diff options
| author | Damien Miller <djm@mindrot.org> | 2010-07-02 13:35:19 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2010-07-02 13:35:19 +1000 |
| commit | 6018a36864643ad0e5ff1f7205a7187b961c2c57 (patch) | |
| tree | d40d615290070f2c1a9cdae4dae894ac41394e24 /auth2-pubkey.c | |
| parent | 44b25040110a224a79ff371ee548be9a10ba8bfa (diff) | |
- djm@cvs.openbsd.org 2010/06/29 23:16:46
[auth2-pubkey.c sshd_config.5]
allow key options (command="..." and friends) in AuthorizedPrincipals;
ok markus@
Diffstat (limited to 'auth2-pubkey.c')
| -rw-r--r-- | auth2-pubkey.c | 34 |
1 files changed, 27 insertions, 7 deletions
diff --git a/auth2-pubkey.c b/auth2-pubkey.c index faab0e771..35cf79c9f 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: auth2-pubkey.c,v 1.25 2010/05/20 11:25:26 djm Exp $ */ | 1 | /* $OpenBSD: auth2-pubkey.c,v 1.26 2010/06/29 23:16:46 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -198,10 +198,10 @@ match_principals_option(const char *principal_list, struct KeyCert *cert) | |||
| 198 | } | 198 | } |
| 199 | 199 | ||
| 200 | static int | 200 | static int |
| 201 | match_principals_file(const char *file, struct passwd *pw, struct KeyCert *cert) | 201 | match_principals_file(char *file, struct passwd *pw, struct KeyCert *cert) |
| 202 | { | 202 | { |
| 203 | FILE *f; | 203 | FILE *f; |
| 204 | char line[SSH_MAX_PUBKEY_BYTES], *cp; | 204 | char line[SSH_MAX_PUBKEY_BYTES], *cp, *ep, *line_opts; |
| 205 | u_long linenum = 0; | 205 | u_long linenum = 0; |
| 206 | u_int i; | 206 | u_int i; |
| 207 | 207 | ||
| @@ -212,17 +212,37 @@ match_principals_file(const char *file, struct passwd *pw, struct KeyCert *cert) | |||
| 212 | return 0; | 212 | return 0; |
| 213 | } | 213 | } |
| 214 | while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { | 214 | while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { |
| 215 | /* Skip leading whitespace, empty and comment lines. */ | 215 | /* Skip leading whitespace. */ |
| 216 | for (cp = line; *cp == ' ' || *cp == '\t'; cp++) | 216 | for (cp = line; *cp == ' ' || *cp == '\t'; cp++) |
| 217 | ; | 217 | ; |
| 218 | if (!*cp || *cp == '\n' || *cp == '#') | 218 | /* Skip blank and comment lines. */ |
| 219 | if ((ep = strchr(cp, '#')) != NULL) | ||
| 220 | *ep = '\0'; | ||
| 221 | if (!*cp || *cp == '\n') | ||
| 219 | continue; | 222 | continue; |
| 220 | line[strcspn(line, "\n")] = '\0'; | 223 | /* Trim trailing whitespace. */ |
| 221 | 224 | ep = cp + strlen(cp) - 1; | |
| 225 | while (ep > cp && (*ep == '\n' || *ep == ' ' || *ep == '\t')) | ||
| 226 | *ep-- = '\0'; | ||
| 227 | /* | ||
| 228 | * If the line has internal whitespace then assume it has | ||
| 229 | * key options. | ||
| 230 | */ | ||
| 231 | line_opts = NULL; | ||
| 232 | if ((ep = strrchr(cp, ' ')) != NULL || | ||
| 233 | (ep = strrchr(cp, '\t')) != NULL) { | ||
| 234 | for (; *ep == ' ' || *ep == '\t'; ep++) | ||
| 235 | ;; | ||
| 236 | line_opts = cp; | ||
| 237 | cp = ep; | ||
| 238 | } | ||
| 222 | for (i = 0; i < cert->nprincipals; i++) { | 239 | for (i = 0; i < cert->nprincipals; i++) { |
| 223 | if (strcmp(cp, cert->principals[i]) == 0) { | 240 | if (strcmp(cp, cert->principals[i]) == 0) { |
| 224 | debug3("matched principal from file \"%.100s\"", | 241 | debug3("matched principal from file \"%.100s\"", |
| 225 | cert->principals[i]); | 242 | cert->principals[i]); |
| 243 | if (auth_parse_options(pw, line_opts, | ||
| 244 | file, linenum) != 1) | ||
| 245 | continue; | ||
| 226 | fclose(f); | 246 | fclose(f); |
| 227 | restore_uid(); | 247 | restore_uid(); |
| 228 | return 1; | 248 | return 1; |