| version 1.45, 2010/02/26 20:29:54 |
version 1.46, 2010/03/03 01:44:36 |
|
|
| auth_cert_constraints(Buffer *c_orig, struct passwd *pw) |
auth_cert_constraints(Buffer *c_orig, struct passwd *pw) |
| { |
{ |
| u_char *name = NULL, *data_blob = NULL; |
u_char *name = NULL, *data_blob = NULL; |
| u_int len; |
u_int nlen, dlen, clen; |
| Buffer c, data; |
Buffer c, data; |
| int ret = -1; |
int ret = -1; |
| |
|
|
|
| buffer_append(&c, buffer_ptr(c_orig), buffer_len(c_orig)); |
buffer_append(&c, buffer_ptr(c_orig), buffer_len(c_orig)); |
| |
|
| while (buffer_len(&c) > 0) { |
while (buffer_len(&c) > 0) { |
| if ((name = buffer_get_string_ret(&c, NULL)) == NULL || |
if ((name = buffer_get_string_ret(&c, &nlen)) == NULL || |
| (data_blob = buffer_get_string_ret(&c, &len)) == NULL) { |
(data_blob = buffer_get_string_ret(&c, &dlen)) == NULL) { |
| error("Certificate constraints corrupt"); |
error("Certificate constraints corrupt"); |
| goto out; |
goto out; |
| } |
} |
| buffer_append(&data, data_blob, len); |
buffer_append(&data, data_blob, dlen); |
| debug3("found certificate constraint \"%.100s\" len %u", |
debug3("found certificate constraint \"%.100s\" len %u", |
| name, len); |
name, dlen); |
| |
if (strlen(name) != nlen) { |
| |
error("Certificate constraint name contains \\0"); |
| |
goto out; |
| |
} |
| if (strcmp(name, "permit-X11-forwarding") == 0) |
if (strcmp(name, "permit-X11-forwarding") == 0) |
| cert_no_x11_forwarding_flag = 0; |
cert_no_x11_forwarding_flag = 0; |
| else if (strcmp(name, "permit-agent-forwarding") == 0) |
else if (strcmp(name, "permit-agent-forwarding") == 0) |
|
|
| else if (strcmp(name, "permit-user-rc") == 0) |
else if (strcmp(name, "permit-user-rc") == 0) |
| cert_no_user_rc = 0; |
cert_no_user_rc = 0; |
| else if (strcmp(name, "force-command") == 0) { |
else if (strcmp(name, "force-command") == 0) { |
| char *command = buffer_get_string_ret(&data, NULL); |
char *command = buffer_get_string_ret(&data, &clen); |
| |
|
| if (command == NULL) { |
if (command == NULL) { |
| error("Certificate constraint \"%s\" corrupt", |
error("Certificate constraint \"%s\" corrupt", |
| name); |
name); |
| goto out; |
goto out; |
| } |
} |
| |
if (strlen(command) != clen) { |
| |
error("force-command constrain contains \\0"); |
| |
goto out; |
| |
} |
| if (cert_forced_command != NULL) { |
if (cert_forced_command != NULL) { |
| error("Certificate has multiple " |
error("Certificate has multiple " |
| "forced-command constraints"); |
"forced-command constraints"); |
|
|
| } |
} |
| cert_forced_command = command; |
cert_forced_command = command; |
| } else if (strcmp(name, "source-address") == 0) { |
} else if (strcmp(name, "source-address") == 0) { |
| char *allowed = buffer_get_string_ret(&data, NULL); |
char *allowed = buffer_get_string_ret(&data, &clen); |
| const char *remote_ip = get_remote_ipaddr(); |
const char *remote_ip = get_remote_ipaddr(); |
| |
|
| if (allowed == NULL) { |
if (allowed == NULL) { |
| error("Certificate constraint \"%s\" corrupt", |
error("Certificate constraint \"%s\" corrupt", |
| name); |
name); |
| |
goto out; |
| |
} |
| |
if (strlen(allowed) != clen) { |
| |
error("source-address constrain contains \\0"); |
| goto out; |
goto out; |
| } |
} |
| if (cert_source_address_done++) { |
if (cert_source_address_done++) { |
![[BACK]](/icons/back.gif){kind=icon}
Return to auth-options.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh