| version 1.126, 2018/03/03 03:15:51 |
version 1.127, 2018/03/12 00:52:01 |
|
|
| int do_permitopen = opts->npermitopen > 0 && |
int do_permitopen = opts->npermitopen > 0 && |
| (options.allow_tcp_forwarding & FORWARD_LOCAL) != 0; |
(options.allow_tcp_forwarding & FORWARD_LOCAL) != 0; |
| size_t i; |
size_t i; |
| char msg[1024], tbuf[32]; |
char msg[1024], buf[64]; |
| |
|
| snprintf(tbuf, sizeof(tbuf), "%d", opts->force_tun_device); |
snprintf(buf, sizeof(buf), "%d", opts->force_tun_device); |
| /* Try to keep this alphabetically sorted */ |
/* Try to keep this alphabetically sorted */ |
| snprintf(msg, sizeof(msg), "key options:%s%s%s%s%s%s%s%s%s%s%s", |
snprintf(msg, sizeof(msg), "key options:%s%s%s%s%s%s%s%s%s%s%s%s", |
| opts->permit_agent_forwarding_flag ? " agent-forwarding" : "", |
opts->permit_agent_forwarding_flag ? " agent-forwarding" : "", |
| opts->force_command == NULL ? "" : " command", |
opts->force_command == NULL ? "" : " command", |
| do_env ? " environment" : "", |
do_env ? " environment" : "", |
| |
opts->valid_before == 0 ? "" : "expires", |
| do_permitopen ? " permitopen" : "", |
do_permitopen ? " permitopen" : "", |
| opts->permit_port_forwarding_flag ? " port-forwarding" : "", |
opts->permit_port_forwarding_flag ? " port-forwarding" : "", |
| opts->cert_principals == NULL ? "" : " principals", |
opts->cert_principals == NULL ? "" : " principals", |
| opts->permit_pty_flag ? " pty" : "", |
opts->permit_pty_flag ? " pty" : "", |
| opts->force_tun_device == -1 ? "" : " tun=", |
opts->force_tun_device == -1 ? "" : " tun=", |
| opts->force_tun_device == -1 ? "" : tbuf, |
opts->force_tun_device == -1 ? "" : buf, |
| opts->permit_user_rc ? " user-rc" : "", |
opts->permit_user_rc ? " user-rc" : "", |
| opts->permit_x11_forwarding_flag ? " x11-forwarding" : ""); |
opts->permit_x11_forwarding_flag ? " x11-forwarding" : ""); |
| |
|
|
|
| } |
} |
| |
|
| /* Go into a little more details for the local logs. */ |
/* Go into a little more details for the local logs. */ |
| |
if (opts->valid_before != 0) { |
| |
format_absolute_time(opts->valid_before, buf, sizeof(buf)); |
| |
debug("%s: expires at %s", loc, buf); |
| |
} |
| if (opts->cert_principals != NULL) { |
if (opts->cert_principals != NULL) { |
| debug("%s: authorized principals: \"%s\"", |
debug("%s: authorized principals: \"%s\"", |
| loc, opts->cert_principals); |
loc, opts->cert_principals); |
|
|
| const char *remote_ip = ssh_remote_ipaddr(ssh); |
const char *remote_ip = ssh_remote_ipaddr(ssh); |
| const char *remote_host = auth_get_canonical_hostname(ssh, |
const char *remote_host = auth_get_canonical_hostname(ssh, |
| options.use_dns); |
options.use_dns); |
| |
time_t now = time(NULL); |
| |
char buf[64]; |
| |
|
| |
/* |
| |
* Check keys/principals file expiry time. |
| |
* NB. validity interval in certificate is handled elsewhere. |
| |
*/ |
| |
if (opts->valid_before && now > 0 && |
| |
opts->valid_before < (uint64_t)now) { |
| |
format_absolute_time(opts->valid_before, buf, sizeof(buf)); |
| |
debug("%s: entry expired at %s", loc, buf); |
| |
auth_debug_add("%s: entry expired at %s", loc, buf); |
| |
return -1; |
| |
} |
| /* Consistency checks */ |
/* Consistency checks */ |
| if (opts->cert_principals != NULL && !opts->cert_authority) { |
if (opts->cert_principals != NULL && !opts->cert_authority) { |
| debug("%s: principals on non-CA key", loc); |
debug("%s: principals on non-CA key", loc); |
![[BACK]](/icons/back.gif){kind=icon}
Return to auth.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh