Displaying 20 results from an estimated 20 matches for "num_allow_users".
2003 Feb 16
2
AllowUsers Change
...c
--- auth.c 4 Nov 2002 10:07:53 -0000 1.46
+++ auth.c 16 Feb 2003 03:27:42 -0000
@@ -105,15 +105,16 @@
return 0;
}
}
- /* Return false if AllowUsers isn't empty and user isn't listed there */
+ /* Return true if person in AllowUsers, otherwise try the group test */
if (options.num_allow_users > 0) {
for (i = 0; i < options.num_allow_users; i++)
if (match_user(pw->pw_name, hostname, ipaddr,
options.allow_users[i]))
- break;
- /* i < options.num_allow_users iff we break for loop */
- if (i >= options.num_allow_users) {
- log("User %.100s not allow...
2005 Jan 20
0
AllowUsers - proposal for useful variations on the theme
...@ -138,44 +138,85 @@
}
if (S_ISREG(st.st_mode) == 0 ||
(st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) {
logit("User %.100s not allowed because shell %.100s is not executable",
pw->pw_name, shell);
return 0;
}
- if (options.num_deny_users > 0 || options.num_allow_users > 0) {
+ if (options.num_deny_users > 0 || options.num_allow_users > 0 ||
+ options.num_allow_users_fixedname > 0 ||
+ options.num_allow_users_ipaddr > 0 ) {
hostname = get_canonical_hostname(options.use_dns);
ipaddr = get_remote_ipaddr();
}
/* Return false if use...
2001 Jun 18
2
Patch for changing expired passwords
...s listed in DenyUsers */
if (options.num_deny_users > 0) {
for (i = 0; i < options.num_deny_users; i++)
! if (match_pattern(pw->pw_name, options.deny_users[i]))
return 0;
}
/* Return false if AllowUsers isn't empty and user isn't listed there */
if (options.num_allow_users > 0) {
--- 68,92 ----
shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell;
/* deny if shell does not exists or is not executable */
! if (stat(shell, &st) != 0) {
! log("User %.100s not allowed because shell %.100s does not exist",
! pw->...
2002 Mar 28
1
[PATCH] Feature addition: user access control per auth method
...39;t contain the user's group
+ * return false.
+ * Otherwise, return true.
+ */
+int auth_allowed_user(struct passwd *pw, Authaccess access)
+{
+ const char *hostname = NULL, *ipaddr = NULL;
+ int i;
+
+ if (!pw || !pw->pw_name)
+ return 0;
+
+ if (access.num_deny_users > 0 || access.num_allow_users > 0) {
+ hostname = get_canonical_hostname(options.verify_reverse_mapping);
+ ipaddr = get_remote_ipaddr();
+ }
+
+ /* Return false if user is listed in DenyUsers */
+ if (access.num_deny_users > 0) {
+ for (i = 0; i < access.num_deny_users; i++)
+ if (match_user(pw->pw_name, h...
2003 Jun 11
2
[PATCH] Fix typos, OpenBSD + Portable
...======
RCS file: /cvs/src/usr.bin/ssh/auth.c,v
retrieving revision 1.48
diff -u -r1.48 auth.c
--- auth.c 2003/06/02 09:17:34 1.48
+++ auth.c 2003/06/11 12:29:19
@@ -111,7 +111,7 @@
if (match_user(pw->pw_name, hostname, ipaddr,
options.allow_users[i]))
break;
- /* i < options.num_allow_users iff we break for loop */
+ /* i < options.num_allow_users if we break for loop */
if (i >= options.num_allow_users) {
logit("User %.100s not allowed because not listed in AllowUsers",
pw->pw_name);
Index: monitor.c
=================================================...
2000 Aug 29
0
AllowUsers and AllogGroups problem...
...t include it in this patch. But it is very easy to
implement if wanted so.
