search for: num_deny_groups

...ss.num_allow_users; i++) + if (match_user(pw->pw_name, hostname, ipaddr, + access.allow_users[i])) + break; + /* i < access.num_allow_users iff we break for loop */ + if ( i >= access.num_allow_users) + return 0; + } + + if (access.num_allow_groups > 0 || access.num_deny_groups > 0) { + /* load up the user's group list */ + if (ga_init(pw->pw_name, pw->pw_gid) == 0) + return 0; + + /* return false if the user is in a denied group */ + if (access.num_deny_groups > 0) + if (ga_match(access.deny_groups, + access.num_deny_groups)) { +...

...ed there */ if (options.num_allow_users > 0) { *************** *** 85,97 **** if (match_pattern(pw->pw_name, options.allow_users[i])) break; /* i < options.num_allow_users iff we break for loop */ ! if (i >= options.num_allow_users) return 0; } if (options.num_deny_groups > 0 || options.num_allow_groups > 0) { /* Get the user's group access list (primary and supplementary) */ ! if (ga_init(pw->pw_name, pw->pw_gid) == 0) return 0; /* Return false if one of user's groups is listed in DenyGroups */ if (options.num_deny_groups &...

...r -u -N openssh-4.7p1/auth.c osshGroupHostIP-4.7p1/auth.c --- openssh-4.7p1/auth.c 2007-03-26 09:35:28.000000000 -0700 +++ osshGroupHostIP-4.7p1/auth.c 2007-11-02 14:52:58.000000000 -0700 @@ -210,8 +210,13 @@ /* Return false if one of user's groups is listed in DenyGroups */ if (options.num_deny_groups > 0) +#ifndef GROUP_MATCH_HOST_AND_IP if (ga_match(options.deny_groups, options.num_deny_groups)) { +#else /* GROUP_MATCH_HOST_AND_IP */ + if (ga_match_host_and_ip(options.deny_groups, + options.num_deny_groups, hostname, ipaddr)) { +#endif /* GROUP_MATCH_HOST_AND_IP */...

...er(pw->pw_name, hostname, ipaddr, options.allow_users[i])) - break; - /* i < options.num_allow_users iff we break for loop */ - if (i >= options.num_allow_users) { - log("User %.100s not allowed because not listed in AllowUsers", + goto success; + + if (options.num_deny_groups == 0 && + options.num_allow_groups == 0) { + log("User %.100s not allowed because not in AllowUsers", pw->pw_name); return 0; } @@ -136,20 +137,28 @@ return 0; } /* - * Return false if AllowGroups isn't empty and one of user's groups...

...ion. Craig ------------------------------------------------------------ --- openssh-1.2pre13/servconf.c.orig Fri Nov 19 23:30:33 1999 +++ openssh-1.2pre13/servconf.c Fri Nov 19 23:36:56 1999 @@ -62,6 +62,7 @@ options->num_deny_users = 0; options->num_allow_groups = 0; options->num_deny_groups = 0; + options->max_connections = -1; } void fill_default_server_options(ServerOptions *options) @@ -161,7 +162,7 @@ sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail, sUseLogin, sAllowUsers, sDenyUser...

.../ + if (i < options.num_allow_users_ipaddr) { + allowed = 1; + } + } + + if (allowed == 0) { + logit("User %.100s not allowed because not listed in AllowUsers, AllowUsersFixedname or AllowUsersIpaddr", + pw->pw_name); + return 0; + } + if (options.num_deny_groups > 0 || options.num_allow_groups > 0) { /* Get the user's group access list (primary and supplementary) */ if (ga_init(pw->pw_name, pw->pw_gid) == 0) { logit("User %.100s not allowed because not in any group", pw->pw_name); return 0; } diff -r...

...Max # subsystems. */ @@ -104,6 +105,8 @@ char *allow_users[MAX_ALLOW_USERS]; u_int num_deny_users; char *deny_users[MAX_DENY_USERS]; + u_int num_chroot_users; + char *chroot_users[MAX_CHROOT_USERS]; u_int num_allow_groups; char *allow_groups[MAX_ALLOW_GROUPS]; u_int num_deny_groups; --- openssh-3.4p1.vanilla/session.c Wed Jun 26 09:51:06 2002 +++ openssh-3.4p1/session.c Wed Jul 3 16:29:01 2002 @@ -57,6 +57,8 @@ #include "canohost.h" #include "session.h" #include "monitor_wrap.h" +#include "match.h" +#include "readconf.h"...

Could everyone please test the latest snapshots as we will be making a new release soon. If you have any patches you would like us to consider, please resend them to the list ASAP. -d -- | Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's | http://www.mindrot.org / distributed filesystem'' - Dan Geer

OpenSSH 3.0 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. This release contains many portability bug-fixes (listed in the ChangeLog) as well as several new features (listed below). We would like to thank the

Heya, I'm trying to convince my company to use OpenSSH instead of the commercial SSH version. I need a little help: 1. What features does OpenSSH offer over commercial SSH (besides being free and open source of course)? 2. Our lawyers want details on the licensing / patents stuff. I have the high level details from the OpenSSH page. I need the nitty gritty like RSA patent# and

Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

...gt;proxy_command should not be set by default */ /* options->user will be set in the main program if appropriate */ --- openssh-4.7p1/servconf.c Mon Dec 17 04:25:51 2007 +++ openssh-4.7p1/servconf.c Fri Dec 21 15:59:15 2007 @@ -104,7 +104,11 @@ options->num_allow_groups = 0; options->num_deny_groups = 0; options->ciphers = NULL; +#ifdef OPENSSL_FIPS + options->macs = "hmac-sha1,hmac-sha1-96"; +#else options->macs = NULL; +#endif options->protocol = SSH_PROTO_UNKNOWN; options->gateway_ports = -1; options->num_subsystems = 0; @@ -122,8 +126,10 @@ options-&...