version 1.49, 2010/03/16 15:46:52 |
version 1.50, 2010/04/16 01:47:26 |
|
|
#include "canohost.h" |
#include "canohost.h" |
#include "buffer.h" |
#include "buffer.h" |
#include "channels.h" |
#include "channels.h" |
#include "auth-options.h" |
|
#include "servconf.h" |
#include "servconf.h" |
#include "misc.h" |
#include "misc.h" |
#include "key.h" |
#include "key.h" |
|
#include "auth-options.h" |
#include "hostfile.h" |
#include "hostfile.h" |
#include "auth.h" |
#include "auth.h" |
#ifdef GSSAPI |
#ifdef GSSAPI |
|
|
} |
} |
|
|
/* |
/* |
* Set options from certificate constraints. These supersede user key options |
* Set options from critical certificate options. These supersede user key |
* so this must be called after auth_parse_options(). |
* options so this must be called after auth_parse_options(). |
*/ |
*/ |
int |
int |
auth_cert_constraints(Buffer *c_orig, struct passwd *pw) |
auth_cert_options(Key *k, struct passwd *pw) |
{ |
{ |
u_char *name = NULL, *data_blob = NULL; |
u_char *name = NULL, *data_blob = NULL; |
u_int nlen, dlen, clen; |
u_int nlen, dlen, clen; |
|
|
|
|
/* Make copy to avoid altering original */ |
/* Make copy to avoid altering original */ |
buffer_init(&c); |
buffer_init(&c); |
buffer_append(&c, buffer_ptr(c_orig), buffer_len(c_orig)); |
buffer_append(&c, |
|
buffer_ptr(&k->cert->critical), buffer_len(&k->cert->critical)); |
|
|
while (buffer_len(&c) > 0) { |
while (buffer_len(&c) > 0) { |
if ((name = buffer_get_string_ret(&c, &nlen)) == NULL || |
if ((name = buffer_get_string_ret(&c, &nlen)) == NULL || |
(data_blob = buffer_get_string_ret(&c, &dlen)) == NULL) { |
(data_blob = buffer_get_string_ret(&c, &dlen)) == NULL) { |
error("Certificate constraints corrupt"); |
error("Certificate options corrupt"); |
goto out; |
goto out; |
} |
} |
buffer_append(&data, data_blob, dlen); |
buffer_append(&data, data_blob, dlen); |
|
|
} |
} |
if (cert_forced_command != NULL) { |
if (cert_forced_command != NULL) { |
error("Certificate has multiple " |
error("Certificate has multiple " |
"force-command constraints"); |
"force-command options"); |
xfree(command); |
xfree(command); |
goto out; |
goto out; |
} |
} |
|
|
} |
} |
if (cert_source_address_done++) { |
if (cert_source_address_done++) { |
error("Certificate has multiple " |
error("Certificate has multiple " |
"source-address constraints"); |
"source-address options"); |
xfree(allowed); |
xfree(allowed); |
goto out; |
goto out; |
} |
} |
|
|
name = data_blob = NULL; |
name = data_blob = NULL; |
} |
} |
|
|
/* successfully parsed all constraints */ |
/* successfully parsed all options */ |
ret = 0; |
ret = 0; |
|
|
no_port_forwarding_flag |= cert_no_port_forwarding_flag; |
no_port_forwarding_flag |= cert_no_port_forwarding_flag; |