unsigned long linenum = 0;
struct stat st;
RSA *pk;
+ int mname, mip;
/* Temporarily use the user's uid. */
temporarily_use_uid(pw->pw_uid);
}
patterns[i] = 0;
options++;
- if (!match_hostname(get_canonical_hostname(), patterns,
- strlen(patterns)) &&
- !match_hostname(get_remote_ipaddr(), patterns,
- strlen(patterns))) {
+ /*
+ * Deny access if we get a negative
+ * match for the hostname or the ip
+ * or if we get not match at all
+ */
+ mname = match_hostname(get_canonical_hostname(),
+ patterns, strlen(patterns));
+ mip = match_hostname(get_remote_ipaddr(),
+ patterns, strlen(patterns));
+ if (mname == -1 || mip == -1 ||
+ (mname != 1 && mip != 1)) {
log("RSA authentication tried for %.100s with correct key but not from a permitted host (host=%.200s, ip=%.200s).",
pw->pw_name, get_canonical_hostname(),
get_remote_ipaddr());