Displaying 17 results from an estimated 17 matches for "num_deny_users".
2002 Mar 28
1
[PATCH] Feature addition: user access control per auth method
...Groups is non-empty, and doesn't contain the user's group
+ * return false.
+ * Otherwise, return true.
+ */
+int auth_allowed_user(struct passwd *pw, Authaccess access)
+{
+ const char *hostname = NULL, *ipaddr = NULL;
+ int i;
+
+ if (!pw || !pw->pw_name)
+ return 0;
+
+ if (access.num_deny_users > 0 || access.num_allow_users > 0) {
+ hostname = get_canonical_hostname(options.verify_reverse_mapping);
+ ipaddr = get_remote_ipaddr();
+ }
+
+ /* Return false if user is listed in DenyUsers */
+ if (access.num_deny_users > 0) {
+ for (i = 0; i < access.num_deny_users; i++)
+...
2005 Jan 20
0
AllowUsers - proposal for useful variations on the theme
...!pw->pw_name)
return 0;
@@ -138,44 +138,85 @@
}
if (S_ISREG(st.st_mode) == 0 ||
(st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) {
logit("User %.100s not allowed because shell %.100s is not executable",
pw->pw_name, shell);
return 0;
}
- if (options.num_deny_users > 0 || options.num_allow_users > 0) {
+ if (options.num_deny_users > 0 || options.num_allow_users > 0 ||
+ options.num_allow_users_fixedname > 0 ||
+ options.num_allow_users_ipaddr > 0 ) {
hostname = get_canonical_hostname(options.use_dns);
ipaddr = get_remote_ipaddr...
2001 Jun 18
2
Patch for changing expired passwords
...pw_shell;
/* deny if shell does not exists or is not executable */
! if (stat(shell, &st) != 0)
return 0;
! if (!((st.st_mode & S_IFREG) && (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP))))
return 0;
/* Return false if user is listed in DenyUsers */
if (options.num_deny_users > 0) {
for (i = 0; i < options.num_deny_users; i++)
! if (match_pattern(pw->pw_name, options.deny_users[i]))
return 0;
}
/* Return false if AllowUsers isn't empty and user isn't listed there */
if (options.num_allow_users > 0) {
--- 68,92 ----
shell = (p...
2003 Feb 16
2
AllowUsers Change
...'s groups isn't listed there
*/
if (options.num_allow_groups > 0)
if (!ga_match(options.allow_groups,
options.num_allow_groups)) {
ga_free();
- log("User %.100s not allowed because none of user's groups are listed in AllowGroups",
+ if (options.num_deny_users > 0 ||
+ options.num_allow_users > 0) {
+ log("User %.100s not allowed because not in AllowUsers nor user's groups in AllowGroups",
+ pw->pw_name);
+ return 0;
+ } else {
+ log("User %.100s not allowed because none of user's groups are l...
2001 Jun 04
0
[patch] user@host in AllowUsers
...he user is allowed to log in via ssh. If user is listed
* in DenyUsers or one of user's groups is listed in DenyGroups, false
* will be returned. If AllowUsers isn't empty and user isn't listed
@@ -103,14 +153,18 @@
/* Return false if user is listed in DenyUsers */
if (options.num_deny_users > 0) {
+ const char *hostname = get_canonical_hostname(options.reverse_mapping_check);
+ const char *ipaddr = get_remote_ipaddr();
for (i = 0; i < options.num_deny_users; i++)
- if (match_pattern(pw->pw_name, options.deny_users[i]))
+ if (match_user(pw->pw_name, hostname, ipadd...
2000 Oct 24
2
feature request & patch submit: chroot(2) in sshd
...f.c Fri Aug 18 05:59:06 2000
+++ openssh-2.2.0p1chroot/servconf.c Sun Oct 22 18:59:49 2000
@@ -68,6 +68,8 @@
#endif
options->permit_empty_passwd = -1;
options->use_login = -1;
+ options->use_chroot = -1;
+ options->chroot_group = -1;
options->num_allow_users = 0;
options->num_deny_users = 0;
options->num_allow_groups = 0;
@@ -158,6 +160,10 @@
options->permit_empty_passwd = 0;
if (options->use_login == -1)
options->use_login = 0;
+ if (options->use_chroot == -1)
+ options->use_chroot = 0;
+ if (options->chroot_group == -1)
+ options->chroot_group...
