Attachment 1762 Details for Bug 1690 – Patch for src/auth.c to process AllowUsers/DenyGroups config directives correctly

[patch] Patch for src/auth.c to process AllowUsers/DenyGroups config directives correctly

auth.c.patch (text/plain), 1.14 KB, created by pallenpost on 2009-12-29 17:57:58 AEDT

(hide)

Description:

Filename:

MIME Type:

Creator: pallenpost

Created: 2009-12-29 17:57:58 AEDT

Size: 1.14 KB

patch

obsolete

>--- openssh-5.3p1/auth.c	2008-11-05 00:12:54.000000000 -0500
>+++ openssh-5.3p1-patched/auth.c	2009-12-29 01:26:47.000000000 -0500
>@@ -177,6 +177,11 @@
> 		ipaddr = get_remote_ipaddr();
> 	}
> 
>+	#ifdef CUSTOM_SYS_AUTH_ALLOWED_USER
>+		if (!sys_auth_allowed_user(pw, &loginmsg))
>+			return 0;
>+	#endif
>+ 
> 	/* Return false if user is listed in DenyUsers */
> 	if (options.num_deny_users > 0) {
> 		for (i = 0; i < options.num_deny_users; i++)
>@@ -189,11 +194,12 @@
> 			}
> 	}
> 	/* Return false if AllowUsers isn't empty and user isn't listed there */
>+	/* Return true if user is listed in AllowUsers */
> 	if (options.num_allow_users > 0) {
> 		for (i = 0; i < options.num_allow_users; i++)
> 			if (match_user(pw->pw_name, hostname, ipaddr,
> 			    options.allow_users[i]))
>-				break;
>+				return 1;
> 		/* i < options.num_allow_users iff we break for loop */
> 		if (i >= options.num_allow_users) {
> 			logit("User %.100s from %.100s not allowed because "
>@@ -235,11 +241,6 @@
> 		ga_free();
> 	}
> 
>-#ifdef CUSTOM_SYS_AUTH_ALLOWED_USER
>-	if (!sys_auth_allowed_user(pw, &loginmsg))
>-		return 0;
>-#endif
>-
> 	/* We found no reason not to let this user try to log on... */
> 	return 1;
> }

Actions: View | Diff

Attachments on bug 1690: 1762