version 1.51.2.2, 2005/03/10 17:15:04 |
version 1.52, 2004/05/08 00:01:37 |
|
|
for (i = 0; i < options.num_deny_users; i++) |
for (i = 0; i < options.num_deny_users; i++) |
if (match_user(pw->pw_name, hostname, ipaddr, |
if (match_user(pw->pw_name, hostname, ipaddr, |
options.deny_users[i])) { |
options.deny_users[i])) { |
logit("User %.100s from %.100s not allowed " |
logit("User %.100s not allowed because listed in DenyUsers", |
"because listed in DenyUsers", |
pw->pw_name); |
pw->pw_name, hostname); |
|
return 0; |
return 0; |
} |
} |
} |
} |
|
|
break; |
break; |
/* i < options.num_allow_users iff we break for loop */ |
/* i < options.num_allow_users iff we break for loop */ |
if (i >= options.num_allow_users) { |
if (i >= options.num_allow_users) { |
logit("User %.100s from %.100s not allowed because " |
logit("User %.100s not allowed because not listed in AllowUsers", |
"not listed in AllowUsers", pw->pw_name, hostname); |
pw->pw_name); |
return 0; |
return 0; |
} |
} |
} |
} |
if (options.num_deny_groups > 0 || options.num_allow_groups > 0) { |
if (options.num_deny_groups > 0 || options.num_allow_groups > 0) { |
/* Get the user's group access list (primary and supplementary) */ |
/* Get the user's group access list (primary and supplementary) */ |
if (ga_init(pw->pw_name, pw->pw_gid) == 0) { |
if (ga_init(pw->pw_name, pw->pw_gid) == 0) { |
logit("User %.100s from %.100s not allowed because " |
logit("User %.100s not allowed because not in any group", |
"not in any group", pw->pw_name, hostname); |
pw->pw_name); |
return 0; |
return 0; |
} |
} |
|
|
|
|
if (ga_match(options.deny_groups, |
if (ga_match(options.deny_groups, |
options.num_deny_groups)) { |
options.num_deny_groups)) { |
ga_free(); |
ga_free(); |
logit("User %.100s from %.100s not allowed " |
logit("User %.100s not allowed because a group is listed in DenyGroups", |
"because a group is listed in DenyGroups", |
pw->pw_name); |
pw->pw_name, hostname); |
|
return 0; |
return 0; |
} |
} |
/* |
/* |
|
|
if (!ga_match(options.allow_groups, |
if (!ga_match(options.allow_groups, |
options.num_allow_groups)) { |
options.num_allow_groups)) { |
ga_free(); |
ga_free(); |
logit("User %.100s from %.100s not allowed " |
logit("User %.100s not allowed because none of user's groups are listed in AllowGroups", |
"because none of user's groups are listed " |
pw->pw_name); |
"in AllowGroups", pw->pw_name, hostname); |
|
return 0; |
return 0; |
} |
} |
ga_free(); |
ga_free(); |
|
|
/* Raise logging level */ |
/* Raise logging level */ |
if (authenticated == 1 || |
if (authenticated == 1 || |
!authctxt->valid || |
!authctxt->valid || |
authctxt->failures >= options.max_authtries / 2 || |
authctxt->failures >= AUTH_FAIL_LOG || |
strcmp(method, "password") == 0) |
strcmp(method, "password") == 0) |
authlog = logit; |
authlog = logit; |
|
|
|
|
authlog("%s %s for %s%.100s from %.200s port %d%s", |
authlog("%s %s for %s%.100s from %.200s port %d%s", |
authmsg, |
authmsg, |
method, |
method, |
authctxt->valid ? "" : "invalid user ", |
authctxt->valid ? "" : "illegal user ", |
authctxt->user, |
authctxt->user, |
get_remote_ipaddr(), |
get_remote_ipaddr(), |
get_remote_port(), |
get_remote_port(), |
|
|
|
|
pw = getpwnam(user); |
pw = getpwnam(user); |
if (pw == NULL) { |
if (pw == NULL) { |
logit("Invalid user %.100s from %.100s", |
logit("Illegal user %.100s from %.100s", |
user, get_remote_ipaddr()); |
user, get_remote_ipaddr()); |
return (NULL); |
return (NULL); |
} |
} |
|
|
fake.pw_passwd = |
fake.pw_passwd = |
"$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK"; |
"$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK"; |
fake.pw_gecos = "NOUSER"; |
fake.pw_gecos = "NOUSER"; |
fake.pw_uid = (uid_t)-1; |
fake.pw_uid = -1; |
fake.pw_gid = (gid_t)-1; |
fake.pw_gid = -1; |
fake.pw_class = ""; |
fake.pw_class = ""; |
fake.pw_dir = "/nonexist"; |
fake.pw_dir = "/nonexist"; |
fake.pw_shell = "/nonexist"; |
fake.pw_shell = "/nonexist"; |