summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2002-03-05 01:42:42 +0000
committerBen Lindstrom <mouring@eviladmin.org>2002-03-05 01:42:42 +0000
commit3fb5d00ffdaa93a99466858c667e2721cd2b39cb (patch)
tree403c6c6f634eb64f16624c1946a56cd70572ff7b
parent6ef9ec6b6ba6d52a16a4e63a75b042f321bcb6fa (diff)
- markus@cvs.openbsd.org 2002/03/01 13:12:10
[auth.c match.c match.h] undo the 'delay hostname lookup' change match.c must not use compress.c (via canonhost.c/packet.c) thanks to wilfried@
-rw-r--r--ChangeLog7
-rw-r--r--auth.c12
-rw-r--r--match.c9
-rw-r--r--match.h4
4 files changed, 20 insertions, 12 deletions
diff --git a/ChangeLog b/ChangeLog
index 21c71933..21f88610 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -33,6 +33,11 @@
- stevesk@cvs.openbsd.org 2002/02/28 20:56:00
[auth.c]
log user not allowed details, from dwd@bell-labs.com; ok markus@
+ - markus@cvs.openbsd.org 2002/03/01 13:12:10
+ [auth.c match.c match.h]
+ undo the 'delay hostname lookup' change
+ match.c must not use compress.c (via canonhost.c/packet.c)
+ thanks to wilfried@
20020226
- (tim) Bug 12 [configure.ac] add sys/bitypes.h to int64_t tests
@@ -7764,4 +7769,4 @@
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1
-$Id: ChangeLog,v 1.1900 2002/03/05 01:40:37 mouring Exp $
+$Id: ChangeLog,v 1.1901 2002/03/05 01:42:42 mouring Exp $
diff --git a/auth.c b/auth.c
index a58bf9b7..26dce5b6 100644
--- a/auth.c
+++ b/auth.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.34 2002/02/28 20:56:00 stevesk Exp $");
+RCSID("$OpenBSD: auth.c,v 1.35 2002/03/01 13:12:10 markus Exp $");
#ifdef HAVE_LOGIN_H
#include <login.h>
@@ -65,6 +65,7 @@ int
allowed_user(struct passwd * pw)
{
struct stat st;
+ const char *hostname = NULL, *ipaddr = NULL;
char *shell;
int i;
#ifdef WITH_AIXAUTHENTICATE
@@ -115,10 +116,15 @@ allowed_user(struct passwd * pw)
return 0;
}
+ if (options.num_deny_users > 0 || options.num_allow_users > 0) {
+ hostname = get_canonical_hostname(options.verify_reverse_mapping);
+ ipaddr = get_remote_ipaddr();
+ }
+
/* Return false if user is listed in DenyUsers */
if (options.num_deny_users > 0) {
for (i = 0; i < options.num_deny_users; i++)
- if (match_user(pw->pw_name, options.verify_reverse_mapping,
+ if (match_user(pw->pw_name, hostname, ipaddr,
options.deny_users[i])) {
log("User %.100s not allowed because listed in DenyUsers",
pw->pw_name);
@@ -128,7 +134,7 @@ allowed_user(struct passwd * pw)
/* Return false if AllowUsers isn't empty and user isn't listed there */
if (options.num_allow_users > 0) {
for (i = 0; i < options.num_allow_users; i++)
- if (match_user(pw->pw_name, options.verify_reverse_mapping,
+ if (match_user(pw->pw_name, hostname, ipaddr,
options.allow_users[i]))
break;
/* i < options.num_allow_users iff we break for loop */
diff --git a/match.c b/match.c
index e73ed2aa..3ddb6273 100644
--- a/match.c
+++ b/match.c
@@ -35,10 +35,9 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: match.c,v 1.18 2002/02/28 19:36:28 stevesk Exp $");
+RCSID("$OpenBSD: match.c,v 1.19 2002/03/01 13:12:10 markus Exp $");
#include "match.h"
-#include "canohost.h"
#include "xmalloc.h"
/*
@@ -203,7 +202,7 @@ match_host_and_ip(const char *host, const char *ipaddr,
* match user, user@host_or_ip, user@host_or_ip_list against pattern
*/
int
-match_user(const char *user, int verify_reverse_mapping,
+match_user(const char *user, const char *host, const char *ipaddr,
const char *pattern)
{
char *p, *pat;
@@ -217,9 +216,7 @@ match_user(const char *user, int verify_reverse_mapping,
*p++ = '\0';
if ((ret = match_pattern(user, pat)) == 1)
- ret = match_host_and_ip(
- get_canonical_hostname(verify_reverse_mapping),
- get_remote_ipaddr(), p);
+ ret = match_host_and_ip(host, ipaddr, p);
xfree(pat);
return ret;
diff --git a/match.h b/match.h
index a5e85a9d..a0764e00 100644
--- a/match.h
+++ b/match.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: match.h,v 1.11 2002/02/28 19:36:28 stevesk Exp $ */
+/* $OpenBSD: match.h,v 1.12 2002/03/01 13:12:10 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -18,7 +18,7 @@ int match_pattern(const char *, const char *);
int match_pattern_list(const char *, const char *, u_int, int);
int match_hostname(const char *, const char *, u_int);
int match_host_and_ip(const char *, const char *, const char *);
-int match_user(const char *, int, const char *);
+int match_user(const char *, const char *, const char *, const char *);
char *match_list(const char *, const char *, u_int *);
#endif