- markus@cvs.openbsd.org 2002/03/01 13:12:10

[auth.c match.c match.h]
     undo the 'delay hostname lookup' change
     match.c must not use compress.c (via canonhost.c/packet.c)
     thanks to wilfried@

ChangeLog

@@ -33,6 +33,11 @@
    - stevesk@cvs.openbsd.org 2002/02/28 20:56:00
      [auth.c]
      log user not allowed details, from dwd@bell-labs.com; ok markus@
+   - markus@cvs.openbsd.org 2002/03/01 13:12:10
+     [auth.c match.c match.h]
+     undo the 'delay hostname lookup' change
+     match.c must not use compress.c (via canonhost.c/packet.c)
+     thanks to wilfried@
 
 20020226
  - (tim) Bug 12 [configure.ac] add sys/bitypes.h to int64_t tests
@@ -7764,4 +7769,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.1900 2002/03/05 01:40:37 mouring Exp $
+$Id: ChangeLog,v 1.1901 2002/03/05 01:42:42 mouring Exp $

auth.c

@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.34 2002/02/28 20:56:00 stevesk Exp $");
+RCSID("$OpenBSD: auth.c,v 1.35 2002/03/01 13:12:10 markus Exp $");
 
 #ifdef HAVE_LOGIN_H
 #include <login.h>
@@ -65,6 +65,7 @@ int
 allowed_user(struct passwd * pw)
 {
 	struct stat st;
+	const char *hostname = NULL, *ipaddr = NULL;
 	char *shell;
 	int i;
 #ifdef WITH_AIXAUTHENTICATE
@@ -115,10 +116,15 @@ allowed_user(struct passwd * pw)
 		return 0;
 	}
 
+	if (options.num_deny_users > 0 || options.num_allow_users > 0) {
+		hostname = get_canonical_hostname(options.verify_reverse_mapping);
+		ipaddr = get_remote_ipaddr();
+	}
+
 	/* Return false if user is listed in DenyUsers */
 	if (options.num_deny_users > 0) {
 		for (i = 0; i < options.num_deny_users; i++)
-			if (match_user(pw->pw_name, options.verify_reverse_mapping,
+ 			if (match_user(pw->pw_name, hostname, ipaddr,
 			    options.deny_users[i])) {
  				log("User %.100s not allowed because listed in DenyUsers",
  				    pw->pw_name);
@@ -128,7 +134,7 @@ allowed_user(struct passwd * pw)
 	/* Return false if AllowUsers isn't empty and user isn't listed there */
 	if (options.num_allow_users > 0) {
 		for (i = 0; i < options.num_allow_users; i++)
-			if (match_user(pw->pw_name, options.verify_reverse_mapping,
+ 			if (match_user(pw->pw_name, hostname, ipaddr,
 			    options.allow_users[i]))
 				break;
 		/* i < options.num_allow_users iff we break for loop */

match.c

@@ -35,10 +35,9 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: match.c,v 1.18 2002/02/28 19:36:28 stevesk Exp $");
+RCSID("$OpenBSD: match.c,v 1.19 2002/03/01 13:12:10 markus Exp $");
 
 #include "match.h"
-#include "canohost.h"
 #include "xmalloc.h"
 
 /*
@@ -203,7 +202,7 @@ match_host_and_ip(const char *host, const char *ipaddr,
  * match user, user@host_or_ip, user@host_or_ip_list against pattern
  */
 int
-match_user(const char *user, int verify_reverse_mapping,
+match_user(const char *user, const char *host, const char *ipaddr,
     const char *pattern)
 {
 	char *p, *pat;
@@ -217,9 +216,7 @@ match_user(const char *user, int verify_reverse_mapping,
 	*p++ = '\0';
 
 	if ((ret = match_pattern(user, pat)) == 1)
-		ret = match_host_and_ip(
-		    get_canonical_hostname(verify_reverse_mapping),
-		    get_remote_ipaddr(), p);
+		ret = match_host_and_ip(host, ipaddr, p);
 	xfree(pat);
 
 	return ret;

match.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: match.h,v 1.11 2002/02/28 19:36:28 stevesk Exp $	*/
+/*	$OpenBSD: match.h,v 1.12 2002/03/01 13:12:10 markus Exp $	*/
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -18,7 +18,7 @@ int	 match_pattern(const char *, const char *);
 int	 match_pattern_list(const char *, const char *, u_int, int);
 int	 match_hostname(const char *, const char *, u_int);
 int	 match_host_and_ip(const char *, const char *, const char *);
-int	 match_user(const char *, int, const char *);
+int	 match_user(const char *, const char *, const char *, const char *);
 char	*match_list(const char *, const char *, u_int *);
 
 #endif