| auth-options.c (294336) | auth-options.c (294464) |
|---|---|
| 1/* $OpenBSD: auth-options.c,v 1.67 2015/05/01 03:20:54 djm Exp $ */ | 1/* $OpenBSD: auth-options.c,v 1.68 2015/07/03 03:43:18 djm Exp $ */ |
| 2/* 3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5 * All rights reserved 6 * As far as I am concerned, the code I have written for this software 7 * can be used freely for any purpose. Any derived versions of this 8 * software must be clearly marked as such, and if the derived work is 9 * incompatible with the protocol description in the RFC file, it must be --- 573 unchanged lines hidden (view full) --- 583 int cert_no_port_forwarding_flag = 1; 584 int cert_no_agent_forwarding_flag = 1; 585 int cert_no_x11_forwarding_flag = 1; 586 int cert_no_pty_flag = 1; 587 int cert_no_user_rc = 1; 588 char *cert_forced_command = NULL; 589 int cert_source_address_done = 0; 590 | 2/* 3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5 * All rights reserved 6 * As far as I am concerned, the code I have written for this software 7 * can be used freely for any purpose. Any derived versions of this 8 * software must be clearly marked as such, and if the derived work is 9 * incompatible with the protocol description in the RFC file, it must be --- 573 unchanged lines hidden (view full) --- 583 int cert_no_port_forwarding_flag = 1; 584 int cert_no_agent_forwarding_flag = 1; 585 int cert_no_x11_forwarding_flag = 1; 586 int cert_no_pty_flag = 1; 587 int cert_no_user_rc = 1; 588 char *cert_forced_command = NULL; 589 int cert_source_address_done = 0; 590 |
| 591 if (sshkey_cert_is_legacy(k)) { 592 /* All options are in the one field for v00 certs */ 593 if (parse_option_list(k->cert->critical, pw, 594 OPTIONS_CRITICAL|OPTIONS_EXTENSIONS, 1, 595 &cert_no_port_forwarding_flag, 596 &cert_no_agent_forwarding_flag, 597 &cert_no_x11_forwarding_flag, 598 &cert_no_pty_flag, 599 &cert_no_user_rc, 600 &cert_forced_command, 601 &cert_source_address_done) == -1) 602 return -1; 603 } else { 604 /* Separate options and extensions for v01 certs */ 605 if (parse_option_list(k->cert->critical, pw, 606 OPTIONS_CRITICAL, 1, NULL, NULL, NULL, NULL, NULL, 607 &cert_forced_command, 608 &cert_source_address_done) == -1) 609 return -1; 610 if (parse_option_list(k->cert->extensions, pw, 611 OPTIONS_EXTENSIONS, 0, 612 &cert_no_port_forwarding_flag, 613 &cert_no_agent_forwarding_flag, 614 &cert_no_x11_forwarding_flag, 615 &cert_no_pty_flag, 616 &cert_no_user_rc, 617 NULL, NULL) == -1) 618 return -1; 619 } | 591 /* Separate options and extensions for v01 certs */ 592 if (parse_option_list(k->cert->critical, pw, 593 OPTIONS_CRITICAL, 1, NULL, NULL, NULL, NULL, NULL, 594 &cert_forced_command, 595 &cert_source_address_done) == -1) 596 return -1; 597 if (parse_option_list(k->cert->extensions, pw, 598 OPTIONS_EXTENSIONS, 0, 599 &cert_no_port_forwarding_flag, 600 &cert_no_agent_forwarding_flag, 601 &cert_no_x11_forwarding_flag, 602 &cert_no_pty_flag, 603 &cert_no_user_rc, 604 NULL, NULL) == -1) 605 return -1; |
| 620 621 no_port_forwarding_flag |= cert_no_port_forwarding_flag; 622 no_agent_forwarding_flag |= cert_no_agent_forwarding_flag; 623 no_x11_forwarding_flag |= cert_no_x11_forwarding_flag; 624 no_pty_flag |= cert_no_pty_flag; 625 no_user_rc |= cert_no_user_rc; 626 /* CA-specified forced command supersedes key option */ 627 if (cert_forced_command != NULL) { 628 if (forced_command != NULL) 629 free(forced_command); 630 forced_command = cert_forced_command; 631 } 632 return 0; 633} 634 | 606 607 no_port_forwarding_flag |= cert_no_port_forwarding_flag; 608 no_agent_forwarding_flag |= cert_no_agent_forwarding_flag; 609 no_x11_forwarding_flag |= cert_no_x11_forwarding_flag; 610 no_pty_flag |= cert_no_pty_flag; 611 no_user_rc |= cert_no_user_rc; 612 /* CA-specified forced command supersedes key option */ 613 if (cert_forced_command != NULL) { 614 if (forced_command != NULL) 615 free(forced_command); 616 forced_command = cert_forced_command; 617 } 618 return 0; 619} 620 |