| version 1.259, 2020/06/19 07:21:42 |
version 1.260, 2020/06/22 05:52:05 |
|
|
| char socket_name[PATH_MAX]; |
char socket_name[PATH_MAX]; |
| char socket_dir[PATH_MAX]; |
char socket_dir[PATH_MAX]; |
| |
|
| /* PKCS#11/Security key path whitelist */ |
/* Pattern-list of allowed PKCS#11/Security key paths */ |
| static char *provider_whitelist; |
static char *allowed_providers; |
| |
|
| /* locking */ |
/* locking */ |
| #define LOCK_SIZE 32 |
#define LOCK_SIZE 32 |
|
|
| free(sk_provider); |
free(sk_provider); |
| sk_provider = xstrdup(canonical_provider); |
sk_provider = xstrdup(canonical_provider); |
| if (match_pattern_list(sk_provider, |
if (match_pattern_list(sk_provider, |
| provider_whitelist, 0) != 1) { |
allowed_providers, 0) != 1) { |
| error("Refusing add key: " |
error("Refusing add key: " |
| "provider %s not whitelisted", sk_provider); |
"provider %s not allowed", sk_provider); |
| free(sk_provider); |
free(sk_provider); |
| goto send; |
goto send; |
| } |
} |
|
|
| provider, strerror(errno)); |
provider, strerror(errno)); |
| goto send; |
goto send; |
| } |
} |
| if (match_pattern_list(canonical_provider, provider_whitelist, 0) != 1) { |
if (match_pattern_list(canonical_provider, allowed_providers, 0) != 1) { |
| verbose("refusing PKCS#11 add of \"%.100s\": " |
verbose("refusing PKCS#11 add of \"%.100s\": " |
| "provider not whitelisted", canonical_provider); |
"provider not allowed", canonical_provider); |
| goto send; |
goto send; |
| } |
} |
| debug("%s: add %.100s", __func__, canonical_provider); |
debug("%s: add %.100s", __func__, canonical_provider); |
|
|
| fprintf(stderr, |
fprintf(stderr, |
| "usage: ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash]\n" |
"usage: ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash]\n" |
| " [-P provider_whitelist] [-t life]\n" |
" [-P provider_whitelist] [-t life]\n" |
| " ssh-agent [-a bind_address] [-E fingerprint_hash] [-P provider_whitelist]\n" |
" ssh-agent [-a bind_address] [-E fingerprint_hash] [-P allowed_providers]\n" |
| " [-t life] command [arg ...]\n" |
" [-t life] command [arg ...]\n" |
| " ssh-agent [-c | -s] -k\n"); |
" ssh-agent [-c | -s] -k\n"); |
| exit(1); |
exit(1); |
|
|
| fatal("Unknown -O option"); |
fatal("Unknown -O option"); |
| break; |
break; |
| case 'P': |
case 'P': |
| if (provider_whitelist != NULL) |
if (allowed_providers != NULL) |
| fatal("-P option already specified"); |
fatal("-P option already specified"); |
| provider_whitelist = xstrdup(optarg); |
allowed_providers = xstrdup(optarg); |
| break; |
break; |
| case 's': |
case 's': |
| if (c_flag) |
if (c_flag) |
|
|
| if (ac > 0 && (c_flag || k_flag || s_flag || d_flag || D_flag)) |
if (ac > 0 && (c_flag || k_flag || s_flag || d_flag || D_flag)) |
| usage(); |
usage(); |
| |
|
| if (provider_whitelist == NULL) |
if (allowed_providers == NULL) |
| provider_whitelist = xstrdup(DEFAULT_PROVIDER_WHITELIST); |
allowed_providers = xstrdup(DEFAULT_PROVIDER_WHITELIST); |
| |
|
| if (ac == 0 && !c_flag && !s_flag) { |
if (ac == 0 && !c_flag && !s_flag) { |
| shell = getenv("SHELL"); |
shell = getenv("SHELL"); |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-agent.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh