version 1.51, 2015/05/21 06:43:30 |
version 1.52, 2015/06/15 18:42:19 |
|
|
* returns 1 if the principal is allowed or 0 otherwise. |
* returns 1 if the principal is allowed or 0 otherwise. |
*/ |
*/ |
static int |
static int |
match_principals_command(struct passwd *user_pw, struct sshkey *key) |
match_principals_command(struct passwd *user_pw, struct sshkey_cert *cert) |
{ |
{ |
FILE *f = NULL; |
FILE *f = NULL; |
int ok, found_principal = 0; |
int ok, found_principal = 0; |
|
|
uid_swapped = 1; |
uid_swapped = 1; |
temporarily_use_uid(pw); |
temporarily_use_uid(pw); |
|
|
ok = process_principals(f, NULL, pw, key->cert); |
ok = process_principals(f, NULL, pw, cert); |
|
|
if (exited_cleanly(pid, "AuthorizedPrincipalsCommand", command) != 0) |
if (exited_cleanly(pid, "AuthorizedPrincipalsCommand", command) != 0) |
goto out; |
goto out; |
|
|
found_principal = 1; |
found_principal = 1; |
} |
} |
/* Try querying command if specified */ |
/* Try querying command if specified */ |
if (!found_principal && match_principals_command(pw, key)) |
if (!found_principal && match_principals_command(pw, key->cert)) |
found_principal = 1; |
found_principal = 1; |
/* If principals file or command specify, then require a match here */ |
/* If principals file or command specify, then require a match here */ |
if (!found_principal && (principals_file != NULL || |
if (!found_principal && (principals_file != NULL || |