version 1.57, 2012/12/02 20:46:11 |
version 1.58, 2013/05/17 00:13:13 |
|
|
while (custom_environment) { |
while (custom_environment) { |
struct envstring *ce = custom_environment; |
struct envstring *ce = custom_environment; |
custom_environment = ce->next; |
custom_environment = ce->next; |
xfree(ce->s); |
free(ce->s); |
xfree(ce); |
free(ce); |
} |
} |
if (forced_command) { |
if (forced_command) { |
xfree(forced_command); |
free(forced_command); |
forced_command = NULL; |
forced_command = NULL; |
} |
} |
if (authorized_principals) { |
if (authorized_principals) { |
xfree(authorized_principals); |
free(authorized_principals); |
authorized_principals = NULL; |
authorized_principals = NULL; |
} |
} |
forced_tun_device = -1; |
forced_tun_device = -1; |
|
|
if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
opts += strlen(cp); |
opts += strlen(cp); |
if (forced_command != NULL) |
if (forced_command != NULL) |
xfree(forced_command); |
free(forced_command); |
forced_command = xmalloc(strlen(opts) + 1); |
forced_command = xmalloc(strlen(opts) + 1); |
i = 0; |
i = 0; |
while (*opts) { |
while (*opts) { |
|
|
file, linenum); |
file, linenum); |
auth_debug_add("%.100s, line %lu: missing end quote", |
auth_debug_add("%.100s, line %lu: missing end quote", |
file, linenum); |
file, linenum); |
xfree(forced_command); |
free(forced_command); |
forced_command = NULL; |
forced_command = NULL; |
goto bad_option; |
goto bad_option; |
} |
} |
|
|
if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
opts += strlen(cp); |
opts += strlen(cp); |
if (authorized_principals != NULL) |
if (authorized_principals != NULL) |
xfree(authorized_principals); |
free(authorized_principals); |
authorized_principals = xmalloc(strlen(opts) + 1); |
authorized_principals = xmalloc(strlen(opts) + 1); |
i = 0; |
i = 0; |
while (*opts) { |
while (*opts) { |
|
|
file, linenum); |
file, linenum); |
auth_debug_add("%.100s, line %lu: missing end quote", |
auth_debug_add("%.100s, line %lu: missing end quote", |
file, linenum); |
file, linenum); |
xfree(authorized_principals); |
free(authorized_principals); |
authorized_principals = NULL; |
authorized_principals = NULL; |
goto bad_option; |
goto bad_option; |
} |
} |
|
|
file, linenum); |
file, linenum); |
auth_debug_add("%.100s, line %lu: missing end quote", |
auth_debug_add("%.100s, line %lu: missing end quote", |
file, linenum); |
file, linenum); |
xfree(s); |
free(s); |
goto bad_option; |
goto bad_option; |
} |
} |
s[i] = '\0'; |
s[i] = '\0'; |
|
|
file, linenum); |
file, linenum); |
auth_debug_add("%.100s, line %lu: missing end quote", |
auth_debug_add("%.100s, line %lu: missing end quote", |
file, linenum); |
file, linenum); |
xfree(patterns); |
free(patterns); |
goto bad_option; |
goto bad_option; |
} |
} |
patterns[i] = '\0'; |
patterns[i] = '\0'; |
|
|
switch (match_host_and_ip(remote_host, remote_ip, |
switch (match_host_and_ip(remote_host, remote_ip, |
patterns)) { |
patterns)) { |
case 1: |
case 1: |
xfree(patterns); |
free(patterns); |
/* Host name matches. */ |
/* Host name matches. */ |
goto next_option; |
goto next_option; |
case -1: |
case -1: |
|
|
"invalid criteria", file, linenum); |
"invalid criteria", file, linenum); |
/* FALLTHROUGH */ |
/* FALLTHROUGH */ |
case 0: |
case 0: |
xfree(patterns); |
free(patterns); |
logit("Authentication tried for %.100s with " |
logit("Authentication tried for %.100s with " |
"correct key but not from a permitted " |
"correct key but not from a permitted " |
"host (host=%.200s, ip=%.200s).", |
"host (host=%.200s, ip=%.200s).", |
|
|
file, linenum); |
file, linenum); |
auth_debug_add("%.100s, line %lu: missing " |
auth_debug_add("%.100s, line %lu: missing " |
"end quote", file, linenum); |
"end quote", file, linenum); |
xfree(patterns); |
free(patterns); |
goto bad_option; |
goto bad_option; |
} |
} |
patterns[i] = '\0'; |
patterns[i] = '\0'; |
|
|
auth_debug_add("%.100s, line %lu: " |
auth_debug_add("%.100s, line %lu: " |
"Bad permitopen specification", file, |
"Bad permitopen specification", file, |
linenum); |
linenum); |
xfree(patterns); |
