Displaying 16 results from an estimated 16 matches for "num_allow_group".
Did you mean:
num_allow_groups
2003 Feb 16
2
AllowUsers Change
...tions.allow_users[i]))
- break;
- /* i < options.num_allow_users iff we break for loop */
- if (i >= options.num_allow_users) {
- log("User %.100s not allowed because not listed in AllowUsers",
+ goto success;
+
+ if (options.num_deny_groups == 0 &&
+ options.num_allow_groups == 0) {
+ log("User %.100s not allowed because not in AllowUsers",
pw->pw_name);
return 0;
}
@@ -136,20 +137,28 @@
return 0;
}
/*
- * Return false if AllowGroups isn't empty and one of user's groups
- * isn't listed there
+ * Return false...
2002 Mar 28
1
[PATCH] Feature addition: user access control per auth method
...+ for (i = 0; i < access.num_allow_users; i++)
+ if (match_user(pw->pw_name, hostname, ipaddr,
+ access.allow_users[i]))
+ break;
+ /* i < access.num_allow_users iff we break for loop */
+ if ( i >= access.num_allow_users)
+ return 0;
+ }
+
+ if (access.num_allow_groups > 0 || access.num_deny_groups > 0) {
+ /* load up the user's group list */
+ if (ga_init(pw->pw_name, pw->pw_gid) == 0)
+ return 0;
+
+ /* return false if the user is in a denied group */
+ if (access.num_deny_groups > 0)
+ if (ga_match(access.deny_groups,
+...
2000 Aug 29
0
AllowUsers and AllogGroups problem...
...}
> /* i < options.num_allow_users if we break for loop
> to allow allow users and allow groups colive we can't
> quit with error message when user wasn't listed in
> allow users list
> */
> if (i >= options.num_allow_users && !options.num_allow_groups)
131a140,143
> *
> * If user was listed in AllowUsers and not mentioned on
> * deny lists then we do not need to check against
> * AllowGroups definition
133c145
< if (options.num_allow_groups > 0) {
---
> if (options.num_allow_groups > 0 && !user_in...
2007 Nov 02
1
[Patch, enh] Permit host and IP addresses in (Allow|Deny)Groups
...options.num_deny_groups, hostname, ipaddr))
{
+#endif /* GROUP_MATCH_HOST_AND_IP */
ga_free();
logit("User %.100s from %.100s not
allowed "
"because a group is listed in
DenyGroups",
@@ -223,8 +228,13 @@
* isn't listed there
*/
if (options.num_allow_groups > 0)
+#ifndef GROUP_MATCH_HOST_AND_IP
if (!ga_match(options.allow_groups,
options.num_allow_groups)) {
+#else /* GROUP_MATCH_HOST_AND_IP */
+ if (!ga_match_host_and_ip(options.allow_groups,
+ options.num_allow_groups, hostname, ipaddr))
{
+#endif /* GROUP_MATCH_HOST_AND_IP *...
2001 Jun 18
2
Patch for changing expired passwords
...ow_users > 0) {
***************
*** 85,97 ****
if (match_pattern(pw->pw_name, options.allow_users[i]))
break;
/* i < options.num_allow_users iff we break for loop */
! if (i >= options.num_allow_users)
return 0;
}
if (options.num_deny_groups > 0 || options.num_allow_groups > 0) {
/* Get the user's group access list (primary and supplementary) */
! if (ga_init(pw->pw_name, pw->pw_gid) == 0)
return 0;
/* Return false if one of user's groups is listed in DenyGroups */
if (options.num_deny_groups > 0)
--- 94,112 ----
if (ma...
2002 Jul 04
4
Chroot patch (v3.4p1)
...name, linenum);
+ options->chroot_users[options->num_chroot_users++] =
+ xstrdup(arg);
+ }
+ break;
+
case sAllowGroups:
while ((arg = strdelim(&cp)) && *arg != '\0') {
if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
--- openssh-3.4p1.vanilla/servconf.h Thu Jun 20 21:09:47 2002
+++ openssh-3.4p1/servconf.h Wed Jul 3 11:23:26 2002
@@ -20,6 +20,7 @@
#define MAX_ALLOW_USERS 256 /* Max # users on allow list. */
#define MAX_DENY_USERS 256 /* Max # users on deny list. */
+#define MAX_C...
2000 Aug 25
0
problem with AllowUsers and AllowGroups
...f group ssh. Since code only tests against primary group user can't
login.
