@ -128,7 +134,7 @@ allowed_user(struct passwd * pw) /* Return false if AllowUsers isn't empty and user isn't listed there */ if (options.num_allow_users > 0) { for (i = 0; i < options.num_allow_users; i++) - if (match_user(pw->pw_name, options.verify_reverse_mapping, + if (match_user(pw->pw_name, hostname, ipaddr, options.allow_users[i])) break; /* i < options.num_allow_users iff we break for loop */ @@ -35,10 +35,9 @@ */ #include "includes.h" -RCSID("$OpenBSD: match.c,v 1.18 2002/02/28 19:36:28 stevesk Exp $"); +RCSID("$OpenBSD: match.c,v 1.19 2002/03/01 13:12:10 markus Exp $"); #include "match.h" -#include "canohost.h" #include "xmalloc.h" /* @@ -203,7 +202,7 @@ match_host_and_ip(const char *host, const char *ipaddr, * match user, user@host_or_ip, user@host_or_ip_list against pattern */ int -match_user(const char *user, int verify_reverse_mapping, +match_user(const char *user, const char *host, const char *ipaddr, const char *pattern) { char *p, *pat; @@ -217,9 +216,7 @@ match_user(const char *user, int verify_reverse_mapping, *p++ = '\0'; if ((ret = match_pattern(user, pat)) == 1) - ret = match_host_and_ip( - get_canonical_hostname(verify_reverse_mapping), - get_remote_ipaddr(), p); + ret = match_host_and_ip(host, ipaddr, p); xfree(pat); return ret; @@ -1,4 +1,4 @@ -/* $OpenBSD: match.h,v 1.11 2002/02/28 19:36:28 stevesk Exp $ */ +/* $OpenBSD: match.h,v 1.12 2002/03/01 13:12:10 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -18,7 +18,7 @@ int match_pattern(const char *, const char *); int match_pattern_list(const char *, const char *, u_int, int); int match_hostname(const char *, const char *, u_int); int match_host_and_ip(const char *, const char *, const char *); -int match_user(const char *, int, const char *); +int match_user(const char *, const char *, const char *, const char *); char *match_list(const char *, const char *, u_int *); #endif |