| version 1.57, 2012/12/02 20:46:11 |
version 1.58, 2013/05/17 00:13:13 |
|
|
| while (custom_environment) { |
while (custom_environment) { |
| struct envstring *ce = custom_environment; |
struct envstring *ce = custom_environment; |
| custom_environment = ce->next; |
custom_environment = ce->next; |
| xfree(ce->s); |
free(ce->s); |
| xfree(ce); |
free(ce); |
| } |
} |
| if (forced_command) { |
if (forced_command) { |
| xfree(forced_command); |
free(forced_command); |
| forced_command = NULL; |
forced_command = NULL; |
| } |
} |
| if (authorized_principals) { |
if (authorized_principals) { |
| xfree(authorized_principals); |
free(authorized_principals); |
| authorized_principals = NULL; |
authorized_principals = NULL; |
| } |
} |
| forced_tun_device = -1; |
forced_tun_device = -1; |
|
|
| if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
| opts += strlen(cp); |
opts += strlen(cp); |
| if (forced_command != NULL) |
if (forced_command != NULL) |
| xfree(forced_command); |
free(forced_command); |
| forced_command = xmalloc(strlen(opts) + 1); |
forced_command = xmalloc(strlen(opts) + 1); |
| i = 0; |
i = 0; |
| while (*opts) { |
while (*opts) { |
|
|
| file, linenum); |
file, linenum); |
| auth_debug_add("%.100s, line %lu: missing end quote", |
auth_debug_add("%.100s, line %lu: missing end quote", |
| file, linenum); |
file, linenum); |
| xfree(forced_command); |
free(forced_command); |
| forced_command = NULL; |
forced_command = NULL; |
| goto bad_option; |
goto bad_option; |
| } |
} |
|
|
| if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
| opts += strlen(cp); |
opts += strlen(cp); |
| if (authorized_principals != NULL) |
if (authorized_principals != NULL) |
| xfree(authorized_principals); |
free(authorized_principals); |
| authorized_principals = xmalloc(strlen(opts) + 1); |
authorized_principals = xmalloc(strlen(opts) + 1); |
| i = 0; |
i = 0; |
| while (*opts) { |
while (*opts) { |
|
|
| file, linenum); |
file, linenum); |
| auth_debug_add("%.100s, line %lu: missing end quote", |
auth_debug_add("%.100s, line %lu: missing end quote", |
| file, linenum); |
file, linenum); |
| xfree(authorized_principals); |
free(authorized_principals); |
| authorized_principals = NULL; |
authorized_principals = NULL; |
| goto bad_option; |
goto bad_option; |
| } |
} |
|
|
| file, linenum); |
file, linenum); |
| auth_debug_add("%.100s, line %lu: missing end quote", |
auth_debug_add("%.100s, line %lu: missing end quote", |
| file, linenum); |
file, linenum); |
| xfree(s); |
free(s); |
| goto bad_option; |
goto bad_option; |
| } |
} |
| s[i] = '\0'; |
s[i] = '\0'; |
|
|
| file, linenum); |
file, linenum); |
| auth_debug_add("%.100s, line %lu: missing end quote", |
auth_debug_add("%.100s, line %lu: missing end quote", |
| file, linenum); |
file, linenum); |
| xfree(patterns); |
free(patterns); |
| goto bad_option; |
goto bad_option; |
| } |
} |
| patterns[i] = '\0'; |
patterns[i] = '\0'; |
|
|
| switch (match_host_and_ip(remote_host, remote_ip, |
switch (match_host_and_ip(remote_host, remote_ip, |
| patterns)) { |
patterns)) { |
| case 1: |
case 1: |
| xfree(patterns); |
free(patterns); |
| /* Host name matches. */ |
/* Host name matches. */ |
| goto next_option; |
goto next_option; |
| case -1: |
case -1: |
|
|
| "invalid criteria", file, linenum); |
"invalid criteria", file, linenum); |
| /* FALLTHROUGH */ |
/* FALLTHROUGH */ |
| case 0: |
case 0: |
| xfree(patterns); |
free(patterns); |
| logit("Authentication tried for %.100s with " |
logit("Authentication tried for %.100s with " |
| "correct key but not from a permitted " |
"correct key but not from a permitted " |
| "host (host=%.200s, ip=%.200s).", |
"host (host=%.200s, ip=%.200s).", |
|
|
| file, linenum); |
file, linenum); |
| auth_debug_add("%.100s, line %lu: missing " |
auth_debug_add("%.100s, line %lu: missing " |
| "end quote", file, linenum); |
"end quote", file, linenum); |
| xfree(patterns); |
free(patterns); |
| goto bad_option; |
goto bad_option; |
| } |
} |
| patterns[i] = '\0'; |
patterns[i] = '\0'; |
|
|
| auth_debug_add("%.100s, line %lu: " |
auth_debug_add("%.100s, line %lu: " |
| "Bad permitopen specification", file, |
"Bad permitopen specification", file, |
| linenum); |
linenum); |
| xfree(patterns); |
free(patterns); |
| goto bad_option; |
goto bad_option; |
