search for: ga_match

Displaying 11 results from an estimated 11 matches for "ga_match".

2015 Nov 18
0
[Bug 2497] New: Add debugging information to ga_match() to show each attempted match
https://bugzilla.mindrot.org/show_bug.cgi?id=2497 Bug ID: 2497 Summary: Add debugging information to ga_match() to show each attempted match Product: Portable OpenSSH Version: 7.1p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigne...
2007 May 17
7
[Bug 1315] New: Match Group does not support negation
...of the named group). The following patch adds this functionality. A small change to wording on line 534 of servconf.c is also in order, but I haven't added that. I also did not check to see if this causes any major headaches with AllowGroups or DenyGroups, which also use the modified function (ga_match), but I don't believe it should. The one assumption which should be spelled out is that if you get a negation match, that is a breaker which causes further matching to stop. -- Configure bugmail: http://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because:...
2007 Nov 02
1
[Patch, enh] Permit host and IP addresses in (Allow|Deny)Groups
...nssh-4.7p1/auth.c 2007-03-26 09:35:28.000000000 -0700 +++ osshGroupHostIP-4.7p1/auth.c 2007-11-02 14:52:58.000000000 -0700 @@ -210,8 +210,13 @@ /* Return false if one of user's groups is listed in DenyGroups */ if (options.num_deny_groups > 0) +#ifndef GROUP_MATCH_HOST_AND_IP if (ga_match(options.deny_groups, options.num_deny_groups)) { +#else /* GROUP_MATCH_HOST_AND_IP */ + if (ga_match_host_and_ip(options.deny_groups, + options.num_deny_groups, hostname, ipaddr)) { +#endif /* GROUP_MATCH_HOST_AND_IP */ ga_free(); logit("User %.100s from %.100s not al...
2003 Feb 16
2
AllowUsers Change
...return 0; } /* - * Return false if AllowGroups isn't empty and one of user's groups - * isn't listed there + * Return false if AllowGroups isn't empty and one of + * user's groups isn't listed there */ if (options.num_allow_groups > 0) if (!ga_match(options.allow_groups, options.num_allow_groups)) { ga_free(); - log("User %.100s not allowed because none of user's groups are listed in AllowGroups", + if (options.num_deny_users > 0 || + options.num_allow_users > 0) { + log("User %.100s not a...
2001 Jun 18
2
Patch for changing expired passwords
...== 0) { ! log("User %.100s not allowed because not in any group", ! pw->pw_name); return 0; + } /* Return false if one of user's groups is listed in DenyGroups */ if (options.num_deny_groups > 0) *************** *** 98,103 **** --- 113,120 ---- if (ga_match(options.deny_groups, options.num_deny_groups)) { ga_free(); + log("User %.100s not allowed because a group is listed in DenyGroups", + pw->pw_name); return 0; } /* *************** *** 108,113 **** --- 125,132 ---- if (!ga_match(options.allow_...
2007 Nov 11
0
Patch to sshd match
...uot;; /* * Even if we do not have a user yet, we still need to check for @@ -529,12 +537,12 @@ } else if (ga_init(pw->pw_name, pw->pw_gid) == 0) { debug("Can't Match group because user %.100s not in any group " "at line %d", user, line); - } else if (ga_match(grplist, ngrps) != 1) { - debug("user %.100s does not match group %.100s at line %d", - user, arg, line); + } else if (ga_match(grplist, ngrps) == not) { + debug("user %.100s does not match %sgroup %.100s at line %d", + user, notstr, arg, line); } else { - debug(&...
2004 Oct 02
12
[Bug 938] "AllowGroups" option and secondary user's groups limit
http://bugzilla.mindrot.org/show_bug.cgi?id=938 Summary: "AllowGroups" option and secondary user's groups limit Product: Portable OpenSSH Version: 3.9p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: PAM support AssignedTo: openssh-bugs at
2002 Mar 28
1
[PATCH] Feature addition: user access control per auth method
...} + + if (access.num_allow_groups > 0 || access.num_deny_groups > 0) { + /* load up the user's group list */ + if (ga_init(pw->pw_name, pw->pw_gid) == 0) + return 0; + + /* return false if the user is in a denied group */ + if (access.num_deny_groups > 0) + if (ga_match(access.deny_groups, + access.num_deny_groups)) { + ga_free(); + return 0; + } + + /* + * Return false if the allowed groups are specified and the + * user is not in one + */ + if (access.num_allow_groups > 0) + if (!ga_match(access.allow_groups, +...
2001 Oct 12
17
Please test snapshots for 3.0 release
Could everyone please test the latest snapshots as we will be making a new release soon. If you have any patches you would like us to consider, please resend them to the list ASAP. -d -- | Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's | http://www.mindrot.org / distributed filesystem'' - Dan Geer
2001 Nov 06
13
OpenSSH 3.0
OpenSSH 3.0 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. This release contains many portability bug-fixes (listed in the ChangeLog) as well as several new features (listed below). We would like to thank the
2004 Feb 20
24
[Bug 787] Minor security problem due to use of deprecated NGROUPS_MAX in uidswap.c (sshd)
http://bugzilla.mindrot.org/show_bug.cgi?id=787 ------- Additional Comments From openssh_bugzilla at hockin.org 2004-02-20 13:01 ------- Created an attachment (id=548) --> (http://bugzilla.mindrot.org/attachment.cgi?id=548&action=view) NGROUPS patch ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.