search for: ga_init

http://bugzilla.mindrot.org/show_bug.cgi?id=938 Summary: "AllowGroups" option and secondary user's groups limit Product: Portable OpenSSH Version: 3.9p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: PAM support AssignedTo: openssh-bugs at

...])) break; /* i < options.num_allow_users iff we break for loop */ ! if (i >= options.num_allow_users) return 0; } if (options.num_deny_groups > 0 || options.num_allow_groups > 0) { /* Get the user's group access list (primary and supplementary) */ ! if (ga_init(pw->pw_name, pw->pw_gid) == 0) return 0; /* Return false if one of user's groups is listed in DenyGroups */ if (options.num_deny_groups > 0) --- 94,112 ---- if (match_pattern(pw->pw_name, options.allow_users[i])) break; /* i < options.num_allow_user...

...ery call to getpwnam returns 0. Do you know a way to compile openssh statically? Thank you. the warnings: (.text+0x11): warning: Using 'dlopen' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking groupaccess.o: In function `ga_init': /home/john/Downloads/openssh-6.6p1/groupaccess.c:67: warning: Using 'getgrouplist' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking session.o: In function `do_setusercontext': /home/john/Downloads/openssh-6.6p1/sess...

.../lib/gcc/armv5tel-redhat-linux-gnueabi/4.6.1/../../../libcrypto.a(fips.o): In function `FIPSCHECK_verify': (.text+0x20): warning: Using 'dlopen' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking groupaccess.o: In function `ga_init': /builddir/build/BUILD/openssh-5.6p1/groupaccess.c:66: warning: Using 'getgrouplist' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking session.o: In function `do_setusercontext': /builddir/build/BUILD/openssh-5.6p1/se...

...roupaccess.h 2006-08-04 19:39:40.000000000 -0700 +++ osshGroupHostIP-4.7p1/groupaccess.h 2007-11-02 14:46:08.000000000 -0700 @@ -27,8 +27,15 @@ #ifndef GROUPACCESS_H #define GROUPACCESS_H +/* Permit group at host style {Allow|Deny}Groups directive. */ +#define GROUP_MATCH_HOST_AND_IP + int ga_init(const char *, gid_t); int ga_match(char * const *, int); void ga_free(void); +#ifdef GROUP_MATCH_HOST_AND_IP +int ga_match_host_and_ip(char * const *, int, const char *, const char *); +#endif /* GROUP_MATCH_HOST_AND_IP */ + #endif

...Feb 2004 23:50:38 -0000 @@ -31,7 +31,7 @@ #include "log.h" static int ngroups; -static char *groups_byname[NGROUPS_MAX + 1]; /* +1 for base/primary group */ +static char **groups_byname; /* * Initialize group access list for user with primary (base) and @@ -40,20 +40,33 @@ int ga_init(const char *user, gid_t base) { - gid_t groups_bygid[NGROUPS_MAX + 1]; - int i, j; + gid_t *groups_bygid; + int i; struct group *gr; if (ngroups > 0) ga_free(); - ngroups = sizeof(groups_bygid) / sizeof(gid_t); + getgrouplist(user, base, NULL, &ngroups); + groups_bygid = xmalloc(...

...======================================================== RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/groupaccess.c,v retrieving revision 1.10 diff -u -p -r1.10 groupaccess.c --- groupaccess.c 26 Mar 2006 03:24:49 -0000 1.10 +++ groupaccess.c 4 May 2006 01:56:11 -0000 @@ -52,8 +52,8 @@ ga_init(const char *user, gid_t base) ngroups = MAX(NGROUPS_MAX, sysconf(_SC_NGROUPS_MAX)); #endif - groups_bygid = xmalloc(ngroups * sizeof(*groups_bygid)); - groups_byname = xmalloc(ngroups * sizeof(*groups_byname)); + groups_bygid = xcalloc(ngroups, sizeof(*groups_bygid)); + groups_byname = xcalloc...

...const char *user, int not) { int result = 0; u_int ngrps = 0; char *arg, *p, *cp, *grplist[MAX_MATCH_GROUPS]; struct passwd *pw; + char* notstr = not ? "!" : ""; /* * Even if we do not have a user yet, we still need to check for @@ -529,12 +537,12 @@ } else if (ga_init(pw->pw_name, pw->pw_gid) == 0) { debug("Can't Match group because user %.100s not in any group " "at line %d", user, line); - } else if (ga_match(grplist, ngrps) != 1) { - debug("user %.100s does not match group %.100s at line %d", - user, arg...

..., + access.allow_users[i])) + break; + /* i < access.num_allow_users iff we break for loop */ + if ( i >= access.num_allow_users) + return 0; + } + + if (access.num_allow_groups > 0 || access.num_deny_groups > 0) { + /* load up the user's group list */ + if (ga_init(pw->pw_name, pw->pw_gid) == 0) + return 0; + + /* return false if the user is in a denied group */ + if (access.num_deny_groups > 0) + if (ga_match(access.deny_groups, + access.num_deny_groups)) { + ga_free(); + return 0; + } + + /* + * Return false if the allowe...

Could everyone please test the latest snapshots as we will be making a new release soon. If you have any patches you would like us to consider, please resend them to the list ASAP. -d -- | Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's | http://www.mindrot.org / distributed filesystem'' - Dan Geer

...ot allowed because not listed in AllowUsers, AllowUsersFixedname or AllowUsersIpaddr", + pw->pw_name); + return 0; + } + if (options.num_deny_groups > 0 || options.num_allow_groups > 0) { /* Get the user's group access list (primary and supplementary) */ if (ga_init(pw->pw_name, pw->pw_gid) == 0) { logit("User %.100s not allowed because not in any group", pw->pw_name); return 0; } diff -r -U 8 openssh-3.9p1.orig/match.c openssh-3.9p1.jpmg/match.c --- openssh-3.9p1.orig/match.c 2002-03-05 01:42:43.000000000 +0000 +++ open...

http://bugzilla.mindrot.org/show_bug.cgi?id=787 ------- Additional Comments From openssh_bugzilla at hockin.org 2004-02-20 13:01 ------- Created an attachment (id=548) --> (http://bugzilla.mindrot.org/attachment.cgi?id=548&action=view) NGROUPS patch ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

OpenSSH 3.0 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. This release contains many portability bug-fixes (listed in the ChangeLog) as well as several new features (listed below). We would like to thank the

Hi, another issue I''m seeing with 3.0-rc2 and Xen is that there is an unexpectedly high amount of kernel reserved memory. I suspect that Linux allocates page table entries and corresponding data structures for the whole 6GB areas of the provided ''physical RAM map'' even though it has rather big unusable holes in it. [ 0.000000] BIOS-provided physical RAM map: [