-------------- next part --------------
diff openssh-SNAP-20000829/auth.c openssh/auth.c
53a54
> int user_in_allow_list = 0;
109a111,112
> {
> user_in_allow_list = 1;
111,112c114,120
< /* i < options.num_allow_users iff we break for loop */
< if (i >= options.num_allow_users)
---
> }
> /* i < options.num_allow_users if we break for loop
> to allow allow users and allow groups colive we can't
> quit with error message when user wasn't listed in
> allow user...
2001 Jun 04
0
[patch] user@host in AllowUsers
...(i = 0; i < options.num_deny_users; i++)
- if (match_pattern(pw->pw_name, options.deny_users[i]))
+ if (match_user(pw->pw_name, hostname, ipaddr, options.deny_users[i]))
return 0;
}
/* Return false if AllowUsers isn't empty and user isn't listed there */
if (options.num_allow_users > 0) {
+ const char *hostname = get_canonical_hostname(options.reverse_mapping_check);
+ const char *ipaddr = get_remote_ipaddr();
for (i = 0; i < options.num_allow_users; i++)
- if (match_pattern(pw->pw_name, options.allow_users[i]))
+ if (match_user(pw->pw_name, hostname, ipa...
2001 Mar 02
0
Patch for system-wide default environment
...c Thu Mar 1 15:45:03 2001
***************
*** 81,86 ****
--- 81,87 ----
options->challenge_reponse_authentication = -1;
options->permit_empty_passwd = -1;
options->use_login = -1;
+ options->sys_environment_file = NULL;
options->allow_tcp_forwarding = -1;
options->num_allow_users = 0;
options->num_deny_users = 0;
***************
*** 210,216 ****
sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
! sUseLogin,...
2001 Mar 14
1
/etc/default/login patch?
Would anybody happen to have or know of a patch to make /etc/default/login
PATH and SUPATH the default openssh path? We have customized paths for each
school of engineering (each have their own customized site bin). This is
easily controled with /etc/default/login. The --with-default-path option
is too rigid. This is Solaris I am talking about.
--mike
2001 Oct 12
17
Please test snapshots for 3.0 release
Could everyone please test the latest snapshots as we will be making a
new release soon.
If you have any patches you would like us to consider, please resend
them to the list ASAP.
-d
--
| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's
| http://www.mindrot.org / distributed filesystem'' - Dan Geer
2000 Oct 24
2
feature request & patch submit: chroot(2) in sshd
...vconf.c
--- openssh-2.2.0p1/servconf.c Fri Aug 18 05:59:06 2000
+++ openssh-2.2.0p1chroot/servconf.c Sun Oct 22 18:59:49 2000
@@ -68,6 +68,8 @@
#endif
options->permit_empty_passwd = -1;
options->use_login = -1;
+ options->use_chroot = -1;
+ options->chroot_group = -1;
options->num_allow_users = 0;
options->num_deny_users = 0;
options->num_allow_groups = 0;
@@ -158,6 +160,10 @@
options->permit_empty_passwd = 0;
if (options->use_login == -1)
options->use_login = 0;
+ if (options->use_chroot == -1)
+ options->use_chroot = 0;
+ if (options->chroot_group...
2001 Nov 06
13
OpenSSH 3.0
OpenSSH 3.0 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
This release contains many portability bug-fixes (listed in the
ChangeLog) as well as several new features (listed below).
We would like to thank the
2003 Feb 10
0
Possible Allow* bug?
....0 port 8088.
The diff, in case you want to see what I actually did:
-3.5p1-chroot/servconf.c
--- openssh-3.5p1/servconf.c Thu Sep 5 00:35:15 2002
+++ openssh-3.5p1-chroot/servconf.c Mon Feb 10 13:52:34 2003
@@ -775,6 +775,7 @@
options->allow_users[options->num_allow_users++] =
xstrdup(arg);
}
+ debug3("Found %d AllowUsers", options->num_allow_users);
break;
case sDenyUsers:
@@ -795,6 +796,7 @@
options->allow_groups[options->num_allow_groups++] =...