-------------- next part --------------
diff openssh-2.1.1p4/auth.c openssh-fixed/auth.c
55a56
> int allow_users_ok = 0;
111a113,114
> {
> allow_users_ok = 1;
112a116
> }
135c139
< if (options.num_allow_groups > 0) {
---
> if ((options.num_allow_groups > 0) && (!allow_users_ok)) {
2005 Jan 20
0
AllowUsers - proposal for useful variations on the theme
...users_ipaddr) {
+ allowed = 1;
+ }
+ }
+
+ if (allowed == 0) {
+ logit("User %.100s not allowed because not listed in AllowUsers, AllowUsersFixedname or AllowUsersIpaddr",
+ pw->pw_name);
+ return 0;
+ }
+
if (options.num_deny_groups > 0 || options.num_allow_groups > 0) {
/* Get the user's group access list (primary and supplementary) */
if (ga_init(pw->pw_name, pw->pw_gid) == 0) {
logit("User %.100s not allowed because not in any group",
pw->pw_name);
return 0;
}
diff -r -U 8 openssh-3.9p1.orig/match.c op...
2003 Feb 10
0
Possible Allow* bug?
...ow_users[options->num_allow_users++] =
xstrdup(arg);
}
+ debug3("Found %d AllowUsers", options->num_allow_users);
break;
case sDenyUsers:
@@ -795,6 +796,7 @@
options->allow_groups[options->num_allow_groups++] =
xstrdup(arg);
}
+ debug3("Found %d AllowGroups", options->num_allow_groups);
break;
case sDenyGroups:
--
James Dennis
Harvard Law School
"Not everything that counts can be counted,
and...
1999 Nov 20
1
openssh and DOS
...r.
Again, there may be a better solution.
Craig
------------------------------------------------------------
--- openssh-1.2pre13/servconf.c.orig Fri Nov 19 23:30:33 1999
+++ openssh-1.2pre13/servconf.c Fri Nov 19 23:36:56 1999
@@ -62,6 +62,7 @@
options->num_deny_users = 0;
options->num_allow_groups = 0;
options->num_deny_groups = 0;
+ options->max_connections = -1;
}
void fill_default_server_options(ServerOptions *options)
@@ -161,7 +162,7 @@
sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,...
2001 Nov 06
13
OpenSSH 3.0
OpenSSH 3.0 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
This release contains many portability bug-fixes (listed in the
ChangeLog) as well as several new features (listed below).
We would like to thank the
2000 Oct 24
2
feature request & patch submit: chroot(2) in sshd
...penssh-2.2.0p1chroot/servconf.c Sun Oct 22 18:59:49 2000
@@ -68,6 +68,8 @@
#endif
options->permit_empty_passwd = -1;
options->use_login = -1;
+ options->use_chroot = -1;
+ options->chroot_group = -1;
options->num_allow_users = 0;
options->num_deny_users = 0;
options->num_allow_groups = 0;
@@ -158,6 +160,10 @@
options->permit_empty_passwd = 0;
if (options->use_login == -1)
options->use_login = 0;
+ if (options->use_chroot == -1)
+ options->use_chroot = 0;
+ if (options->chroot_group == -1)
+ options->chroot_group = 0;
if (options->protocol ==...
2001 Nov 12
4
Please test -current
Could people please test -current? We will be making a release fairly
soon.
-d
--
| By convention there is color, \\ Damien Miller <djm at mindrot.org>
| By convention sweetness, By convention bitterness, \\ www.mindrot.org
| But in reality there are atoms and space - Democritus (c. 400 BCE)
2001 Oct 12
17
Please test snapshots for 3.0 release
Could everyone please test the latest snapshots as we will be making a
new release soon.
If you have any patches you would like us to consider, please resend
them to the list ASAP.
-d
--
| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's
| http://www.mindrot.org / distributed filesystem'' - Dan Geer
2001 Nov 20
3
problem with AFS token forwarding
Hello,
I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1
concerning the AFS token forwarding. That means that the new versions are
not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH
releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this
problem already existed in Openssh 2.9.9p1, but I have never used this
version (I only looked at the
2008 Apr 21
3
FIPS 140-2 OpenSSL(2007) patches
...be set by default */
/* options->proxy_command should not be set by default */
/* options->user will be set in the main program if appropriate */
--- openssh-4.7p1/servconf.c Mon Dec 17 04:25:51 2007
+++ openssh-4.7p1/servconf.c Fri Dec 21 15:59:15 2007
@@ -104,7 +104,11 @@
options->num_allow_groups = 0;
options->num_deny_groups = 0;
options->ciphers = NULL;
+#ifdef OPENSSL_FIPS
+ options->macs = "hmac-sha1,hmac-sha1-96";
+#else
options->macs = NULL;
+#endif
options->protocol = SSH_PROTO_UNKNOWN;
options->gateway_ports = -1;
options->num_subsystems =...