| version 1.49, 2010/03/16 15:46:52 |
version 1.50, 2010/04/16 01:47:26 |
|
|
| #include "canohost.h" |
#include "canohost.h" |
| #include "buffer.h" |
#include "buffer.h" |
| #include "channels.h" |
#include "channels.h" |
| #include "auth-options.h" |
|
| #include "servconf.h" |
#include "servconf.h" |
| #include "misc.h" |
#include "misc.h" |
| #include "key.h" |
#include "key.h" |
| |
#include "auth-options.h" |
| #include "hostfile.h" |
#include "hostfile.h" |
| #include "auth.h" |
#include "auth.h" |
| #ifdef GSSAPI |
#ifdef GSSAPI |
|
|
| } |
} |
| |
|
| /* |
/* |
| * Set options from certificate constraints. These supersede user key options |
* Set options from critical certificate options. These supersede user key |
| * so this must be called after auth_parse_options(). |
* options so this must be called after auth_parse_options(). |
| */ |
*/ |
| int |
int |
| auth_cert_constraints(Buffer *c_orig, struct passwd *pw) |
auth_cert_options(Key *k, struct passwd *pw) |
| { |
{ |
| u_char *name = NULL, *data_blob = NULL; |
u_char *name = NULL, *data_blob = NULL; |
| u_int nlen, dlen, clen; |
u_int nlen, dlen, clen; |
|
|
| |
|
| /* Make copy to avoid altering original */ |
/* Make copy to avoid altering original */ |
| buffer_init(&c); |
buffer_init(&c); |
| buffer_append(&c, buffer_ptr(c_orig), buffer_len(c_orig)); |
buffer_append(&c, |
| |
buffer_ptr(&k->cert->critical), buffer_len(&k->cert->critical)); |
| |
|
| while (buffer_len(&c) > 0) { |
while (buffer_len(&c) > 0) { |
| if ((name = buffer_get_string_ret(&c, &nlen)) == NULL || |
if ((name = buffer_get_string_ret(&c, &nlen)) == NULL || |
| (data_blob = buffer_get_string_ret(&c, &dlen)) == NULL) { |
(data_blob = buffer_get_string_ret(&c, &dlen)) == NULL) { |
| error("Certificate constraints corrupt"); |
error("Certificate options corrupt"); |
| goto out; |
goto out; |
| } |
} |
| buffer_append(&data, data_blob, dlen); |
buffer_append(&data, data_blob, dlen); |
|
|
| } |
} |
| if (cert_forced_command != NULL) { |
if (cert_forced_command != NULL) { |
| error("Certificate has multiple " |
error("Certificate has multiple " |
| "force-command constraints"); |
"force-command options"); |
| xfree(command); |
xfree(command); |
| goto out; |
goto out; |
| } |
} |
|
|
| } |
} |
| if (cert_source_address_done++) { |
if (cert_source_address_done++) { |
| error("Certificate has multiple " |
error("Certificate has multiple " |
| "source-address constraints"); |
"source-address options"); |
| xfree(allowed); |
xfree(allowed); |
| goto out; |
goto out; |
| } |
} |
|
|
| name = data_blob = NULL; |
name = data_blob = NULL; |
| } |
} |
| |
|
| /* successfully parsed all constraints */ |
/* successfully parsed all options */ |
| ret = 0; |
ret = 0; |
| |
|
| no_port_forwarding_flag |= cert_no_port_forwarding_flag; |
no_port_forwarding_flag |= cert_no_port_forwarding_flag; |
![[BACK]](/icons/back.gif){kind=icon}
Return to auth-options.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh