tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- stevesk@cvs.openbsd.org 2002/02/28 19:36:28 

[auth.c match.c match.h]
     delay hostname lookup until we see a ``@'' in DenyUsers and AllowUsers
     for sshd -u0; ok markus@
This commit is contained in:
Ben Lindstrom 2002-03-05 01:35:23 +00:00
parent 80cb27dd7c
commit 916d83d208
4 changed files with 16 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -20,6 +20,10 @@
- markus@cvs.openbsd.org 2002/02/28 15:46:33
[authfile.c kex.c kexdh.c kexgex.c key.c ssh-dss.c]
add some const EVP_MD for openssl-0.9.7
- stevesk@cvs.openbsd.org 2002/02/28 19:36:28
[auth.c match.c match.h]
delay hostname lookup until we see a ``@'' in DenyUsers and AllowUsers
for sshd -u0; ok markus@
20020226
- (tim) Bug 12 [configure.ac] add sys/bitypes.h to int64_t tests
@ -7751,4 +7755,4 @@
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1
$Id: ChangeLog,v 1.1896 2002/03/05 01:33:36 mouring Exp $
$Id: ChangeLog,v 1.1897 2002/03/05 01:35:23 mouring Exp $

12
auth.c
View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth.c,v 1.32 2002/01/29 14:32:03 markus Exp $");
RCSID("$OpenBSD: auth.c,v 1.33 2002/02/28 19:36:28 stevesk Exp $");
#ifdef HAVE_LOGIN_H
#include <login.h>
@ -65,7 +65,6 @@ int
allowed_user(struct passwd * pw)
{
struct stat st;
const char *hostname = NULL, *ipaddr = NULL;
char *shell;
int i;
#ifdef WITH_AIXAUTHENTICATE
@ -110,22 +109,17 @@ allowed_user(struct passwd * pw)
if (!((st.st_mode & S_IFREG) && (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP))))
return 0;
if (options.num_deny_users > 0 || options.num_allow_users > 0) {
hostname = get_canonical_hostname(options.verify_reverse_mapping);
ipaddr = get_remote_ipaddr();
}
/* Return false if user is listed in DenyUsers */
if (options.num_deny_users > 0) {
for (i = 0; i < options.num_deny_users; i++)
if (match_user(pw->pw_name, hostname, ipaddr,
if (match_user(pw->pw_name, options.verify_reverse_mapping,
options.deny_users[i]))
return 0;
}
/* Return false if AllowUsers isn't empty and user isn't listed there */
if (options.num_allow_users > 0) {
for (i = 0; i < options.num_allow_users; i++)
if (match_user(pw->pw_name, hostname, ipaddr,
if (match_user(pw->pw_name, options.verify_reverse_mapping,
options.allow_users[i]))
break;
/* i < options.num_allow_users iff we break for loop */

9
match.c
View File

@ -35,9 +35,10 @@
*/
#include "includes.h"
RCSID("$OpenBSD: match.c,v 1.17 2002/02/11 16:21:42 markus Exp $");
RCSID("$OpenBSD: match.c,v 1.18 2002/02/28 19:36:28 stevesk Exp $");
#include "match.h"
#include "canohost.h"
#include "xmalloc.h"
/*
@ -202,7 +203,7 @@ match_host_and_ip(const char *host, const char *ipaddr,
* match user, user@host_or_ip, user@host_or_ip_list against pattern
*/
int
match_user(const char *user, const char *host, const char *ipaddr,
match_user(const char *user, int verify_reverse_mapping,
const char *pattern)
{
char *p, *pat;
@ -216,7 +217,9 @@ match_user(const char *user, const char *host, const char *ipaddr,
*p++ = '\0';
if ((ret = match_pattern(user, pat)) == 1)
ret = match_host_and_ip(host, ipaddr, p);
ret = match_host_and_ip(
get_canonical_hostname(verify_reverse_mapping),
get_remote_ipaddr(), p);
xfree(pat);
return ret;

4
match.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: match.h,v 1.10 2001/12/05 16:54:51 markus Exp $ */
/* $OpenBSD: match.h,v 1.11 2002/02/28 19:36:28 stevesk Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -18,7 +18,7 @@ int match_pattern(const char *, const char *);
int match_pattern_list(const char *, const char *, u_int, int);
int match_hostname(const char *, const char *, u_int);
int match_host_and_ip(const char *, const char *, const char *);
int match_user(const char *, const char *, const char *, const char *);
int match_user(const char *, int, const char *);
char *match_list(const char *, const char *, u_int *);
#endif