- markus@cvs.openbsd.org 2001/06/24 05:25:10
[auth-options.c match.c match.h] move ip+hostname check to match.c
This commit is contained in:
parent
0520945179
commit
f0c50293dd
|
@ -92,6 +92,9 @@
|
||||||
[sshconnect1.c]
|
[sshconnect1.c]
|
||||||
consistent with ssh2: skip key if empty passphrase is entered,
|
consistent with ssh2: skip key if empty passphrase is entered,
|
||||||
retry num_of_passwd_prompt times if passphrase is wrong. ok fgsch@
|
retry num_of_passwd_prompt times if passphrase is wrong. ok fgsch@
|
||||||
|
- markus@cvs.openbsd.org 2001/06/24 05:25:10
|
||||||
|
[auth-options.c match.c match.h]
|
||||||
|
move ip+hostname check to match.c
|
||||||
|
|
||||||
20010622
|
20010622
|
||||||
- (stevesk) handle systems without pw_expire and pw_change.
|
- (stevesk) handle systems without pw_expire and pw_change.
|
||||||
|
@ -5776,4 +5779,4 @@
|
||||||
- Wrote replacements for strlcpy and mkdtemp
|
- Wrote replacements for strlcpy and mkdtemp
|
||||||
- Released 1.0pre1
|
- Released 1.0pre1
|
||||||
|
|
||||||
$Id: ChangeLog,v 1.1319 2001/06/25 05:16:02 mouring Exp $
|
$Id: ChangeLog,v 1.1320 2001/06/25 05:17:53 mouring Exp $
|
||||||
|
|
|
@ -10,7 +10,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: auth-options.c,v 1.18 2001/05/31 10:30:12 markus Exp $");
|
RCSID("$OpenBSD: auth-options.c,v 1.19 2001/06/24 05:25:09 markus Exp $");
|
||||||
|
|
||||||
#include "packet.h"
|
#include "packet.h"
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
|
@ -167,7 +167,6 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
|
||||||
}
|
}
|
||||||
cp = "from=\"";
|
cp = "from=\"";
|
||||||
if (strncasecmp(opts, cp, strlen(cp)) == 0) {
|
if (strncasecmp(opts, cp, strlen(cp)) == 0) {
|
||||||
int mname, mip;
|
|
||||||
const char *remote_ip = get_remote_ipaddr();
|
const char *remote_ip = get_remote_ipaddr();
|
||||||
const char *remote_host = get_canonical_hostname(
|
const char *remote_host = get_canonical_hostname(
|
||||||
options.reverse_mapping_check);
|
options.reverse_mapping_check);
|
||||||
|
@ -195,18 +194,9 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
|
||||||
}
|
}
|
||||||
patterns[i] = 0;
|
patterns[i] = 0;
|
||||||
opts++;
|
opts++;
|
||||||
/*
|
if (match_host_and_ip(remote_host, remote_ip,
|
||||||
* Deny access if we get a negative
|
patterns) != 1) {
|
||||||
* match for the hostname or the ip
|
|
||||||
* or if we get not match at all
|
|
||||||
*/
|
|
||||||
mname = match_hostname(remote_host, patterns,
|
|
||||||
strlen(patterns));
|
|
||||||
mip = match_hostname(remote_ip, patterns,
|
|
||||||
strlen(patterns));
|
|
||||||
xfree(patterns);
|
xfree(patterns);
|
||||||
if (mname == -1 || mip == -1 ||
|
|
||||||
(mname != 1 && mip != 1)) {
|
|
||||||
log("Authentication tried for %.100s with "
|
log("Authentication tried for %.100s with "
|
||||||
"correct key but not from a permitted "
|
"correct key but not from a permitted "
|
||||||
"host (host=%.200s, ip=%.200s).",
|
"host (host=%.200s, ip=%.200s).",
|
||||||
|
@ -217,6 +207,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
|
||||||
/* deny access */
|
/* deny access */
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
xfree(patterns);
|
||||||
/* Host name matches. */
|
/* Host name matches. */
|
||||||
goto next_option;
|
goto next_option;
|
||||||
}
|
}
|
||||||
|
|
27
match.c
27
match.c
|
@ -35,7 +35,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: match.c,v 1.12 2001/03/10 17:51:04 markus Exp $");
|
RCSID("$OpenBSD: match.c,v 1.13 2001/06/24 05:25:10 markus Exp $");
|
||||||
|
|
||||||
#include "match.h"
|
#include "match.h"
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
|
@ -162,7 +162,32 @@ match_hostname(const char *host, const char *pattern, u_int len)
|
||||||
return got_positive;
|
return got_positive;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* returns 0 if we get a negative match for the hostname or the ip
|
||||||
|
* or if we get no match at all. returns 1 otherwise.
