diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-09-05 04:55:32 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-09-05 14:56:51 +1000 |
commit | bab6feb01f9924758ca7129dba708298a53dde5f (patch) | |
tree | 5f9204d39f29dc9047a491401173847a6e7d8836 | |
parent | 4f9d75fbafde83d428e291516f8ce98e6b3a7c4b (diff) |
upstream: expose allowed_signers options parsing code in header for
fuzzing
rename to make more consistent with philosophically-similar auth
options parsing API.
OpenBSD-Commit-ID: 0c67600ef04187f98e2912ca57b60c22a8025b7c
-rw-r--r-- | sshsig.c | 18 | ||||
-rw-r--r-- | sshsig.h | 8 |
2 files changed, 17 insertions, 9 deletions
@@ -605,16 +605,16 @@ sshsig_verify_fd(struct sshbuf *signature, int fd, | |||
605 | return r; | 605 | return r; |
606 | } | 606 | } |
607 | 607 | ||
608 | struct sigopts { | 608 | struct sshsigopt { |
609 | int ca; | 609 | int ca; |
610 | char *namespaces; | 610 | char *namespaces; |
611 | }; | 611 | }; |
612 | 612 | ||
613 | static struct sigopts * | 613 | struct sshsigopt * |
614 | sigopts_parse(const char *opts, const char *path, u_long linenum, | 614 | sshsigopt_parse(const char *opts, const char *path, u_long linenum, |
615 | const char **errstrp) | 615 | const char **errstrp) |
616 | { | 616 | { |
617 | struct sigopts *ret; | 617 | struct sshsigopt *ret; |
618 | int r; | 618 | int r; |
619 | const char *errstr = NULL; | 619 | const char *errstr = NULL; |
620 | 620 | ||
@@ -662,8 +662,8 @@ sigopts_parse(const char *opts, const char *path, u_long linenum, | |||
662 | return NULL; | 662 | return NULL; |
663 | } | 663 | } |
664 | 664 | ||
665 | static void | 665 | void |
666 | sigopts_free(struct sigopts *opts) | 666 | sshsigopt_free(struct sshsigopt *opts) |
667 | { | 667 | { |
668 | if (opts == NULL) | 668 | if (opts == NULL) |
669 | return; | 669 | return; |
@@ -680,7 +680,7 @@ check_allowed_keys_line(const char *path, u_long linenum, char *line, | |||
680 | char *cp, *opts = NULL, *identities = NULL; | 680 | char *cp, *opts = NULL, *identities = NULL; |
681 | int r, found = 0; | 681 | int r, found = 0; |
682 | const char *reason = NULL; | 682 | const char *reason = NULL; |
683 | struct sigopts *sigopts = NULL; | 683 | struct sshsigopt *sigopts = NULL; |
684 | 684 | ||
685 | if ((found_key = sshkey_new(KEY_UNSPEC)) == NULL) { | 685 | if ((found_key = sshkey_new(KEY_UNSPEC)) == NULL) { |
686 | error("%s: sshkey_new failed", __func__); | 686 | error("%s: sshkey_new failed", __func__); |
@@ -720,7 +720,7 @@ check_allowed_keys_line(const char *path, u_long linenum, char *line, | |||
720 | } | 720 | } |
721 | } | 721 | } |
722 | debug3("%s:%lu: options %s", path, linenum, opts == NULL ? "" : opts); | 722 | debug3("%s:%lu: options %s", path, linenum, opts == NULL ? "" : opts); |
723 | if ((sigopts = sigopts_parse(opts, path, linenum, &reason)) == NULL) { | 723 | if ((sigopts = sshsigopt_parse(opts, path, linenum, &reason)) == NULL) { |
724 | error("%s:%lu: bad options: %s", path, linenum, reason); | 724 | error("%s:%lu: bad options: %s", path, linenum, reason); |
725 | goto done; | 725 | goto done; |
726 | } | 726 | } |
@@ -756,7 +756,7 @@ check_allowed_keys_line(const char *path, u_long linenum, char *line, | |||
756 | } | 756 | } |
757 | done: | 757 | done: |
758 | sshkey_free(found_key); | 758 | sshkey_free(found_key); |
759 | sigopts_free(sigopts); | 759 | sshsigopt_free(sigopts); |
760 | return found ? 0 : SSH_ERR_KEY_NOT_FOUND; | 760 | return found ? 0 : SSH_ERR_KEY_NOT_FOUND; |
761 | } | 761 | } |
762 | 762 | ||
@@ -19,6 +19,7 @@ | |||
19 | 19 | ||
20 | struct sshbuf; | 20 | struct sshbuf; |
21 | struct sshkey; | 21 | struct sshkey; |
22 | struct sshsigopt; | ||
22 | 23 | ||
23 | typedef int sshsig_signer(struct sshkey *, u_char **, size_t *, | 24 | typedef int sshsig_signer(struct sshkey *, u_char **, size_t *, |
24 | const u_char *, size_t, const char *, u_int, void *); | 25 | const u_char *, size_t, const char *, u_int, void *); |
@@ -81,4 +82,11 @@ int sshsig_dearmor(struct sshbuf *sig, struct sshbuf **out); | |||
81 | int sshsig_check_allowed_keys(const char *path, const struct sshkey *sign_key, | 82 | int sshsig_check_allowed_keys(const char *path, const struct sshkey *sign_key, |
82 | const char *principal, const char *ns); | 83 | const char *principal, const char *ns); |
83 | 84 | ||
85 | /* Parse zero or more allowed_keys signature options */ | ||
86 | struct sshsigopt *sshsigopt_parse(const char *opts, | ||
87 | const char *path, u_long linenum, const char **errstrp); | ||
88 | |||
89 | /* Free signature options */ | ||
90 | void sshsigopt_free(struct sshsigopt *opts); | ||
91 | |||
84 | #endif /* SSHSIG_H */ | 92 | #endif /* SSHSIG_H */ |