X-Git-Url: https://mattmccutchen.net/rsync/rsync.git/blobdiff_plain/bcb7e50250111ebfd299355783201223097212bd..e42c9458c2f1e3a78d6d45e99741d6edb38fc0cc:/authenticate.c

diff --git a/authenticate.c b/authenticate.c
index 4f4aac22..351c8a0a 100644
--- a/authenticate.c
+++ b/authenticate.c
@@ -28,7 +28,6 @@ static void base64_encode(char *buf, int len, char *out)
 	char *b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
 	int bit_offset, byte_offset, idx, i;
 	unsigned char *d = (unsigned char *)buf;
-	char *p;
 	int bytes = (len*8 + 5)/6;
 
 	memset(out, 0, bytes+1);
@@ -56,7 +55,7 @@ static void gen_challenge(char *addr, char *challenge)
 
 	memset(input, 0, sizeof(input));
 
-	strncpy((char *)input, addr, 16);
+	strlcpy((char *)input, addr, 16);
 	gettimeofday(&tv, NULL);
 	SIVAL(input, 16, tv.tv_sec);
 	SIVAL(input, 20, tv.tv_usec);
@@ -74,8 +73,8 @@ static int get_secret(int module, char *user, char *secret, int len)
 {
 	char *fname = lp_secrets_file(module);
 	int fd, found=0;
-	char line[1024];
-	char *p, *pass;
+	char line[MAXPATHLEN];
+	char *p, *pass=NULL;
 
 	if (!fname || !*fname) return 0;
 
@@ -137,11 +136,12 @@ int auth_server(int fd, int module, char *addr, char *leader)
 	char *users = lp_auth_users(module);
 	char challenge[16];
 	char b64_challenge[30];
-	char line[1024];
+	char line[MAXPATHLEN];
 	char user[100];
 	char secret[100];
 	char pass[30];
 	char pass2[30];
+	char *tok;
 
 	/* if no auth list then allow anyone in! */
 	if (!users || !*users) return 1;
@@ -163,6 +163,18 @@ int auth_server(int fd, int module, char *addr, char *leader)
 		return 0;
 	}
 
+	users = strdup(users);
+	if (!users) return 0;
+
+	for (tok=strtok(users," ,\t"); tok; tok = strtok(NULL," ,\t")) {
+		if (strcmp(tok, user) == 0) break;
+	}
+	free(users);
+
+	if (!tok) {
+		return 0;
+	}
+	
 	memset(secret, 0, sizeof(secret));
 	if (!get_secret(module, user, secret, sizeof(secret)-1)) {
 		memset(secret, 0, sizeof(secret));