Displaying 11 results from an estimated 11 matches for "ga_match".
2015 Nov 18
0
[Bug 2497] New: Add debugging information to ga_match() to show each attempted match
https://bugzilla.mindrot.org/show_bug.cgi?id=2497
Bug ID: 2497
Summary: Add debugging information to ga_match() to show each
attempted match
Product: Portable OpenSSH
Version: 7.1p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigne...
2007 May 17
7
[Bug 1315] New: Match Group does not support negation
...of the named group).
The following patch adds this functionality. A small change to wording
on line 534 of servconf.c is also in order, but I haven't added that. I
also did not check to see if this causes any major headaches with
AllowGroups or DenyGroups, which also use the modified function
(ga_match), but I don't believe it should. The one assumption which
should be spelled out is that if you get a negation match, that is a
breaker which causes further matching to stop.
--
Configure bugmail: http://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because:...
2007 Nov 02
1
[Patch, enh] Permit host and IP addresses in (Allow|Deny)Groups
...nssh-4.7p1/auth.c 2007-03-26 09:35:28.000000000 -0700
+++ osshGroupHostIP-4.7p1/auth.c 2007-11-02 14:52:58.000000000
-0700
@@ -210,8 +210,13 @@
/* Return false if one of user's groups is listed in
DenyGroups */
if (options.num_deny_groups > 0)
+#ifndef GROUP_MATCH_HOST_AND_IP
if (ga_match(options.deny_groups,
options.num_deny_groups)) {
+#else /* GROUP_MATCH_HOST_AND_IP */
+ if (ga_match_host_and_ip(options.deny_groups,
+ options.num_deny_groups, hostname, ipaddr))
{
+#endif /* GROUP_MATCH_HOST_AND_IP */
ga_free();
logit("User %.100s from %.100s not
al...
2003 Feb 16
2
AllowUsers Change
...return 0;
}
/*
- * Return false if AllowGroups isn't empty and one of user's groups
- * isn't listed there
+ * Return false if AllowGroups isn't empty and one of
+ * user's groups isn't listed there
*/
if (options.num_allow_groups > 0)
if (!ga_match(options.allow_groups,
options.num_allow_groups)) {
ga_free();
- log("User %.100s not allowed because none of user's groups are listed in AllowGroups",
+ if (options.num_deny_users > 0 ||
+ options.num_allow_users > 0) {
+ log("User %.100s not a...
2001 Jun 18
2
Patch for changing expired passwords
...== 0) {
! log("User %.100s not allowed because not in any group",
! pw->pw_name);
return 0;
+ }
/* Return false if one of user's groups is listed in DenyGroups */
if (options.num_deny_groups > 0)
***************
*** 98,103 ****
--- 113,120 ----
if (ga_match(options.deny_groups,
options.num_deny_groups)) {
ga_free();
+ log("User %.100s not allowed because a group is listed in DenyGroups",
+ pw->pw_name);
return 0;
}
/*
***************
*** 108,113 ****
--- 125,132 ----
if (!ga_match(options.allow_...
2007 Nov 11
0
Patch to sshd match
...uot;;
/*
* Even if we do not have a user yet, we still need to check for
@@ -529,12 +537,12 @@
} else if (ga_init(pw->pw_name, pw->pw_gid) == 0) {
debug("Can't Match group because user %.100s not in any group "
"at line %d", user, line);
- } else if (ga_match(grplist, ngrps) != 1) {
- debug("user %.100s does not match group %.100s at line %d",
- user, arg, line);
+ } else if (ga_match(grplist, ngrps) == not) {
+ debug("user %.100s does not match %sgroup %.100s at line %d",
+ user, notstr, arg, line);
} else {
- debug(&...
2004 Oct 02
12
[Bug 938] "AllowGroups" option and secondary user's groups limit
http://bugzilla.mindrot.org/show_bug.cgi?id=938
Summary: "AllowGroups" option and secondary user's groups limit
Product: Portable OpenSSH
Version: 3.9p1
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: PAM support
AssignedTo: openssh-bugs at
2002 Mar 28
1
[PATCH] Feature addition: user access control per auth method
...}
+
+ if (access.num_allow_groups > 0 || access.num_deny_groups > 0) {
+ /* load up the user's group list */
+ if (ga_init(pw->pw_name, pw->pw_gid) == 0)
+ return 0;
+
+ /* return false if the user is in a denied group */
+ if (access.num_deny_groups > 0)
+ if (ga_match(access.deny_groups,
+ access.num_deny_groups)) {
+ ga_free();
+ return 0;
+ }
+
+ /*
+ * Return false if the allowed groups are specified and the
+ * user is not in one
+ */
+ if (access.num_allow_groups > 0)
+ if (!ga_match(access.allow_groups,
+...
2001 Oct 12
17
Please test snapshots for 3.0 release
Could everyone please test the latest snapshots as we will be making a
new release soon.
If you have any patches you would like us to consider, please resend
them to the list ASAP.
-d
--
| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's
| http://www.mindrot.org / distributed filesystem'' - Dan Geer
2001 Nov 06
13
OpenSSH 3.0
OpenSSH 3.0 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
This release contains many portability bug-fixes (listed in the
ChangeLog) as well as several new features (listed below).
We would like to thank the
2004 Feb 20
24
[Bug 787] Minor security problem due to use of deprecated NGROUPS_MAX in uidswap.c (sshd)
http://bugzilla.mindrot.org/show_bug.cgi?id=787
------- Additional Comments From openssh_bugzilla at hockin.org 2004-02-20 13:01 -------
Created an attachment (id=548)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=548&action=view)
NGROUPS patch
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.