diff options
Diffstat (limited to 'auth-options.c')
-rw-r--r-- | auth-options.c | 43 |
1 files changed, 42 insertions, 1 deletions
diff --git a/auth-options.c b/auth-options.c index 60d5f749b..57a67ec79 100644 --- a/auth-options.c +++ b/auth-options.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth-options.c,v 1.50 2010/04/16 01:47:26 djm Exp $ */ | 1 | /* $OpenBSD: auth-options.c,v 1.51 2010/05/07 11:30:29 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -55,6 +55,9 @@ struct envstring *custom_environment = NULL; | |||
55 | /* "tunnel=" option. */ | 55 | /* "tunnel=" option. */ |
56 | int forced_tun_device = -1; | 56 | int forced_tun_device = -1; |
57 | 57 | ||
58 | /* "principals=" option. */ | ||
59 | char *authorized_principals = NULL; | ||
60 | |||
58 | extern ServerOptions options; | 61 | extern ServerOptions options; |
59 | 62 | ||
60 | void | 63 | void |
@@ -76,6 +79,10 @@ auth_clear_options(void) | |||
76 | xfree(forced_command); | 79 | xfree(forced_command); |
77 | forced_command = NULL; | 80 | forced_command = NULL; |
78 | } | 81 | } |
82 | if (authorized_principals) { | ||
83 | xfree(authorized_principals); | ||
84 | authorized_principals = NULL; | ||
85 | } | ||
79 | forced_tun_device = -1; | 86 | forced_tun_device = -1; |
80 | channel_clear_permitted_opens(); | 87 | channel_clear_permitted_opens(); |
81 | } | 88 | } |
@@ -141,6 +148,8 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
141 | cp = "command=\""; | 148 | cp = "command=\""; |
142 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { | 149 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
143 | opts += strlen(cp); | 150 | opts += strlen(cp); |
151 | if (forced_command != NULL) | ||
152 | xfree(forced_command); | ||
144 | forced_command = xmalloc(strlen(opts) + 1); | 153 | forced_command = xmalloc(strlen(opts) + 1); |
145 | i = 0; | 154 | i = 0; |
146 | while (*opts) { | 155 | while (*opts) { |
@@ -167,6 +176,38 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
167 | opts++; | 176 | opts++; |
168 | goto next_option; | 177 | goto next_option; |
169 | } | 178 | } |
179 | cp = "principals=\""; | ||
180 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { | ||
181 | opts += strlen(cp); | ||
182 | if (authorized_principals != NULL) | ||
183 | xfree(authorized_principals); | ||
184 | authorized_principals = xmalloc(strlen(opts) + 1); | ||
185 | i = 0; | ||
186 | while (*opts) { | ||
187 | if (*opts == '"') | ||
188 | break; | ||
189 | if (*opts == '\\' && opts[1] == '"') { | ||
190 | opts += 2; | ||
191 | authorized_principals[i++] = '"'; | ||
192 | continue; | ||
193 | } | ||
194 | authorized_principals[i++] = *opts++; | ||
195 | } | ||
196 | if (!*opts) { | ||
197 | debug("%.100s, line %lu: missing end quote", | ||
198 | file, linenum); | ||
199 | auth_debug_add("%.100s, line %lu: missing end quote", | ||
200 | file, linenum); | ||
201 | xfree(authorized_principals); | ||
202 | authorized_principals = NULL; | ||
203 | goto bad_option; | ||
204 | } | ||
205 | authorized_principals[i] = '\0'; | ||
206 | auth_debug_add("principals: %.900s", | ||
207 | authorized_principals); | ||
208 | opts++; | ||
209 | goto next_option; | ||
210 | } | ||
170 | cp = "environment=\""; | 211 | cp = "environment=\""; |
171 | if (options.permit_user_env && | 212 | if (options.permit_user_env && |
172 | strncasecmp(opts, cp, strlen(cp)) == 0) { | 213 | strncasecmp(opts, cp, strlen(cp)) == 0) { |