2002 Jul 04
4
Chroot patch (v3.4p1)
...ERS 256 /* Max # users on chroot list. */
#define MAX_ALLOW_GROUPS 256 /* Max # groups on allow list. */
#define MAX_DENY_GROUPS 256 /* Max # groups on deny list. */
#define MAX_SUBSYSTEMS 256 /* Max # subsystems. */
@@ -104,6 +105,8 @@
char *allow_users[MAX_ALLOW_USERS];
u_int num_deny_users;
char *deny_users[MAX_DENY_USERS];
+ u_int num_chroot_users;
+ char *chroot_users[MAX_CHROOT_USERS];
u_int num_allow_groups;
char *allow_groups[MAX_ALLOW_GROUPS];
u_int num_deny_groups;
--- openssh-3.4p1.vanilla/session.c Wed Jun 26 09:51:06 2002
+++ openssh-3.4p1/session....
2001 Mar 02
0
Patch for system-wide default environment
...******
*** 81,86 ****
--- 81,87 ----
options->challenge_reponse_authentication = -1;
options->permit_empty_passwd = -1;
options->use_login = -1;
+ options->sys_environment_file = NULL;
options->allow_tcp_forwarding = -1;
options->num_allow_users = 0;
options->num_deny_users = 0;
***************
*** 210,216 ****
sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
! sUseLogin, sAllowTcpForwarding,
sAllowUser...
2001 Mar 14
1
/etc/default/login patch?
Would anybody happen to have or know of a patch to make /etc/default/login
PATH and SUPATH the default openssh path? We have customized paths for each
school of engineering (each have their own customized site bin). This is
easily controled with /etc/default/login. The --with-default-path option
is too rigid. This is Solaris I am talking about.
--mike
2015 Jan 30
5
[Bug 2346] New: sshd -T doesn't write all configuration options in valid format
https://bugzilla.mindrot.org/show_bug.cgi?id=2346
Bug ID: 2346
Summary: sshd -T doesn't write all configuration options in
valid format
Product: Portable OpenSSH
Version: 6.7p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component:
2014 Jun 06
1
Patch: Ciphers, MACs and KexAlgorithms on Match
...eys_command); \
M_CP_STROPT(authorized_keys_command_user); \
+ M_CP_STROPT(ciphers); \
+ M_CP_STROPT(macs); \
+ M_CP_STROPT(kex_algorithms); \
M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \
M_CP_STRARRAYOPT(allow_users, num_allow_users); \
M_CP_STRARRAYOPT(deny_users, num_deny_users); \
Index: sshd.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sshd.c,v
retrieving revision 1.426
diff -u -p -u -r1.426 sshd.c
--- sshd.c 29 Apr 2014 18:01:49 -0000 1.426
+++ sshd.c 6 Jun 2014 08:04:06 -0000
@@ -1919,6 +1919,10 @@ main(int ac, c...
1999 Nov 20
1
openssh and DOS
...we can each time we hit the handler.
Again, there may be a better solution.
Craig
------------------------------------------------------------
--- openssh-1.2pre13/servconf.c.orig Fri Nov 19 23:30:33 1999
+++ openssh-1.2pre13/servconf.c Fri Nov 19 23:36:56 1999
@@ -62,6 +62,7 @@
options->num_deny_users = 0;
options->num_allow_groups = 0;
options->num_deny_groups = 0;
+ options->max_connections = -1;
}
void fill_default_server_options(ServerOptions *options)
@@ -161,7 +162,7 @@
sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
sStrictModes, sEmptyPasswd, sRand...
2001 Oct 12
17
Please test snapshots for 3.0 release
Could everyone please test the latest snapshots as we will be making a
new release soon.
If you have any patches you would like us to consider, please resend
them to the list ASAP.
-d
--
| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's
| http://www.mindrot.org / distributed filesystem'' - Dan Geer
2001 Nov 06
13
OpenSSH 3.0
OpenSSH 3.0 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
This release contains many portability bug-fixes (listed in the
ChangeLog) as well as several new features (listed below).
We would like to thank the
2001 Nov 12
4
Please test -current
Could people please test -current? We will be making a release fairly
soon.
-d
--
| By convention there is color, \\ Damien Miller <djm at mindrot.org>
| By convention sweetness, By convention bitterness, \\ www.mindrot.org
| But in reality there are atoms and space - Democritus (c. 400 BCE)
2012 Nov 21
1
HostKey in hardware?
Hi,
Is there any way to store HostKey in hardware (and delegate the related
processing)?
I have been using Roumen Petrov's x509 patch for clients, which works via an
OpenSSL engine, but it does not seem to support server HostKey:
http://roumenpetrov.info/pipermail/ssh_x509_roumenpetrov.info/2012q4/000019.html
For PKCS#11, I have found an email on this list from a year back suggesting
this
2001 Nov 20
3
problem with AFS token forwarding
Hello,
I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1
concerning the AFS token forwarding. That means that the new versions are
not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH
releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this
problem already existed in Openssh 2.9.9p1, but I have never used this
version (I only looked at the