thr3ads.net - openssh unix dev - Possible Allow* bug? [Feb 2003]

If this information is useful, please help other people find it:
Share via:

James Dennis

2003-Feb-10 19:06 UTC

Possible Allow* bug?

Hey,

After discussing the limit of MAX_ALLOW_USERS I've been trying to use 
AllowGroups instead. In the config file I have the AllowUsers lines 
before the AllowGroups lines (I have tried both ways) and it appears 
that the presence on the AllowGroups directives seems to blow away any 
Allow* directives I have set. I'm not sure how to check further for bugs 
so I figured I'd contact you guys.

When I simply comment out the AllowGroups line, the AllowUsers 
directives work fine, when I uncomment it, no access is granted to the 
system, period.

Bug?

In servconf.c I added debug lines in each directives case to print the 
amount of users found and when I start sshd, it prints the correct numbers.

[username at hostname /home/username/OpenSSH/openssh-3.5p1]$ ./sshd -d -d 
-d -p 8088
debug3: Found 5 AllowUsers
debug3: Found 11 AllowUsers
debug3: Found 12 AllowUsers
debug3: Found 14 AllowUsers
debug3: Found 16 AllowUsers
debug3: Found 17 AllowUsers
debug3: Found 29 AllowUsers
debug3: Found 1 AllowGroups
debug1: sshd version OpenSSH_3.5p1
debug1: private host key: #0 type 0 RSA1
debug3: Not a RSA1 key file /usr/local/openssh/etc/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug3: Not a RSA1 key file /usr/local/openssh/etc/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 8088 on 0.0.0.0.
Server listening on 0.0.0.0 port 8088.

The diff, in case you want to see what I actually did:
-3.5p1-chroot/servconf.c 

--- openssh-3.5p1/servconf.c    Thu Sep  5 00:35:15 2002
+++ openssh-3.5p1-chroot/servconf.c     Mon Feb 10 13:52:34 2003
@@ -775,6 +775,7 @@
                         options->allow_users[options->num_allow_users++] 
xstrdup(arg);
                 }
+               debug3("Found %d AllowUsers",
options->num_allow_users);
                 break;

         case sDenyUsers:
@@ -795,6 +796,7 @@
 
options->allow_groups[options->num_allow_groups++]                        
xstrdup(arg);
                 }
+               debug3("Found %d AllowGroups",
options->num_allow_groups);
                 break;

         case sDenyGroups:


-- 
James Dennis
Harvard Law School

"Not everything that counts can be counted,
and not everything that can be counted counts."

Possibly Parallel Threads

Search for more possibly parallel threads

openssh unix dev - Feb 2003 - Possible Allow* bug?

Possible Allow* bug?

Possibly Parallel Threads

Wisdom of the Ancients