| version 1.55, 2016/01/27 00:53:12 |
version 1.56, 2016/09/14 05:42:25 |
|
|
| |
|
| static int |
static int |
| process_principals(FILE *f, char *file, struct passwd *pw, |
process_principals(FILE *f, char *file, struct passwd *pw, |
| struct sshkey_cert *cert) |
const struct sshkey_cert *cert) |
| { |
{ |
| char line[SSH_MAX_PUBKEY_BYTES], *cp, *ep, *line_opts; |
char line[SSH_MAX_PUBKEY_BYTES], *cp, *ep, *line_opts; |
| u_long linenum = 0; |
u_long linenum = 0; |
|
|
| * returns 1 if the principal is allowed or 0 otherwise. |
* returns 1 if the principal is allowed or 0 otherwise. |
| */ |
*/ |
| static int |
static int |
| match_principals_command(struct passwd *user_pw, struct sshkey_cert *cert) |
match_principals_command(struct passwd *user_pw, const struct sshkey *key) |
| { |
{ |
| |
const struct sshkey_cert *cert = key->cert; |
| FILE *f = NULL; |
FILE *f = NULL; |
| int ok, found_principal = 0; |
int r, ok, found_principal = 0; |
| struct passwd *pw; |
struct passwd *pw; |
| int i, ac = 0, uid_swapped = 0; |
int i, ac = 0, uid_swapped = 0; |
| pid_t pid; |
pid_t pid; |
| char *tmp, *username = NULL, *command = NULL, **av = NULL; |
char *tmp, *username = NULL, *command = NULL, **av = NULL; |
| |
char *ca_fp = NULL, *key_fp = NULL, *catext = NULL, *keytext = NULL; |
| void (*osigchld)(int); |
void (*osigchld)(int); |
| |
|
| if (options.authorized_principals_command == NULL) |
if (options.authorized_principals_command == NULL) |
|
|
| command); |
command); |
| goto out; |
goto out; |
| } |
} |
| |
if ((ca_fp = sshkey_fingerprint(cert->signature_key, |
| |
options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) { |
| |
error("%s: sshkey_fingerprint failed", __func__); |
| |
goto out; |
| |
} |
| |
if ((key_fp = sshkey_fingerprint(cert->signature_key, |
| |
options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) { |
| |
error("%s: sshkey_fingerprint failed", __func__); |
| |
goto out; |
| |
} |
| |
if ((r = sshkey_to_base64(cert->signature_key, &catext)) != 0) { |
| |
error("%s: sshkey_to_base64 failed: %s", __func__, ssh_err(r)); |
| |
goto out; |
| |
} |
| |
if ((r = sshkey_to_base64(key, &keytext)) != 0) { |
| |
error("%s: sshkey_to_base64 failed: %s", __func__, ssh_err(r)); |
| |
goto out; |
| |
} |
| for (i = 1; i < ac; i++) { |
for (i = 1; i < ac; i++) { |
| tmp = percent_expand(av[i], |
tmp = percent_expand(av[i], |
| "u", user_pw->pw_name, |
"u", user_pw->pw_name, |
| "h", user_pw->pw_dir, |
"h", user_pw->pw_dir, |
| |
"t", sshkey_ssh_name(key), |
| |
"T", sshkey_ssh_name(cert->signature_key), |
| |
"f", key_fp, |
| |
"F", ca_fp, |
| |
"k", keytext, |
| |
"K", catext, |
| (char *)NULL); |
(char *)NULL); |
| if (tmp == NULL) |
if (tmp == NULL) |
| fatal("%s: percent_expand failed", __func__); |
fatal("%s: percent_expand failed", __func__); |
|
|
| restore_uid(); |
restore_uid(); |
| free(command); |
free(command); |
| free(username); |
free(username); |
| |
free(ca_fp); |
| |
free(key_fp); |
| |
free(catext); |
| |
free(keytext); |
| return found_principal; |
return found_principal; |
| } |
} |
| /* |
/* |
|
|
| found_principal = 1; |
found_principal = 1; |
| } |
} |
| /* Try querying command if specified */ |
/* Try querying command if specified */ |
| if (!found_principal && match_principals_command(pw, key->cert)) |
if (!found_principal && match_principals_command(pw, key)) |
| found_principal = 1; |
found_principal = 1; |
| /* If principals file or command is specified, then require a match */ |
/* If principals file or command is specified, then require a match */ |
| use_authorized_principals = principals_file != NULL || |
use_authorized_principals = principals_file != NULL || |
![[BACK]](/icons/back.gif){kind=icon}
Return to auth2-pubkey.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh