- markus@cvs.openbsd.org 2001/06/24 05:25:10
[auth-options.c match.c match.h] move ip+hostname check to match.c
This commit is contained in:
parent
0520945179
commit
f0c50293dd
|
@ -92,6 +92,9 @@
|
|||
[sshconnect1.c]
|
||||
consistent with ssh2: skip key if empty passphrase is entered,
|
||||
retry num_of_passwd_prompt times if passphrase is wrong. ok fgsch@
|
||||
- markus@cvs.openbsd.org 2001/06/24 05:25:10
|
||||
[auth-options.c match.c match.h]
|
||||
move ip+hostname check to match.c
|
||||
|
||||
20010622
|
||||
- (stevesk) handle systems without pw_expire and pw_change.
|
||||
|
@ -5776,4 +5779,4 @@
|
|||
- Wrote replacements for strlcpy and mkdtemp
|
||||
- Released 1.0pre1
|
||||
|
||||
$Id: ChangeLog,v 1.1319 2001/06/25 05:16:02 mouring Exp $
|
||||
$Id: ChangeLog,v 1.1320 2001/06/25 05:17:53 mouring Exp $
|
||||
|
|
|
@ -10,7 +10,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth-options.c,v 1.18 2001/05/31 10:30:12 markus Exp $");
|
||||
RCSID("$OpenBSD: auth-options.c,v 1.19 2001/06/24 05:25:09 markus Exp $");
|
||||
|
||||
#include "packet.h"
|
||||
#include "xmalloc.h"
|
||||
|
@ -167,7 +167,6 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
|
|||
}
|
||||
cp = "from=\"";
|
||||
if (strncasecmp(opts, cp, strlen(cp)) == 0) {
|
||||
int mname, mip;
|
||||
const char *remote_ip = get_remote_ipaddr();
|
||||
const char *remote_host = get_canonical_hostname(
|
||||
options.reverse_mapping_check);
|
||||
|
@ -195,18 +194,9 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
|
|||
}
|
||||
patterns[i] = 0;
|
||||
opts++;
|
||||
/*
|
||||
* Deny access if we get a negative
|
||||
* match for the hostname or the ip
|
||||
* or if we get not match at all
|
||||
*/
|
||||
mname = match_hostname(remote_host, patterns,
|
||||
strlen(patterns));
|
||||
mip = match_hostname(remote_ip, patterns,
|
||||
strlen(patterns));
|
||||
xfree(patterns);
|
||||
if (mname == -1 || mip == -1 ||
|
||||
(mname != 1 && mip != 1)) {
|
||||
if (match_host_and_ip(remote_host, remote_ip,
|
||||
patterns) != 1) {
|
||||
xfree(patterns);
|
||||
log("Authentication tried for %.100s with "
|
||||
"correct key but not from a permitted "
|
||||
"host (host=%.200s, ip=%.200s).",
|
||||
|
@ -217,6 +207,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
|
|||
/* deny access */
|
||||
return 0;
|
||||
}
|
||||
xfree(patterns);
|
||||
/* Host name matches. */
|
||||
goto next_option;
|
||||
}
|
||||
|
|
27
match.c
27
match.c
|
@ -35,7 +35,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: match.c,v 1.12 2001/03/10 17:51:04 markus Exp $");
|
||||
RCSID("$OpenBSD: match.c,v 1.13 2001/06/24 05:25:10 markus Exp $");
|
||||
|
||||
#include "match.h"
|
||||
#include "xmalloc.h"
|
||||
|
@ -162,7 +162,32 @@ match_hostname(const char *host, const char *pattern, u_int len)
|
|||
return got_positive;
|
||||
}
|
||||
|
||||
/*
|
||||
* returns 0 if we get a negative match for the hostname or the ip
|
||||
* or if we get no match at all. returns 1 otherwise.
|
||||
*/
|
||||
int
|
||||
match_host_and_ip(const char *host, const char *ipaddr,
|
||||
const char *patterns)
|
||||
{
|
||||
int mhost, mip;
|
||||
|
||||
/* negative ipaddr match */
|
||||
if ((mip = match_hostname(ipaddr, patterns, strlen(patterns))) == -1)
|
||||
return 0;
|
||||
/* negative hostname match */
|
||||
if ((mhost = match_hostname(host, patterns, strlen(patterns))) == -1)
|
||||
return 0;
|
||||
/* no match at all */
|
||||
if (mhost == 0 && mip == 0)
|
||||
return 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Returns first item from client-list that is also supported by server-list,
|
||||
* caller must xfree() returned string.
|
||||
*/
|
||||
#define MAX_PROP 20
|
||||
#define SEP ","
|
||||
char *
|
||||
|
|
26
match.h
26
match.h
|
@ -1,11 +1,9 @@
|
|||
/* $OpenBSD: match.h,v 1.7 2001/03/10 17:51:04 markus Exp $ */
|
||||
/* $OpenBSD: match.h,v 1.8 2001/06/24 05:25:10 markus Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
* All rights reserved
|
||||
* This file contains various auxiliary functions related to multiple
|
||||
* precision integers.
|
||||
*
|
||||
* As far as I am concerned, the code I have written for this software
|
||||
* can be used freely for any purpose. Any derived versions of this
|
||||
|
@ -16,24 +14,10 @@
|
|||
#ifndef MATCH_H
|
||||
#define MATCH_H
|
||||
|
||||
/*
|
||||
* Returns true if the given string matches the pattern (which may contain ?
|
||||
* and * as wildcards), and zero if it does not match.
|
||||
*/
|
||||
int match_pattern(const char *s, const char *pattern);
|
||||
|
||||
/*
|
||||
* Tries to match the host name (which must be in all lowercase) against the
|
||||
* comma-separated sequence of subpatterns (each possibly preceded by ! to
|
||||
* indicate negation). Returns -1 if negation matches, 1 if there is
|
||||
* a positive match, 0 if there is no match at all.
|
||||
*/
|
||||
int match_hostname(const char *host, const char *pattern, u_int len);
|
||||
|
||||
/*
|
||||
* Returns first item from client-list that is also supported by server-list,
|
||||
* caller must xfree() returned string.
|
||||
*/
|
||||
int match_pattern(const char *s, const char *pattern);
|
||||
int match_hostname(const char *host, const char *pattern, u_int len);
|
||||
int match_host_and_ip(const char *host, const char *ip, const char *p);
|
||||
int match_user(const char *u, const char *h, const char *i, const char *p);
|
||||
char *match_list(const char *client, const char *server, u_int *next);
|
||||
|
||||
#endif
|
||||
|
|
Loading…
Reference in New Issue