summaryrefslogtreecommitdiff
path: root/auth-options.c
diff options
context:
space:
mode:
Diffstat (limited to 'auth-options.c')
-rw-r--r--auth-options.c66
1 files changed, 34 insertions, 32 deletions
diff --git a/auth-options.c b/auth-options.c
index 78e8f3955..73e330bf5 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth-options.c,v 1.57 2012/12/02 20:46:11 djm Exp $ */ 1/* $OpenBSD: auth-options.c,v 1.59 2013/07/12 00:19:58 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -83,15 +83,15 @@ auth_clear_options(void)
83 while (custom_environment) { 83 while (custom_environment) {
84 struct envstring *ce = custom_environment; 84 struct envstring *ce = custom_environment;
85 custom_environment = ce->next; 85 custom_environment = ce->next;
86 xfree(ce->s); 86 free(ce->s);
87 xfree(ce); 87 free(ce);
88 } 88 }
89 if (forced_command) { 89 if (forced_command) {
90 xfree(forced_command); 90 free(forced_command);
91 forced_command = NULL; 91 forced_command = NULL;
92 } 92 }
93 if (authorized_principals) { 93 if (authorized_principals) {
94 xfree(authorized_principals); 94 free(authorized_principals);
95 authorized_principals = NULL; 95 authorized_principals = NULL;
96 } 96 }
97 forced_tun_device = -1; 97 forced_tun_device = -1;
@@ -160,7 +160,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
160 if (strncasecmp(opts, cp, strlen(cp)) == 0) { 160 if (strncasecmp(opts, cp, strlen(cp)) == 0) {
161 opts += strlen(cp); 161 opts += strlen(cp);
162 if (forced_command != NULL) 162 if (forced_command != NULL)
163 xfree(forced_command); 163 free(forced_command);
164 forced_command = xmalloc(strlen(opts) + 1); 164 forced_command = xmalloc(strlen(opts) + 1);
165 i = 0; 165 i = 0;
166 while (*opts) { 166 while (*opts) {
@@ -178,7 +178,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
178 file, linenum); 178 file, linenum);
179 auth_debug_add("%.100s, line %lu: missing end quote", 179 auth_debug_add("%.100s, line %lu: missing end quote",
180 file, linenum); 180 file, linenum);
181 xfree(forced_command); 181 free(forced_command);
182 forced_command = NULL; 182 forced_command = NULL;
183 goto bad_option; 183 goto bad_option;
184 } 184 }
@@ -191,7 +191,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
191 if (strncasecmp(opts, cp, strlen(cp)) == 0) { 191 if (strncasecmp(opts, cp, strlen(cp)) == 0) {
192 opts += strlen(cp); 192 opts += strlen(cp);
193 if (authorized_principals != NULL) 193 if (authorized_principals != NULL)
194 xfree(authorized_principals); 194 free(authorized_principals);
195 authorized_principals = xmalloc(strlen(opts) + 1); 195 authorized_principals = xmalloc(strlen(opts) + 1);
196 i = 0; 196 i = 0;
197 while (*opts) { 197 while (*opts) {
@@ -209,7 +209,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
209 file, linenum); 209 file, linenum);
210 auth_debug_add("%.100s, line %lu: missing end quote", 210 auth_debug_add("%.100s, line %lu: missing end quote",
211 file, linenum); 211 file, linenum);
212 xfree(authorized_principals); 212 free(authorized_principals);
213 authorized_principals = NULL; 213 authorized_principals = NULL;
214 goto bad_option; 214 goto bad_option;
215 } 215 }
@@ -243,7 +243,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
243 file, linenum); 243 file, linenum);
244 auth_debug_add("%.100s, line %lu: missing end quote", 244 auth_debug_add("%.100s, line %lu: missing end quote",
245 file, linenum); 245 file, linenum);
246 xfree(s); 246 free(s);
247 goto bad_option; 247 goto bad_option;
248 } 248 }
249 s[i] = '\0'; 249 s[i] = '\0';
@@ -280,7 +280,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
280 file, linenum); 280 file, linenum);
281 auth_debug_add("%.100s, line %lu: missing end quote", 281 auth_debug_add("%.100s, line %lu: missing end quote",