|
||||||
|
*/
|
||||||
|
int
|
||||||
|
match_host_and_ip(const char *host, const char *ipaddr,
|
||||||
|
const char *patterns)
|
||||||
|
{
|
||||||
|
int mhost, mip;
|
||||||
|
|
||||||
|
/* negative ipaddr match */
|
||||||
|
if ((mip = match_hostname(ipaddr, patterns, strlen(patterns))) == -1)
|
||||||
|
return 0;
|
||||||
|
/* negative hostname match */
|
||||||
|
if ((mhost = match_hostname(host, patterns, strlen(patterns))) == -1)
|
||||||
|
return 0;
|
||||||
|
/* no match at all */
|
||||||
|
if (mhost == 0 && mip == 0)
|
||||||
|
return 0;
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Returns first item from client-list that is also supported by server-list,
|
||||||
|
* caller must xfree() returned string.
|
||||||
|
*/
|
||||||
#define MAX_PROP 20
|
#define MAX_PROP 20
|
||||||
#define SEP ","
|
#define SEP ","
|
||||||
char *
|
char *
|
||||||
|
|
22
match.h
22
match.h
|
@ -1,11 +1,9 @@
|
||||||
/* $OpenBSD: match.h,v 1.7 2001/03/10 17:51:04 markus Exp $ */
|
/* $OpenBSD: match.h,v 1.8 2001/06/24 05:25:10 markus Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
* All rights reserved
|
* All rights reserved
|
||||||
* This file contains various auxiliary functions related to multiple
|
|
||||||
* precision integers.
|
|
||||||
*
|
*
|
||||||
* As far as I am concerned, the code I have written for this software
|
* As far as I am concerned, the code I have written for this software
|
||||||
* can be used freely for any purpose. Any derived versions of this
|
* can be used freely for any purpose. Any derived versions of this
|
||||||
|
@ -16,24 +14,10 @@
|
||||||
#ifndef MATCH_H
|
#ifndef MATCH_H
|
||||||
#define MATCH_H
|
#define MATCH_H
|
||||||
|
|
||||||
/*
|
|
||||||
* Returns true if the given string matches the pattern (which may contain ?
|
|
||||||
* and * as wildcards), and zero if it does not match.
|
|
||||||
*/
|
|
||||||
int match_pattern(const char *s, const char *pattern);
|
int match_pattern(const char *s, const char *pattern);
|
||||||
|
|
||||||
/*
|
|
||||||
* Tries to match the host name (which must be in all lowercase) against the
|
|
||||||
* comma-separated sequence of subpatterns (each possibly preceded by ! to
|
|
||||||
* indicate negation). Returns -1 if negation matches, 1 if there is
|
|
||||||
* a positive match, 0 if there is no match at all.
|
|
||||||
*/
|
|
||||||
int match_hostname(const char *host, const char *pattern, u_int len);
|
int match_hostname(const char *host, const char *pattern, u_int len);
|
||||||
|
int match_host_and_ip(const char *host, const char *ip, const char *p);
|
||||||
/*
|
int match_user(const char *u, const char *h, const char *i, const char *p);
|
||||||
* Returns first item from client-list that is also supported by server-list,
|
|
||||||
* caller must xfree() returned string.
|
|
||||||
*/
|
|
||||||
char *match_list(const char *client, const char *server, u_int *next);
|
char *match_list(const char *client, const char *server, u_int *next);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
Loading…
Reference in New Issue