version 1.259, 2020/06/19 07:21:42 |
version 1.260, 2020/06/22 05:52:05 |
|
|
char socket_name[PATH_MAX]; |
char socket_name[PATH_MAX]; |
char socket_dir[PATH_MAX]; |
char socket_dir[PATH_MAX]; |
|
|
/* PKCS#11/Security key path whitelist */ |
/* Pattern-list of allowed PKCS#11/Security key paths */ |
static char *provider_whitelist; |
static char *allowed_providers; |
|
|
/* locking */ |
/* locking */ |
#define LOCK_SIZE 32 |
#define LOCK_SIZE 32 |
|
|
free(sk_provider); |
free(sk_provider); |
sk_provider = xstrdup(canonical_provider); |
sk_provider = xstrdup(canonical_provider); |
if (match_pattern_list(sk_provider, |
if (match_pattern_list(sk_provider, |
provider_whitelist, 0) != 1) { |
allowed_providers, 0) != 1) { |
error("Refusing add key: " |
error("Refusing add key: " |
"provider %s not whitelisted", sk_provider); |
"provider %s not allowed", sk_provider); |
free(sk_provider); |
free(sk_provider); |
goto send; |
goto send; |
} |
} |
|
|
provider, strerror(errno)); |
provider, strerror(errno)); |
goto send; |
goto send; |
} |
} |
if (match_pattern_list(canonical_provider, provider_whitelist, 0) != 1) { |
if (match_pattern_list(canonical_provider, allowed_providers, 0) != 1) { |
verbose("refusing PKCS#11 add of \"%.100s\": " |
verbose("refusing PKCS#11 add of \"%.100s\": " |
"provider not whitelisted", canonical_provider); |
"provider not allowed", canonical_provider); |
goto send; |
goto send; |
} |
} |
debug("%s: add %.100s", __func__, canonical_provider); |
debug("%s: add %.100s", __func__, canonical_provider); |
|
|
fprintf(stderr, |
fprintf(stderr, |
"usage: ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash]\n" |
"usage: ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash]\n" |
" [-P provider_whitelist] [-t life]\n" |
" [-P provider_whitelist] [-t life]\n" |
" ssh-agent [-a bind_address] [-E fingerprint_hash] [-P provider_whitelist]\n" |
" ssh-agent [-a bind_address] [-E fingerprint_hash] [-P allowed_providers]\n" |
" [-t life] command [arg ...]\n" |
" [-t life] command [arg ...]\n" |
" ssh-agent [-c | -s] -k\n"); |
" ssh-agent [-c | -s] -k\n"); |
exit(1); |
exit(1); |
|
|
fatal("Unknown -O option"); |
fatal("Unknown -O option"); |
break; |
break; |
case 'P': |
case 'P': |
if (provider_whitelist != NULL) |
if (allowed_providers != NULL) |
fatal("-P option already specified"); |
fatal("-P option already specified"); |
provider_whitelist = xstrdup(optarg); |
allowed_providers = xstrdup(optarg); |
break; |
break; |
case 's': |
case 's': |
if (c_flag) |
if (c_flag) |
|
|
if (ac > 0 && (c_flag || k_flag || s_flag || d_flag || D_flag)) |
if (ac > 0 && (c_flag || k_flag || s_flag || d_flag || D_flag)) |
usage(); |
usage(); |
|
|
if (provider_whitelist == NULL) |
if (allowed_providers == NULL) |
provider_whitelist = xstrdup(DEFAULT_PROVIDER_WHITELIST); |
allowed_providers = xstrdup(DEFAULT_PROVIDER_WHITELIST); |
|
|
if (ac == 0 && !c_flag && !s_flag) { |
if (ac == 0 && !c_flag && !s_flag) { |
shell = getenv("SHELL"); |
shell = getenv("SHELL"); |