282 file, linenum); 282 file, linenum);
283 xfree(patterns); 283 free(patterns);
284 goto bad_option; 284 goto bad_option;
285 } 285 }
286 patterns[i] = '\0'; 286 patterns[i] = '\0';
@@ -288,7 +288,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
288 switch (match_host_and_ip(remote_host, remote_ip, 288 switch (match_host_and_ip(remote_host, remote_ip,
289 patterns)) { 289 patterns)) {
290 case 1: 290 case 1:
291 xfree(patterns); 291 free(patterns);
292 /* Host name matches. */ 292 /* Host name matches. */
293 goto next_option; 293 goto next_option;
294 case -1: 294 case -1:
@@ -298,7 +298,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
298 "invalid criteria", file, linenum); 298 "invalid criteria", file, linenum);
299 /* FALLTHROUGH */ 299 /* FALLTHROUGH */
300 case 0: 300 case 0:
301 xfree(patterns); 301 free(patterns);
302 if (!logged_from_hostip) { 302 if (!logged_from_hostip) {
303 logit("Authentication tried for %.100s with " 303 logit("Authentication tried for %.100s with "
304 "correct key but not from a permitted " 304 "correct key but not from a permitted "
@@ -337,7 +337,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
337 file, linenum); 337 file, linenum);
338 auth_debug_add("%.100s, line %lu: missing " 338 auth_debug_add("%.100s, line %lu: missing "
339 "end quote", file, linenum); 339 "end quote", file, linenum);
340 xfree(patterns); 340 free(patterns);
341 goto bad_option; 341 goto bad_option;
342 } 342 }
343 patterns[i] = '\0'; 343 patterns[i] = '\0';
@@ -351,7 +351,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
351 auth_debug_add("%.100s, line %lu: " 351 auth_debug_add("%.100s, line %lu: "
352 "Bad permitopen specification", file, 352 "Bad permitopen specification", file,
353 linenum); 353 linenum);
354 xfree(patterns); 354 free(patterns);
355 goto bad_option; 355 goto bad_option;
356 } 356 }
357 host = cleanhostname(host); 357 host = cleanhostname(host);
@@ -360,12 +360,12 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
360 "<%.100s>", file, linenum, p ? p : ""); 360 "<%.100s>", file, linenum, p ? p : "");
361 auth_debug_add("%.100s, line %lu: " 361 auth_debug_add("%.100s, line %lu: "
362 "Bad permitopen port", file, linenum); 362 "Bad permitopen port", file, linenum);
363 xfree(patterns); 363 free(patterns);
364 goto bad_option; 364 goto bad_option;
365 } 365 }
366 if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0) 366 if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0)
367 channel_add_permitted_opens(host, port); 367 channel_add_permitted_opens(host, port);
368 xfree(patterns); 368 free(patterns);
369 goto next_option; 369 goto next_option;
370 } 370 }
371 cp = "tunnel=\""; 371 cp = "tunnel=\"";
@@ -384,13 +384,13 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
384 file, linenum); 384 file, linenum);
385 auth_debug_add("%.100s, line %lu: missing end quote", 385 auth_debug_add("%.100s, line %lu: missing end quote",
386 file, linenum); 386 file, linenum);
387 xfree(tun); 387 free(tun);
388 forced_tun_device = -1; 388 forced_tun_device = -1;
389 goto bad_option; 389 goto bad_option;
390 } 390 }
391 tun[i] = '\0'; 391 tun[i] = '\0';
392 forced_tun_device = a2tun(tun, NULL); 392 forced_tun_device = a2tun(tun, NULL);
393 xfree(tun); 393 free(tun);
394 if (forced_tun_device == SSH_TUNID_ERR) { 394 if (forced_tun_device == SSH_TUNID_ERR) {
395 debug("%.100s, line %lu: invalid tun device", 395 debug("%.100s, line %lu: invalid tun device",
396 file, linenum); 396 file, linenum);
@@ -446,7 +446,8 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
446{ 446{
447 char *command, *allowed; 447 char *command, *allowed;
448 const char *remote_ip; 448 const char *remote_ip;
449 u_char *name = NULL, *data_blob = NULL; 449 char *name = NULL;
450 u_char *data_blob = NULL;
450 u_int nlen, dlen, clen; 451 u_int nlen, dlen, clen;
451 Buffer c, data; 452 Buffer c, data;
452 int ret = -1, found; 453 int ret = -1, found;
@@ -498,7 +499,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
498 if (*cert_forced_command != NULL) { 499 if (*cert_forced_command != NULL) {
499 error("Certificate has multiple " 500 error("Certificate has multiple "
500 "force-command options"); 501 "force-command options");
501 xfree(command); 502 free(command);
502 goto out; 503 goto out;
503 } 504 }
504 *cert_forced_command = command; 505 *cert_forced_command = command;
@@ -514,7 +515,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
514 if ((*cert_source_address_done)++) { 515 if ((*cert_source_address_done)++) {
515 error("Certificate has multiple " 516 error("Certificate has multiple "
516 "source-address options"); 517 "source-address options");
517 xfree(allowed); 518 free(allowed);
518 goto out; 519 goto out;
519 } 520 }
520 remote_ip = get_remote_ipaddr(); 521 remote_ip = get_remote_ipaddr();
@@ -522,7 +523,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
522 allowed)) { 523 allowed)) {
523 case 1: 524 case 1:
524 /* accepted */ 525 /* accepted */
525 xfree(allowed); 526 free(allowed);
526 break; 527 break;
527 case 0: 528 case 0:
528 /* no match */ 529 /* no match */
@@ -538,12 +539,12 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
538 "is not permitted to use this " 539 "is not permitted to use this "
539 "certificate for login.", 540 "certificate for login.",
540 remote_ip); 541 remote_ip);
541 xfree(allowed); 542 free(allowed);
542 goto out; 543 goto out;
543 case -1: 544 case -1:
544 error("Certificate source-address " 545 error("Certificate source-address "
545 "contents invalid"); 546 "contents invalid");
546 xfree(allowed); 547 free(allowed);
547 goto out; 548 goto out;
548 } 549 }
549 found = 1; 550 found = 1;
@@ -565,9 +566,10 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
565 goto out; 566 goto out;
566 } 567 }
567 buffer_clear(&data); 568 buffer_clear(&data);
568 xfree(name); 569 free(name);
569 xfree(data_blob); 570 free(data_blob);
570 name = data_blob = NULL; 571 name = NULL;
572 data_blob = NULL;
571 } 573 }
572 /* successfully parsed all options */ 574 /* successfully parsed all options */
573 ret = 0; 575 ret = 0;
@@ -576,13 +578,13 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
576 if (ret != 0 && 578 if (ret != 0 &&
577 cert_forced_command != NULL && 579 cert_forced_command != NULL &&
578 *cert_forced_command != NULL) { 580 *cert_forced_command != NULL) {
579 xfree(*cert_forced_command); 581 free(*cert_forced_command);
580 *cert_forced_command = NULL; 582 *cert_forced_command = NULL;
581 } 583 }
582 if (name != NULL) 584 if (name != NULL)
583 xfree(name); 585 free(name);
584 if (data_blob != NULL) 586 if (data_blob != NULL)
585 xfree(data_blob); 587 free(data_blob);
586 buffer_free(&data); 588 buffer_free(&data);
587 buffer_free(&c); 589 buffer_free(&c);
588 return ret; 590 return ret;
@@ -644,7 +646,7 @@ auth_cert_options(Key *k, struct passwd *pw)
644 /* CA-specified forced command supersedes key option */ 646 /* CA-specified forced command supersedes key option */
645 if (cert_forced_command != NULL) { 647 if (cert_forced_command != NULL) {
646 if (forced_command != NULL) 648 if (forced_command != NULL)
647 xfree(forced_command); 649 free(forced_command);
648 forced_command = cert_forced_command; 650 forced_command = cert_forced_command;
649 } 651 }
650 return 0; 652 return 0;
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-19 06:26:35 +0000