free(patterns); |
goto bad_option; |
goto bad_option; |
} |
} |
host = cleanhostname(host); |
host = cleanhostname(host); |
|
|
"<%.100s>", file, linenum, p ? p : ""); |
"<%.100s>", file, linenum, p ? p : ""); |
auth_debug_add("%.100s, line %lu: " |
auth_debug_add("%.100s, line %lu: " |
"Bad permitopen port", file, linenum); |
"Bad permitopen port", file, linenum); |
xfree(patterns); |
free(patterns); |
goto bad_option; |
goto bad_option; |
} |
} |
if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0) |
if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0) |
channel_add_permitted_opens(host, port); |
channel_add_permitted_opens(host, port); |
xfree(patterns); |
free(patterns); |
goto next_option; |
goto next_option; |
} |
} |
cp = "tunnel=\""; |
cp = "tunnel=\""; |
|
|
file, linenum); |
file, linenum); |
auth_debug_add("%.100s, line %lu: missing end quote", |
auth_debug_add("%.100s, line %lu: missing end quote", |
file, linenum); |
file, linenum); |
xfree(tun); |
free(tun); |
forced_tun_device = -1; |
forced_tun_device = -1; |
goto bad_option; |
goto bad_option; |
} |
} |
tun[i] = '\0'; |
tun[i] = '\0'; |
forced_tun_device = a2tun(tun, NULL); |
forced_tun_device = a2tun(tun, NULL); |
xfree(tun); |
free(tun); |
if (forced_tun_device == SSH_TUNID_ERR) { |
if (forced_tun_device == SSH_TUNID_ERR) { |
debug("%.100s, line %lu: invalid tun device", |
debug("%.100s, line %lu: invalid tun device", |
file, linenum); |
file, linenum); |
|
|
if (*cert_forced_command != NULL) { |
if (*cert_forced_command != NULL) { |
error("Certificate has multiple " |
error("Certificate has multiple " |
"force-command options"); |
"force-command options"); |
xfree(command); |
free(command); |
goto out; |
goto out; |
} |
} |
*cert_forced_command = command; |
*cert_forced_command = command; |
|
|
if ((*cert_source_address_done)++) { |
if ((*cert_source_address_done)++) { |
error("Certificate has multiple " |
error("Certificate has multiple " |
"source-address options"); |
"source-address options"); |
xfree(allowed); |
free(allowed); |
goto out; |
goto out; |
} |
} |
remote_ip = get_remote_ipaddr(); |
remote_ip = get_remote_ipaddr(); |
|
|
allowed)) { |
allowed)) { |
case 1: |
case 1: |
/* accepted */ |
/* accepted */ |
xfree(allowed); |
free(allowed); |
break; |
break; |
case 0: |
case 0: |
/* no match */ |
/* no match */ |
|
|
"is not permitted to use this " |
"is not permitted to use this " |
"certificate for login.", |
"certificate for login.", |
remote_ip); |
remote_ip); |
xfree(allowed); |
free(allowed); |
goto out; |
goto out; |
case -1: |
case -1: |
error("Certificate source-address " |
error("Certificate source-address " |
"contents invalid"); |
"contents invalid"); |
xfree(allowed); |
free(allowed); |
goto out; |
goto out; |
} |
} |
found = 1; |
found = 1; |
|
|
goto out; |
goto out; |
} |
} |
buffer_clear(&data); |
buffer_clear(&data); |
xfree(name); |
free(name); |
xfree(data_blob); |
free(data_blob); |
name = data_blob = NULL; |
name = data_blob = NULL; |
} |
} |
/* successfully parsed all options */ |
/* successfully parsed all options */ |
|
|
if (ret != 0 && |
if (ret != 0 && |
cert_forced_command != NULL && |
cert_forced_command != NULL && |
*cert_forced_command != NULL) { |
*cert_forced_command != NULL) { |
xfree(*cert_forced_command); |
free(*cert_forced_command); |
*cert_forced_command = NULL; |
*cert_forced_command = NULL; |
} |
} |
if (name != NULL) |
if (name != NULL) |
xfree(name); |
free(name); |
if (data_blob != NULL) |
if (data_blob != NULL) |
xfree(data_blob); |
free(data_blob); |
buffer_free(&data); |
buffer_free(&data); |
buffer_free(&c); |
buffer_free(&c); |
return ret; |
return ret; |
|
|
/* CA-specified forced command supersedes key option */ |
/* CA-specified forced command supersedes key option */ |
if (cert_forced_command != NULL) { |
if (cert_forced_command != NULL) { |
if (forced_command != NULL) |
if (forced_command != NULL) |
xfree(forced_command); |
free(forced_command); |
forced_command = cert_forced_command; |
forced_command = cert_forced_command; |
} |
} |
return 0; |
return 0; |