| } |
} |
| host = cleanhostname(host); |
host = cleanhostname(host); |
|
|
| "<%.100s>", file, linenum, p ? p : ""); |
"<%.100s>", file, linenum, p ? p : ""); |
| auth_debug_add("%.100s, line %lu: " |
auth_debug_add("%.100s, line %lu: " |
| "Bad permitopen port", file, linenum); |
"Bad permitopen port", file, linenum); |
| xfree(patterns); |
free(patterns); |
| goto bad_option; |
goto bad_option; |
| } |
} |
| if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0) |
if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0) |
| channel_add_permitted_opens(host, port); |
channel_add_permitted_opens(host, port); |
| xfree(patterns); |
free(patterns); |
| goto next_option; |
goto next_option; |
| } |
} |
| cp = "tunnel=\""; |
cp = "tunnel=\""; |
|
|
| file, linenum); |
file, linenum); |
| auth_debug_add("%.100s, line %lu: missing end quote", |
auth_debug_add("%.100s, line %lu: missing end quote", |
| file, linenum); |
file, linenum); |
| xfree(tun); |
free(tun); |
| forced_tun_device = -1; |
forced_tun_device = -1; |
| goto bad_option; |
goto bad_option; |
| } |
} |
| tun[i] = '\0'; |
tun[i] = '\0'; |
| forced_tun_device = a2tun(tun, NULL); |
forced_tun_device = a2tun(tun, NULL); |
| xfree(tun); |
free(tun); |
| if (forced_tun_device == SSH_TUNID_ERR) { |
if (forced_tun_device == SSH_TUNID_ERR) { |
| debug("%.100s, line %lu: invalid tun device", |
debug("%.100s, line %lu: invalid tun device", |
| file, linenum); |
file, linenum); |
|
|
| if (*cert_forced_command != NULL) { |
if (*cert_forced_command != NULL) { |
| error("Certificate has multiple " |
error("Certificate has multiple " |
| "force-command options"); |
"force-command options"); |
| xfree(command); |
free(command); |
| goto out; |
goto out; |
| } |
} |
| *cert_forced_command = command; |
*cert_forced_command = command; |
|
|
| if ((*cert_source_address_done)++) { |
if ((*cert_source_address_done)++) { |
| error("Certificate has multiple " |
error("Certificate has multiple " |
| "source-address options"); |
"source-address options"); |
| xfree(allowed); |
free(allowed); |
| goto out; |
goto out; |
| } |
} |
| remote_ip = get_remote_ipaddr(); |
remote_ip = get_remote_ipaddr(); |
|
|
| allowed)) { |
allowed)) { |
| case 1: |
case 1: |
| /* accepted */ |
/* accepted */ |
| xfree(allowed); |
free(allowed); |
| break; |
break; |
| case 0: |
case 0: |
| /* no match */ |
/* no match */ |
|
|
| "is not permitted to use this " |
"is not permitted to use this " |
| "certificate for login.", |
"certificate for login.", |
| remote_ip); |
remote_ip); |
| xfree(allowed); |
free(allowed); |
| goto out; |
goto out; |
| case -1: |
case -1: |
| error("Certificate source-address " |
error("Certificate source-address " |
| "contents invalid"); |
"contents invalid"); |
| xfree(allowed); |
free(allowed); |
| goto out; |
goto out; |
| } |
} |
| found = 1; |
found = 1; |
|
|
| goto out; |
goto out; |
| } |
} |
| buffer_clear(&data); |
buffer_clear(&data); |
| xfree(name); |
free(name); |
| xfree(data_blob); |
free(data_blob); |
| name = data_blob = NULL; |
name = data_blob = NULL; |
| } |
} |
| /* successfully parsed all options */ |
/* successfully parsed all options */ |
|
|
| if (ret != 0 && |
if (ret != 0 && |
| cert_forced_command != NULL && |
cert_forced_command != NULL && |
| *cert_forced_command != NULL) { |
*cert_forced_command != NULL) { |
| xfree(*cert_forced_command); |
free(*cert_forced_command); |
| *cert_forced_command = NULL; |
*cert_forced_command = NULL; |
| } |
} |
| if (name != NULL) |
if (name != NULL) |
| xfree(name); |
free(name); |
| if (data_blob != NULL) |
if (data_blob != NULL) |
| xfree(data_blob); |
free(data_blob); |
| buffer_free(&data); |
buffer_free(&data); |
| buffer_free(&c); |
buffer_free(&c); |
| return ret; |
return ret; |
|
|
| /* CA-specified forced command supersedes key option */ |
/* CA-specified forced command supersedes key option */ |
| if (cert_forced_command != NULL) { |
if (cert_forced_command != NULL) { |
| if (forced_command != NULL) |
if (forced_command != NULL) |
| xfree(forced_command); |
free(forced_command); |
| forced_command = cert_forced_command; |
forced_command = cert_forced_command; |
| } |
} |
| return 0; |
return 0; |
![[BACK]](/icons/back.gif){kind=icon}
Return to auth-options.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh