summaryrefslogtreecommitdiff
path: root/auth-options.c
diff options
context:
space:
mode:
Diffstat (limited to 'auth-options.c')
-rw-r--r--auth-options.c66
1 files changed, 34 insertions, 32 deletions
diff --git a/auth-options.c b/auth-options.c
index 23d0423e1..80d59ee95 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth-options.c,v 1.57 2012/12/02 20:46:11 djm Exp $ */ 1/* $OpenBSD: auth-options.c,v 1.59 2013/07/12 00:19:58 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -72,15 +72,15 @@ auth_clear_options(void)
72 while (custom_environment) { 72 while (custom_environment) {
73 struct envstring *ce = custom_environment; 73 struct envstring *ce = custom_environment;
74 custom_environment = ce->next; 74 custom_environment = ce->next;
75 xfree(ce->s); 75 free(ce->s);
76 xfree(ce); 76 free(ce);
77 } 77 }
78 if (forced_command) { 78 if (forced_command) {
79 xfree(forced_command); 79 free(forced_command);
80 forced_command = NULL; 80 forced_command = NULL;
81 } 81 }
82 if (authorized_principals) { 82 if (authorized_principals) {
83 xfree(authorized_principals); 83 free(authorized_principals);
84 authorized_principals = NULL; 84 authorized_principals = NULL;
85 } 85 }
86 forced_tun_device = -1; 86 forced_tun_device = -1;
@@ -149,7 +149,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
149 if (strncasecmp(opts, cp, strlen(cp)) == 0) { 149 if (strncasecmp(opts, cp, strlen(cp)) == 0) {
150 opts += strlen(cp); 150 opts += strlen(cp);
151 if (forced_command != NULL) 151 if (forced_command != NULL)
152 xfree(forced_command); 152 free(forced_command);
153 forced_command = xmalloc(strlen(opts) + 1); 153 forced_command = xmalloc(strlen(opts) + 1);
154 i = 0; 154 i = 0;
155 while (*opts) { 155 while (*opts) {
@@ -167,7 +167,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
167 file, linenum); 167 file, linenum);
168 auth_debug_add("%.100s, line %lu: missing end quote", 168 auth_debug_add("%.100s, line %lu: missing end quote",
169 file, linenum); 169 file, linenum);
170 xfree(forced_command); 170 free(forced_command);
171 forced_command = NULL; 171 forced_command = NULL;
172 goto bad_option; 172 goto bad_option;
173 } 173 }
@@ -180,7 +180,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
180 if (strncasecmp(opts, cp, strlen(cp)) == 0) { 180 if (strncasecmp(opts, cp, strlen(cp)) == 0) {
181 opts += strlen(cp); 181 opts += strlen(cp);
182 if (authorized_principals != NULL) 182 if (authorized_principals != NULL)
183 xfree(authorized_principals); 183 free(authorized_principals);
184 authorized_principals = xmalloc(strlen(opts) + 1); 184 authorized_principals = xmalloc(strlen(opts) + 1);
185 i = 0; 185 i = 0;
186 while (*opts) { 186 while (*opts) {
@@ -198,7 +198,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
198 file, linenum); 198 file, linenum);
199 auth_debug_add("%.100s, line %lu: missing end quote", 199 auth_debug_add("%.100s, line %lu: missing end quote",
200 file, linenum); 200 file, linenum);
201 xfree(authorized_principals); 201 free(authorized_principals);
202 authorized_principals = NULL; 202 authorized_principals = NULL;
203 goto bad_option; 203 goto bad_option;
204 } 204 }
@@ -232,7 +232,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
232 file, linenum); 232 file, linenum);
233 auth_debug_add("%.100s, line %lu: missing end quote", 233 auth_debug_add("%.100s, line %lu: missing end quote",
234 file, linenum); 234 file, linenum);
235 xfree(s); 235 free(s);
236 goto bad_option; 236 goto bad_option;
237 } 237 }
238 s[i] = '\0'; 238 s[i] = '\0';
@@ -269,7 +269,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
269 file, linenum); 269 file, linenum);
270 auth_debug_add("%.100s, line %lu: missing end quote", 270 auth_debug_add("%.100s, line %lu: missing end quote",
271 file, linenum); 271 file, linenum);
272 xfree(patterns); 272 free(patterns);
273 goto bad_option; 273 goto bad_option;
274 } 274 }
275 patterns[i] = '\0'; 275 patterns[i] = '\0';
@@ -277,7 +277,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
277 switch (match_host_and_ip(remote_host, remote_ip, 277 switch (match_host_and_ip(remote_host, remote_ip,
278 patterns)) { 278 patterns)) {
279 case 1: 279 case 1:
280 xfree(patterns); 280 free(patterns);
281 /* Host name matches. */ 281 /* Host name matches. */
282 goto next_option; 282 goto next_option;
283 case -1: 283 case -1:
@@ -287,7 +287,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
287 "invalid criteria", file, linenum); 287 "invalid criteria", file, linenum);
288 /* FALLTHROUGH */ 288 /* FALLTHROUGH */
289 case 0: 289 case 0:
290 xfree(patterns); 290 free(patterns);
291 logit("Authentication tried for %.100s with " 291 logit("Authentication tried for %.100s with "
292 "correct key but not from a permitted " 292 "correct key but not from a permitted "
293 "host (host=%.200s, ip=%.200s).", 293 "host (host=%.200s, ip=%.200s).",
@@ -323,7 +323,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
323 file, linenum); 323 file, linenum);
324 auth_debug_add("%.100s, line %lu: missing " 324 auth_debug_add("%.100s, line %lu: missing "
325 "end quote", file, linenum); 325 "end quote", file, linenum);
326 xfree(patterns); 326 free(patterns);
327 goto bad_option; 327 goto bad_option;
328 } 328 }
329 patterns[i] = '\0'; 329 patterns[i] = '\0';
@@ -337,7 +337,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
337 auth_debug_add("%.100s, line %lu: " 337 auth_debug_add("%.100s, line %lu: "
338 "Bad permitopen specification", file, 338 "Bad permitopen specification", file,
339 linenum); 339 linenum);
340 xfree(patterns); 340 free(patterns);
341 goto bad_option; 341 goto bad_option;
342 } 342 }
343 host = cleanhostname(host); 343 host = cleanhostname(host);
@@ -346,12 +346,12 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
346 "<%.100s>", file, linenum, p ? p : ""); 346 "<%.100s>", file, linenum, p ? p : "");
347 auth_debug_add("%.100s, line %lu: " 347 auth_debug_add("%.100s, line %lu: "
348 "Bad permitopen port", file, linenum); 348 "Bad permitopen port", file, linenum);
349 xfree(patterns); 349 free(patterns);
350 goto bad_option; 350 goto bad_option;
351 } 351 }
352 if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0) 352 if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0)
353 channel_add_permitted_opens(host, port); 353 channel_add_permitted_opens(host, port);
354 xfree(patterns); 354 free(patterns);
355 goto next_option; 355 goto next_option;
356 } 356 }
357 cp = "tunnel=\""; 357 cp = "tunnel=\"";
@@ -370,13 +370,13 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
370 file, linenum); 370 file, linenum);
371 auth_debug_add("%.100s, line %lu: missing end quote", 371 auth_debug_add("%.100s, line %lu: missing end quote",
372 file, linenum); 372 file, linenum);
373 xfree(tun); 373 free(tun);
374 forced_tun_device = -1; 374 forced_tun_device = -1;
375 goto bad_option; 375 goto bad_option;
376 } 376 }
377 tun[i] = '\0'; 377 tun[i] = '\0';
378 forced_tun_device = a2tun(tun, NULL); 378 forced_tun_device = a2tun(tun, NULL);
379 xfree(tun); 379 free(tun);
380 if (forced_tun_device == SSH_TUNID_ERR) { 380 if (forced_tun_device == SSH_TUNID_ERR) {
381 debug("%.100s, line %lu: invalid tun device", 381 debug("%.100s, line %lu: invalid tun device",
382 file, linenum); 382 file, linenum);
@@ -432,7 +432,8 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
432{ 432{
433 char *command, *allowed; 433 char *command, *allowed;
434 const char *remote_ip; 434 const char *remote_ip;
435 u_char *name = NULL, *data_blob = NULL; 435 char *name = NULL;
436 u_char *data_blob = NULL;
436 u_int nlen, dlen, clen; 437 u_int nlen, dlen, clen;
437 Buffer c, data; 438 Buffer c, data;
438 int ret = -1, found; 439 int ret = -1, found;
@@ -484,7 +485,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
484 if (*cert_forced_command != NULL) { 485 if (*cert_forced_command != NULL) {
485 error("Certificate has multiple " 486 error("Certificate has multiple "
486 "force-command options"); 487 "force-command options");
487 xfree(command); 488 free(command);
488 goto out; 489 goto out;
489 } 490 }
490 *cert_forced_command = command; 491 *cert_forced_command = command;
@@ -500,7 +501,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
500 if ((*cert_source_address_done)++) { 501 if ((*cert_source_address_done)++) {
501 error("Certificate has multiple " 502 error("Certificate has multiple "
502 "source-address options"); 503 "source-address options");
503 xfree(allowed); 504 free(allowed);
504 goto out; 505 goto out;
505 } 506 }
506 remote_ip = get_remote_ipaddr(); 507 remote_ip = get_remote_ipaddr();
@@ -508,7 +509,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
508 allowed)) { 509 allowed)) {
509 case 1: 510 case 1:
510 /* accepted */ 511 /* accepted */
511 xfree(allowed); 512 free(allowed);
512 break; 513 break;
513 case 0: 514 case 0:
514 /* no match */ 515 /* no match */
@@ -521,12 +522,12 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
521 "is not permitted to use this " 522 "is not permitted to use this "
522 "certificate for login.", 523 "certificate for login.",
523 remote_ip); 524 remote_ip);
524 xfree(allowed); 525 free(allowed);
525 goto out; 526 goto out;
526 case -1: 527 case -1:
527 error("Certificate source-address " 528 error("Certificate source-address "
528 "contents invalid"); 529 "contents invalid");
529 xfree(allowed); 530 free(allowed);
530 goto out; 531 goto out;
531 } 532 }
532 found = 1; 533 found = 1;
@@ -548,9 +549,10 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
548 goto out; 549 goto out;
549 } 550 }
550 buffer_clear(&data); 551 buffer_clear(&data);
551 xfree(name); 552 free(name);
552 xfree(data_blob); 553 free(data_blob);
553 name = data_blob = NULL; 554 name = NULL;
555 data_blob = NULL;
554 } 556 }
555 /* successfully parsed all options */ 557 /* successfully parsed all options */
556 ret = 0; 558 ret = 0;
@@ -559,13 +561,13 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
559 if (ret != 0 && 561 if (ret != 0 &&
560 cert_forced_command != NULL && 562 cert_forced_command != NULL &&
561 *cert_forced_command != NULL) { 563 *cert_forced_command != NULL) {
562 xfree(*cert_forced_command); 564 free(*cert_forced_command);
563 *cert_forced_command = NULL; 565 *cert_forced_command = NULL;
564 } 566 }
565 if (name != NULL) 567 if (name != NULL)
566 xfree(name); 568 free(name);
567 if (data_blob != NULL) 569 if (data_blob != NULL)
568 xfree(data_blob); 570 free(data_blob);
569 buffer_free(&data); 571 buffer_free(&data);
570 buffer_free(&c); 572 buffer_free(&c);
571 return ret; 573 return ret;
@@ -627,7 +629,7 @@ auth_cert_options(Key *k, struct passwd *pw)
627 /* CA-specified forced command supersedes key option */ 629 /* CA-specified forced command supersedes key option */
628 if (cert_forced_command != NULL) { 630 if (cert_forced_command != NULL) {
629 if (forced_command != NULL) 631 if (forced_command != NULL)
630 xfree(forced_command); 632 free(forced_command);
631 forced_command = cert_forced_command; 633 forced_command = cert_forced_command;
632 } 634 }
633 return 0; 635 return 0;