summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2019-09-05 04:55:32 +0000
committerDamien Miller <djm@mindrot.org>2019-09-05 14:56:51 +1000
commitbab6feb01f9924758ca7129dba708298a53dde5f (patch)
tree5f9204d39f29dc9047a491401173847a6e7d8836
parent4f9d75fbafde83d428e291516f8ce98e6b3a7c4b (diff)
upstream: expose allowed_signers options parsing code in header for
fuzzing rename to make more consistent with philosophically-similar auth options parsing API. OpenBSD-Commit-ID: 0c67600ef04187f98e2912ca57b60c22a8025b7c
-rw-r--r--sshsig.c18
-rw-r--r--sshsig.h8
2 files changed, 17 insertions, 9 deletions
diff --git a/sshsig.c b/sshsig.c
index ab9fe43bc..bda57b30e 100644
--- a/sshsig.c
+++ b/sshsig.c
@@ -605,16 +605,16 @@ sshsig_verify_fd(struct sshbuf *signature, int fd,
605 return r; 605 return r;
606} 606}
607 607
608struct sigopts { 608struct sshsigopt {
609 int ca; 609 int ca;
610 char *namespaces; 610 char *namespaces;
611}; 611};
612 612
613static struct sigopts * 613struct sshsigopt *
614sigopts_parse(const char *opts, const char *path, u_long linenum, 614sshsigopt_parse(const char *opts, const char *path, u_long linenum,
615 const char **errstrp) 615 const char **errstrp)
616{ 616{
617 struct sigopts *ret; 617 struct sshsigopt *ret;
618 int r; 618 int r;
619 const char *errstr = NULL; 619 const char *errstr = NULL;
620 620
@@ -662,8 +662,8 @@ sigopts_parse(const char *opts, const char *path, u_long linenum,
662 return NULL; 662 return NULL;
663} 663}
664 664
665static void 665void
666sigopts_free(struct sigopts *opts) 666sshsigopt_free(struct sshsigopt *opts)
667{ 667{
668 if (opts == NULL) 668 if (opts == NULL)
669 return; 669 return;
@@ -680,7 +680,7 @@ check_allowed_keys_line(const char *path, u_long linenum, char *line,
680 char *cp, *opts = NULL, *identities = NULL; 680 char *cp, *opts = NULL, *identities = NULL;
681 int r, found = 0; 681 int r, found = 0;
682 const char *reason = NULL; 682 const char *reason = NULL;
683 struct sigopts *sigopts = NULL; 683 struct sshsigopt *sigopts = NULL;
684 684
685 if ((found_key = sshkey_new(KEY_UNSPEC)) == NULL) { 685 if ((found_key = sshkey_new(KEY_UNSPEC)) == NULL) {
686 error("%s: sshkey_new failed", __func__); 686 error("%s: sshkey_new failed", __func__);
@@ -720,7 +720,7 @@ check_allowed_keys_line(const char *path, u_long linenum, char *line,
720 } 720 }
721 } 721 }
722 debug3("%s:%lu: options %s", path, linenum, opts == NULL ? "" : opts); 722 debug3("%s:%lu: options %s", path, linenum, opts == NULL ? "" : opts);
723 if ((sigopts = sigopts_parse(opts, path, linenum, &reason)) == NULL) { 723 if ((sigopts = sshsigopt_parse(opts, path, linenum, &reason)) == NULL) {
724 error("%s:%lu: bad options: %s", path, linenum, reason); 724 error("%s:%lu: bad options: %s", path, linenum, reason);
725 goto done; 725 goto done;
726 } 726 }
@@ -756,7 +756,7 @@ check_allowed_keys_line(const char *path, u_long linenum, char *line,
756 } 756 }
757 done: 757 done:
758 sshkey_free(found_key); 758 sshkey_free(found_key);
759 sigopts_free(sigopts); 759 sshsigopt_free(sigopts);
760 return found ? 0 : SSH_ERR_KEY_NOT_FOUND; 760 return found ? 0 : SSH_ERR_KEY_NOT_FOUND;
761} 761}
762 762
diff --git a/sshsig.h b/sshsig.h
index fc1d607b3..e3eeb601b 100644
--- a/sshsig.h
+++ b/sshsig.h
@@ -19,6 +19,7 @@
19 19
20struct sshbuf; 20struct sshbuf;
21struct sshkey; 21struct sshkey;
22struct sshsigopt;
22 23
23typedef int sshsig_signer(struct sshkey *, u_char **, size_t *, 24typedef int sshsig_signer(struct sshkey *, u_char **, size_t *,
24 const u_char *, size_t, const char *, u_int, void *); 25 const u_char *, size_t, const char *, u_int, void *);
@@ -81,4 +82,11 @@ int sshsig_dearmor(struct sshbuf *sig, struct sshbuf **out);
81int sshsig_check_allowed_keys(const char *path, const struct sshkey *sign_key, 82int sshsig_check_allowed_keys(const char *path, const struct sshkey *sign_key,
82 const char *principal, const char *ns); 83 const char *principal, const char *ns);
83 84
85/* Parse zero or more allowed_keys signature options */
86struct sshsigopt *sshsigopt_parse(const char *opts,
87 const char *path, u_long linenum, const char **errstrp);
88
89/* Free signature options */
90void sshsigopt_free(struct sshsigopt *opts);
91
84#endif /* SSHSIG_H */ 92#endif /* SSHSIG_H */