2015 Jan 30
5
[Bug 2346] New: sshd -T doesn't write all configuration options in valid format
https://bugzilla.mindrot.org/show_bug.cgi?id=2346
Bug ID: 2346
Summary: sshd -T doesn't write all configuration options in
valid format
Product: Portable OpenSSH
Version: 6.7p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component:
2014 Jun 06
1
Patch: Ciphers, MACs and KexAlgorithms on Match
...ized_principals_file); \
M_CP_STROPT(authorized_keys_command); \
M_CP_STROPT(authorized_keys_command_user); \
+ M_CP_STROPT(ciphers); \
+ M_CP_STROPT(macs); \
+ M_CP_STROPT(kex_algorithms); \
M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \
M_CP_STRARRAYOPT(allow_users, num_allow_users); \
M_CP_STRARRAYOPT(deny_users, num_deny_users); \
Index: sshd.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sshd.c,v
retrieving revision 1.426
diff -u -p -u -r1.426 sshd.c
--- sshd.c 29 Apr 2014 18:01:49 -0000 1.426
+++ sshd.c 6 Jun 2014 0...
2006 Jan 08
3
Allow --without-privsep build.
...ag:
intptr = &options->allow_tcp_forwarding;
goto parse_flag;
+#ifdef USE_PRIVSEP
case sUsePrivilegeSeparation:
intptr = &use_privsep;
goto parse_flag;
-
+#endif
case sAllowUsers:
while ((arg = strdelim(&cp)) && *arg != '\0') {
if (options->num_allow_users >= MAX_ALLOW_USERS)
--- openssh-4.2p1/sshd.c~ 2005-07-26 12:54:56.000000000 +0100
+++ openssh-4.2p1/sshd.c 2006-01-07 18:12:40.000000000 +0000
@@ -200,9 +200,11 @@ u_int utmp_len = MAXHOSTNAMELEN;
int *startup_pipes = NULL;
int startup_pipe; /* in child */
+#ifdef USE_PRIVSEP
/* variables...
2001 Nov 12
4
Please test -current
Could people please test -current? We will be making a release fairly
soon.
-d
--
| By convention there is color, \\ Damien Miller <djm at mindrot.org>
| By convention sweetness, By convention bitterness, \\ www.mindrot.org
| But in reality there are atoms and space - Democritus (c. 400 BCE)
2012 Nov 21
1
HostKey in hardware?
Hi,
Is there any way to store HostKey in hardware (and delegate the related
processing)?
I have been using Roumen Petrov's x509 patch for clients, which works via an
OpenSSL engine, but it does not seem to support server HostKey:
http://roumenpetrov.info/pipermail/ssh_x509_roumenpetrov.info/2012q4/000019.html
For PKCS#11, I have found an email on this list from a year back suggesting
this
2000 Aug 27
0
patch for TIS (skey/opie) *and* passwd auth via PAM
...5:42:20 2000
+++ openssh-2.1.1p4-hein/servconf.c Sun Aug 27 12:36:00 2000
@@ -67,6 +67,9 @@
#ifdef SKEY
options->skey_authentication = -1;
#endif
+#ifdef PAM_TIS
+ options->tis_authentication = -1;
+#endif
options->permit_empty_passwd = -1;
options->use_login = -1;
options->num_allow_users = 0;
@@ -155,6 +158,10 @@
if (options->skey_authentication == -1)
options->skey_authentication = 1;
#endif
+#ifdef PAM_TIS
+ if (options->tis_authentication == -1)
+ options->tis_authentication = 1;
+#endif
if (options->permit_empty_passwd == -1)
options->permit_empty_...
2001 Nov 20
3
problem with AFS token forwarding
Hello,
I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1
concerning the AFS token forwarding. That means that the new versions are
not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH
releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this
problem already existed in Openssh 2.9.9p1, but I have never used this
version (I only looked at the