| version 1.27, 2022/01/05 04:02:42 |
version 1.28, 2022/02/01 23:34:47 |
|
|
| const char *reason; |
const char *reason; |
| struct sshbuf *nprincipals; |
struct sshbuf *nprincipals; |
| int r = SSH_ERR_INTERNAL_ERROR, success = 0; |
int r = SSH_ERR_INTERNAL_ERROR, success = 0; |
| |
u_int i; |
| |
|
| oprincipals = principals = *principalsp; |
oprincipals = principals = *principalsp; |
| *principalsp = NULL; |
*principalsp = NULL; |
|
|
| } |
} |
| |
|
| while ((cp = strsep(&principals, ",")) != NULL && *cp != '\0') { |
while ((cp = strsep(&principals, ",")) != NULL && *cp != '\0') { |
| if (strcspn(cp, "!?*") != strlen(cp)) { |
/* Check certificate validity */ |
| debug("%s:%lu: principal \"%s\" not authorized: " |
|
| "contains wildcards", path, linenum, cp); |
|
| continue; |
|
| } |
|
| /* Check against principals list in certificate */ |
|
| if ((r = sshkey_cert_check_authority(cert, 0, 1, 0, |
if ((r = sshkey_cert_check_authority(cert, 0, 1, 0, |
| verify_time, cp, &reason)) != 0) { |
verify_time, NULL, &reason)) != 0) { |
| debug("%s:%lu: principal \"%s\" not authorized: %s", |
debug("%s:%lu: principal \"%s\" not authorized: %s", |
| path, linenum, cp, reason); |
path, linenum, cp, reason); |
| continue; |
continue; |
| } |
} |
| if ((r = sshbuf_putf(nprincipals, "%s%s", |
/* Return all matching principal names from the cert */ |
| sshbuf_len(nprincipals) != 0 ? "," : "", cp)) != 0) { |
for (i = 0; i < cert->cert->nprincipals; i++) { |
| error_f("buffer error"); |
if (match_pattern(cert->cert->principals[i], cp)) { |
| goto out; |
if ((r = sshbuf_putf(nprincipals, "%s%s", |
| |
sshbuf_len(nprincipals) != 0 ? "," : "", |
| |
cert->cert->principals[i])) != 0) { |
| |
error_f("buffer error"); |
| |
goto out; |
| |
} |
| |
} |
| } |
} |
| } |
} |
| if (sshbuf_len(nprincipals) == 0) { |
if (sshbuf_len(nprincipals) == 0) { |
![[BACK]](/icons/back.gif){kind=icon}
Return to sshsig.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh