| auth-options.c (225736) | auth-options.c (247485) |
|---|---|
| 1/* $OpenBSD: auth-options.c,v 1.54 2010/12/24 21:41:48 djm Exp $ */ | 1/* $OpenBSD: auth-options.c,v 1.56 2011/10/18 04:58:26 djm Exp $ */ |
| 2/* 3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5 * All rights reserved 6 * As far as I am concerned, the code I have written for this software 7 * can be used freely for any purpose. Any derived versions of this 8 * software must be clearly marked as such, and if the derived work is 9 * incompatible with the protocol description in the RFC file, it must be --- 326 unchanged lines hidden (view full) --- 336 patterns); 337 auth_debug_add("%.100s, line %lu: " 338 "Bad permitopen specification", file, 339 linenum); 340 xfree(patterns); 341 goto bad_option; 342 } 343 host = cleanhostname(host); | 2/* 3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5 * All rights reserved 6 * As far as I am concerned, the code I have written for this software 7 * can be used freely for any purpose. Any derived versions of this 8 * software must be clearly marked as such, and if the derived work is 9 * incompatible with the protocol description in the RFC file, it must be --- 326 unchanged lines hidden (view full) --- 336 patterns); 337 auth_debug_add("%.100s, line %lu: " 338 "Bad permitopen specification", file, 339 linenum); 340 xfree(patterns); 341 goto bad_option; 342 } 343 host = cleanhostname(host); |
| 344 if (p == NULL || (port = a2port(p)) <= 0) { | 344 if (p == NULL || (port = permitopen_port(p)) < 0) { |
| 345 debug("%.100s, line %lu: Bad permitopen port " 346 "<%.100s>", file, linenum, p ? p : ""); 347 auth_debug_add("%.100s, line %lu: " 348 "Bad permitopen port", file, linenum); 349 xfree(patterns); 350 goto bad_option; 351 } 352 if (options.allow_tcp_forwarding) --- 94 unchanged lines hidden (view full) --- 447 if ((name = buffer_get_cstring_ret(&c, &nlen)) == NULL || 448 (data_blob = buffer_get_string_ret(&c, &dlen)) == NULL) { 449 error("Certificate options corrupt"); 450 goto out; 451 } 452 buffer_append(&data, data_blob, dlen); 453 debug3("found certificate option \"%.100s\" len %u", 454 name, dlen); | 345 debug("%.100s, line %lu: Bad permitopen port " 346 "<%.100s>", file, linenum, p ? p : ""); 347 auth_debug_add("%.100s, line %lu: " 348 "Bad permitopen port", file, linenum); 349 xfree(patterns); 350 goto bad_option; 351 } 352 if (options.allow_tcp_forwarding) --- 94 unchanged lines hidden (view full) --- 447 if ((name = buffer_get_cstring_ret(&c, &nlen)) == NULL || 448 (data_blob = buffer_get_string_ret(&c, &dlen)) == NULL) { 449 error("Certificate options corrupt"); 450 goto out; 451 } 452 buffer_append(&data, data_blob, dlen); 453 debug3("found certificate option \"%.100s\" len %u", 454 name, dlen); |
| 455 if (strlen(name) != nlen) { 456 error("Certificate constraint name contains \\0"); 457 goto out; 458 } | |
| 459 found = 0; 460 if ((which & OPTIONS_EXTENSIONS) != 0) { 461 if (strcmp(name, "permit-X11-forwarding") == 0) { 462 *cert_no_x11_forwarding_flag = 0; 463 found = 1; 464 } else if (strcmp(name, 465 "permit-agent-forwarding") == 0) { 466 *cert_no_agent_forwarding_flag = 0; --- 13 unchanged lines hidden (view full) --- 480 if (!found && (which & OPTIONS_CRITICAL) != 0) { 481 if (strcmp(name, "force-command") == 0) { 482 if ((command = buffer_get_cstring_ret(&data, 483 &clen)) == NULL) { 484 error("Certificate constraint \"%s\" " 485 "corrupt", name); 486 goto out; 487 } | 455 found = 0; 456 if ((which & OPTIONS_EXTENSIONS) != 0) { 457 if (strcmp(name, "permit-X11-forwarding") == 0) { 458 *cert_no_x11_forwarding_flag = 0; 459 found = 1; 460 } else if (strcmp(name, 461 "permit-agent-forwarding") == 0) { 462 *cert_no_agent_forwarding_flag = 0; --- 13 unchanged lines hidden (view full) --- 476 if (!found && (which & OPTIONS_CRITICAL) != 0) { 477 if (strcmp(name, "force-command") == 0) { 478 if ((command = buffer_get_cstring_ret(&data, 479 &clen)) == NULL) { 480 error("Certificate constraint \"%s\" " 481 "corrupt", name); 482 goto out; 483 } |
| 488 if (strlen(command) != clen) { 489 error("force-command constraint " 490 "contains \\0"); 491 goto out; 492 } | |
| 493 if (*cert_forced_command != NULL) { 494 error("Certificate has multiple " 495 "force-command options"); 496 xfree(command); 497 goto out; 498 } 499 *cert_forced_command = command; 500 found = 1; 501 } 502 if (strcmp(name, "source-address") == 0) { 503 if ((allowed = buffer_get_cstring_ret(&data, 504 &clen)) == NULL) { 505 error("Certificate constraint " 506 "\"%s\" corrupt", name); 507 goto out; 508 } | 484 if (*cert_forced_command != NULL) { 485 error("Certificate has multiple " 486 "force-command options"); 487 xfree(command); 488 goto out; 489 } 490 *cert_forced_command = command; 491 found = 1; 492 } 493 if (strcmp(name, "source-address") == 0) { 494 if ((allowed = buffer_get_cstring_ret(&data, 495 &clen)) == NULL) { 496 error("Certificate constraint " 497 "\"%s\" corrupt", name); 498 goto out; 499 } |
| 509 if (strlen(allowed) != clen) { 510 error("source-address constraint " 511 "contains \\0"); 512 goto out; 513 } | |
| 514 if ((*cert_source_address_done)++) { 515 error("Certificate has multiple " 516 "source-address options"); 517 xfree(allowed); 518 goto out; 519 } 520 remote_ip = get_remote_ipaddr(); 521 switch (addr_match_cidr_list(remote_ip, --- 128 unchanged lines hidden --- | 500 if ((*cert_source_address_done)++) { 501 error("Certificate has multiple " 502 "source-address options"); 503 xfree(allowed); 504 goto out; 505 } 506 remote_ip = get_remote_ipaddr(); 507 switch (addr_match_cidr_list(remote_ip, --- 128 unchanged lines hidden --- |