upstream commit

delete support for legacy v00 certificates; "sure" markus@ dtucker@ Upstream-ID: b5b9bb5f9202d09e88f912989d74928601b6636f
author: djm@openbsd.org <djm@openbsd.org> 2015-07-03 03:43:18 +0000
committer: Damien Miller <djm@mindrot.org> 2015-07-15 15:35:09 +1000
commit: c28fc62d789d860c75e23a9fa9fb250eb2beca57 (patch)
tree: 9b540db8aed167256bb61cd9df90dbedb31cc79d /auth-options.c
parent: 564d63e1b4a9637a209d42a9d49646781fc9caef (diff)
1 files changed, 16 insertions, 30 deletions
diff --git a/auth-options.c b/auth-options.c
index facfc025b..e387697d3 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.c,v 1.67 2015/05/01 03:20:54 djm Exp $ */
+/* $OpenBSD: auth-options.c,v 1.68 2015/07/03 03:43:18 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -588,35 +588,21 @@ auth_cert_options(struct sshkey *k, struct passwd *pw)
        char *cert_forced_command = NULL;
        int cert_source_address_done = 0;
-        if (sshkey_cert_is_legacy(k)) {
+        /* Separate options and extensions for v01 certs */
-                /* All options are in the one field for v00 certs */
+        if (parse_option_list(k->cert->critical, pw,
-                if (parse_option_list(k->cert->critical, pw,
+            OPTIONS_CRITICAL, 1, NULL, NULL, NULL, NULL, NULL,
-                    OPTIONS_CRITICAL|OPTIONS_EXTENSIONS, 1,
+            &cert_forced_command,
-                    &cert_no_port_forwarding_flag,
+            &cert_source_address_done) == -1)
-                    &cert_no_agent_forwarding_flag,
+                return -1;
-                    &cert_no_x11_forwarding_flag,
+        if (parse_option_list(k->cert->extensions, pw,
-                    &cert_no_pty_flag,
+            OPTIONS_EXTENSIONS, 0,
-                    &cert_no_user_rc,
+            &cert_no_port_forwarding_flag,
-                    &cert_forced_command,
+            &cert_no_agent_forwarding_flag,
-                    &cert_source_address_done) == -1)
+            &cert_no_x11_forwarding_flag,
-                        return -1;
+            &cert_no_pty_flag,
-        } else {
+            &cert_no_user_rc,
-                /* Separate options and extensions for v01 certs */
+            NULL, NULL) == -1)
-                if (parse_option_list(k->cert->critical, pw,
+                return -1;
-                    OPTIONS_CRITICAL, 1, NULL, NULL, NULL, NULL, NULL,
-                    &cert_forced_command,
-                    &cert_source_address_done) == -1)
-                        return -1;
-                if (parse_option_list(k->cert->extensions, pw,
-                    OPTIONS_EXTENSIONS, 0,
-                    &cert_no_port_forwarding_flag,
-                    &cert_no_agent_forwarding_flag,
-                    &cert_no_x11_forwarding_flag,
-                    &cert_no_pty_flag,
-                    &cert_no_user_rc,
-                    NULL, NULL) == -1)
-                        return -1;
-        }
        no_port_forwarding_flag |= cert_no_port_forwarding_flag;
        no_agent_forwarding_flag |= cert_no_agent_forwarding_flag;
author	djm@openbsd.org <djm@openbsd.org>	2015-07-03 03:43:18 +0000
committer	Damien Miller <djm@mindrot.org>	2015-07-15 15:35:09 +1000
commit	c28fc62d789d860c75e23a9fa9fb250eb2beca57 (patch)
tree	9b540db8aed167256bb61cd9df90dbedb31cc79d /auth-options.c
parent	564d63e1b4a9637a209d42a9d49646781fc9caef (diff)

diff --git a/auth-options.c b/auth-options.c index facfc025b..e387697d3 100644 --- a/auth-options.c +++ b/auth-options.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: auth-options.c,v 1.67 2015/05/01 03:20:54 djm Exp $ */	1	/* $OpenBSD: auth-options.c,v 1.68 2015/07/03 03:43:18 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -588,35 +588,21 @@ auth_cert_options(struct sshkey k, struct passwd pw)
588	char *cert_forced_command = NULL;	588	char *cert_forced_command = NULL;
589	int cert_source_address_done = 0;	589	int cert_source_address_done = 0;
590		590
591	if (sshkey_cert_is_legacy(k)) {	591	/* Separate options and extensions for v01 certs */
592	/* All options are in the one field for v00 certs */	592	if (parse_option_list(k->cert->critical, pw,
593	if (parse_option_list(k->cert->critical, pw,	593	OPTIONS_CRITICAL, 1, NULL, NULL, NULL, NULL, NULL,
594	OPTIONS_CRITICAL\|OPTIONS_EXTENSIONS, 1,	594	&cert_forced_command,
595	&cert_no_port_forwarding_flag,	595	&cert_source_address_done) == -1)
596	&cert_no_agent_forwarding_flag,	596	return -1;
597	&cert_no_x11_forwarding_flag,	597	if (parse_option_list(k->cert->extensions, pw,
598	&cert_no_pty_flag,	598	OPTIONS_EXTENSIONS, 0,
599	&cert_no_user_rc,	599	&cert_no_port_forwarding_flag,
600	&cert_forced_command,	600	&cert_no_agent_forwarding_flag,
601	&cert_source_address_done) == -1)	601	&cert_no_x11_forwarding_flag,
602	return -1;	602	&cert_no_pty_flag,
603	} else {	603	&cert_no_user_rc,
604	/* Separate options and extensions for v01 certs */	604	NULL, NULL) == -1)
605	if (parse_option_list(k->cert->critical, pw,	605	return -1;
606	OPTIONS_CRITICAL, 1, NULL, NULL, NULL, NULL, NULL,
607	&cert_forced_command,
608	&cert_source_address_done) == -1)
609	return -1;
610	if (parse_option_list(k->cert->extensions, pw,
611	OPTIONS_EXTENSIONS, 0,
612	&cert_no_port_forwarding_flag,
613	&cert_no_agent_forwarding_flag,
614	&cert_no_x11_forwarding_flag,
615	&cert_no_pty_flag,
616	&cert_no_user_rc,
617	NULL, NULL) == -1)
618	return -1;
619	}
620		606
621	no_port_forwarding_flag \|= cert_no_port_forwarding_flag;	607	no_port_forwarding_flag \|= cert_no_port_forwarding_flag;
622	no_agent_forwarding_flag \|= cert_no_agent_forwarding_flag;	608	no_agent_forwarding_flag \|= cert_no_agent_forwarding_flag;