version 1.27, 2022/01/05 04:02:42 |
version 1.28, 2022/02/01 23:34:47 |
|
|
const char *reason; |
const char *reason; |
struct sshbuf *nprincipals; |
struct sshbuf *nprincipals; |
int r = SSH_ERR_INTERNAL_ERROR, success = 0; |
int r = SSH_ERR_INTERNAL_ERROR, success = 0; |
|
u_int i; |
|
|
oprincipals = principals = *principalsp; |
oprincipals = principals = *principalsp; |
*principalsp = NULL; |
*principalsp = NULL; |
|
|
} |
} |
|
|
while ((cp = strsep(&principals, ",")) != NULL && *cp != '\0') { |
while ((cp = strsep(&principals, ",")) != NULL && *cp != '\0') { |
if (strcspn(cp, "!?*") != strlen(cp)) { |
/* Check certificate validity */ |
debug("%s:%lu: principal \"%s\" not authorized: " |
|
"contains wildcards", path, linenum, cp); |
|
continue; |
|
} |
|
/* Check against principals list in certificate */ |
|
if ((r = sshkey_cert_check_authority(cert, 0, 1, 0, |
if ((r = sshkey_cert_check_authority(cert, 0, 1, 0, |
verify_time, cp, &reason)) != 0) { |
verify_time, NULL, &reason)) != 0) { |
debug("%s:%lu: principal \"%s\" not authorized: %s", |
debug("%s:%lu: principal \"%s\" not authorized: %s", |
path, linenum, cp, reason); |
path, linenum, cp, reason); |
continue; |
continue; |
} |
} |
if ((r = sshbuf_putf(nprincipals, "%s%s", |
/* Return all matching principal names from the cert */ |
sshbuf_len(nprincipals) != 0 ? "," : "", cp)) != 0) { |
for (i = 0; i < cert->cert->nprincipals; i++) { |
error_f("buffer error"); |
if (match_pattern(cert->cert->principals[i], cp)) { |
goto out; |
if ((r = sshbuf_putf(nprincipals, "%s%s", |
|
sshbuf_len(nprincipals) != 0 ? "," : "", |
|
cert->cert->principals[i])) != 0) { |
|
error_f("buffer error"); |
|
goto out; |
|
} |
|
} |
} |
} |
} |
} |
if (sshbuf_len(nprincipals) == 0) { |
if (sshbuf_len(nprincipals) == 0) { |