diff options
Diffstat (limited to 'auth-options.c')
| -rw-r--r-- | auth-options.c | 43 |
1 files changed, 42 insertions, 1 deletions
diff --git a/auth-options.c b/auth-options.c index 60d5f749b..57a67ec79 100644 --- a/auth-options.c +++ b/auth-options.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: auth-options.c,v 1.50 2010/04/16 01:47:26 djm Exp $ */ | 1 | /* $OpenBSD: auth-options.c,v 1.51 2010/05/07 11:30:29 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -55,6 +55,9 @@ struct envstring *custom_environment = NULL; | |||
| 55 | /* "tunnel=" option. */ | 55 | /* "tunnel=" option. */ |
| 56 | int forced_tun_device = -1; | 56 | int forced_tun_device = -1; |
| 57 | 57 | ||
| 58 | /* "principals=" option. */ | ||
| 59 | char *authorized_principals = NULL; | ||
| 60 | |||
| 58 | extern ServerOptions options; | 61 | extern ServerOptions options; |
| 59 | 62 | ||
| 60 | void | 63 | void |
| @@ -76,6 +79,10 @@ auth_clear_options(void) | |||
| 76 | xfree(forced_command); | 79 | xfree(forced_command); |
| 77 | forced_command = NULL; | 80 | forced_command = NULL; |
| 78 | } | 81 | } |
| 82 | if (authorized_principals) { | ||
| 83 | xfree(authorized_principals); | ||
| 84 | authorized_principals = NULL; | ||
| 85 | } | ||
| 79 | forced_tun_device = -1; | 86 | forced_tun_device = -1; |
| 80 | channel_clear_permitted_opens(); | 87 | channel_clear_permitted_opens(); |
| 81 | } | 88 | } |
| @@ -141,6 +148,8 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
| 141 | cp = "command=\""; | 148 | cp = "command=\""; |
| 142 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { | 149 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
| 143 | opts += strlen(cp); | 150 | opts += strlen(cp); |
| 151 | if (forced_command != NULL) | ||
| 152 | xfree(forced_command); | ||
| 144 | forced_command = xmalloc(strlen(opts) + 1); | 153 | forced_command = xmalloc(strlen(opts) + 1); |
| 145 | i = 0; | 154 | i = 0; |
| 146 | while (*opts) { | 155 | while (*opts) { |
| @@ -167,6 +176,38 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
| 167 | opts++; | 176 | opts++; |
| 168 | goto next_option; | 177 | goto next_option; |
| 169 | } | 178 | } |
| 179 | cp = "principals=\""; | ||
| 180 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { | ||
| 181 | opts += strlen(cp); | ||
| 182 | if (authorized_principals != NULL) | ||
| 183 | xfree(authorized_principals); | ||
| 184 | authorized_principals = xmalloc(strlen(opts) + 1); | ||
| 185 | i = 0; | ||
| 186 | while (*opts) { | ||
| 187 | if (*opts == '"') | ||
| 188 | break; | ||
| 189 | if (*opts == '\\' && opts[1] == '"') { | ||
| 190 | opts += 2; | ||
| 191 | authorized_principals[i++] = '"'; | ||
| 192 | continue; | ||
| 193 | } | ||
| 194 | authorized_principals[i++] = *opts++; | ||
| 195 | } | ||
| 196 | if (!*opts) { | ||
| 197 | debug("%.100s, line %lu: missing end quote", | ||
| 198 | file, linenum); | ||
| 199 | auth_debug_add("%.100s, line %lu: missing end quote", | ||
| 200 | file, linenum); | ||
| 201 | xfree(authorized_principals); | ||
| 202 | authorized_principals = NULL; | ||
| 203 | goto bad_option; | ||
| 204 | } | ||
| 205 | authorized_principals[i] = '\0'; | ||
| 206 | auth_debug_add("principals: %.900s", | ||
| 207 | authorized_principals); | ||
| 208 | opts++; | ||
| 209 | goto next_option; | ||
| 210 | } | ||
| 170 | cp = "environment=\""; | 211 | cp = "environment=\""; |
| 171 | if (options.permit_user_env && | 212 | if (options.permit_user_env && |
| 172 | strncasecmp(opts, cp, strlen(cp)) == 0) { | 213 | strncasecmp(opts, cp, strlen(cp)) == 0) { |