tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-26 23:34:55 +02:00
Code Issues Packages Projects Releases Wiki Activity

upstream: expose allowed_signers options parsing code in header for

Browse Source 
fuzzing

rename to make more consistent with philosophically-similar auth
options parsing API.

OpenBSD-Commit-ID: 0c67600ef04187f98e2912ca57b60c22a8025b7c
This commit is contained in:
djm@openbsd.org 2019-09-05 04:55:32 +00:00 committed by Damien Miller
parent 4f9d75fbaf
commit bab6feb01f
2 changed files with 17 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
sshsig.c
View File

@ -605,16 +605,16 @@ sshsig_verify_fd(struct sshbuf *signature, int fd,
return r; return r;
} }
struct sigopts { struct sshsigopt {
int ca; int ca;
char *namespaces; char *namespaces;
}; };
static struct sigopts * struct sshsigopt *
sigopts_parse(const char *opts, const char *path, u_long linenum, sshsigopt_parse(const char *opts, const char *path, u_long linenum,
const char **errstrp) const char **errstrp)
{ {
struct sigopts *ret; struct sshsigopt *ret;
int r; int r;
const char *errstr = NULL; const char *errstr = NULL;
@ -662,8 +662,8 @@ sigopts_parse(const char *opts, const char *path, u_long linenum,
return NULL; return NULL;
} }
static void void
sigopts_free(struct sigopts *opts) sshsigopt_free(struct sshsigopt *opts)
{ {
if (opts == NULL) if (opts == NULL)
return; return;
@ -680,7 +680,7 @@ check_allowed_keys_line(const char *path, u_long linenum, char *line,
char *cp, *opts = NULL, *identities = NULL; char *cp, *opts = NULL, *identities = NULL;
int r, found = 0; int r, found = 0;
const char *reason = NULL; const char *reason = NULL;
struct sigopts *sigopts = NULL; struct sshsigopt *sigopts = NULL;
if ((found_key = sshkey_new(KEY_UNSPEC)) == NULL) { if ((found_key = sshkey_new(KEY_UNSPEC)) == NULL) {
error("%s: sshkey_new failed", __func__); error("%s: sshkey_new failed", __func__);
@ -720,7 +720,7 @@ check_allowed_keys_line(const char *path, u_long linenum, char *line,
} }
} }
debug3("%s:%lu: options %s", path, linenum, opts == NULL ? "" : opts); debug3("%s:%lu: options %s", path, linenum, opts == NULL ? "" : opts);
if ((sigopts = sigopts_parse(opts, path, linenum, &reason)) == NULL) { if ((sigopts = sshsigopt_parse(opts, path, linenum, &reason)) == NULL) {
error("%s:%lu: bad options: %s", path, linenum, reason); error("%s:%lu: bad options: %s", path, linenum, reason);
goto done; goto done;
} }
@ -756,7 +756,7 @@ check_allowed_keys_line(const char *path, u_long linenum, char *line,
} }
done: done:
sshkey_free(found_key); sshkey_free(found_key);
sigopts_free(sigopts); sshsigopt_free(sigopts);
return found ? 0 : SSH_ERR_KEY_NOT_FOUND; return found ? 0 : SSH_ERR_KEY_NOT_FOUND;
} }

8
sshsig.h
View File

@ -19,6 +19,7 @@
struct sshbuf; struct sshbuf;
struct sshkey; struct sshkey;
struct sshsigopt;
typedef int sshsig_signer(struct sshkey *, u_char **, size_t *, typedef int sshsig_signer(struct sshkey *, u_char **, size_t *,
const u_char *, size_t, const char *, u_int, void *); const u_char *, size_t, const char *, u_int, void *);
@ -81,4 +82,11 @@ int sshsig_dearmor(struct sshbuf *sig, struct sshbuf **out);
int sshsig_check_allowed_keys(const char *path, const struct sshkey *sign_key, int sshsig_check_allowed_keys(const char *path, const struct sshkey *sign_key,
const char *principal, const char *ns); const char *principal, const char *ns);
/* Parse zero or more allowed_keys signature options */
struct sshsigopt *sshsigopt_parse(const char *opts,
const char *path, u_long linenum, const char **errstrp);
/* Free signature options */
void sshsigopt_free(struct sshsigopt *opts);
#endif /* SSHSIG_H */ #endif /* SSHSIG_H */