44
44
#include "common.h"
46
46
static const char rcsid[] =
47
"$Id: accesscheck.c,v 1.19 2003/07/01 13:21:39 michaels Exp $";
47
"$Id: accesscheck.c,v 1.22 2005/05/13 13:37:32 michaels Exp $";
51
usermatch(auth, userlist)
52
const struct authmethod_t *auth;
53
const struct linkedname_t *userlist;
55
/* const char *function = "usermatch()"; */
58
switch (auth->method) {
59
case AUTHMETHOD_UNAME:
60
name = (const char *)auth->mdata.uname.name;
63
case AUTHMETHOD_RFC931:
64
name = (const char *)auth->mdata.rfc931.name;
68
name = (const char *)auth->mdata.pam.name;
73
* adding non-username based methods to rules requiring usernames
74
* should not be possible.
80
if (strcmp(name, userlist->name) == 0)
82
while ((userlist = userlist->next) != NULL);
85
return 0; /* no match. */
52
accessmatch(s, auth, src, dst, userlist, emsg, emsgsize)
92
accesscheck(s, auth, src, dst, emsg, emsgsize)
54
94
struct authmethod_t *auth;
55
95
const struct sockaddr *src, *dst;
56
const struct linkedname_t *userlist;
60
const char *function = "accessmatch()";
99
const char *function = "accesscheck()";
61
100
char srcstr[MAXSOCKADDRSTRING], dststr[sizeof(srcstr)];
66
105
src == NULL ? "<unknown>" : sockaddr2string(src, srcstr, sizeof(srcstr)),
67
106
dst == NULL ? "<unknown>" : sockaddr2string(dst, dststr, sizeof(dststr)));
69
if (userlist != NULL) {
70
const struct linkedname_t *ruleuser;
74
* The userlist names restricts access further, only names
75
* appearing there are checked.
79
switch (auth->method) {
80
case AUTHMETHOD_UNAME:
81
name = (const char *)auth->mdata.uname.name;
84
case AUTHMETHOD_RFC931:
85
name = (const char *)auth->mdata.rfc931.name;
89
name = (const char *)auth->mdata.pam.name;
94
* adding non-username based methods to rules requiring usernames
95
* should not be possible.
101
if (strcmp(name, ruleuser->name) == 0)
103
while ((ruleuser = ruleuser->next) != NULL);
105
if (ruleuser == NULL)
106
return 0; /* no match. */
110
109
* We don't want to re-check the same method. This could
111
110
* happen in several cases:
169
168
* same client, others can not. Mark those who can't as
170
169
* "tried" so we don't waste time on re-trying them.
172
172
case AUTHMETHOD_PAM:
173
if (sockscf.state.unfixedpamdata)
173
if (sockscf.state.pamservicename == NULL)
175
175
/* else; */ /* FALLTHROUGH */
177
178
case AUTHMETHOD_NONE:
178
179
case AUTHMETHOD_UNAME: