diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2018-03-12 00:52:01 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2018-03-14 18:55:32 +1100 |
| commit | bf0fbf2b11a44f06a64b620af7d01ff171c28e13 (patch) | |
| tree | bebb13975a12e80a295cafeec72417a6911ea750 /auth-options.c | |
| parent | fbd733ab7adc907118a6cf56c08ed90c7000043f (diff) | |
upstream: add valid-before="[time]" authorized_keys option. A
simple way of giving a key an expiry date. ok markus@
OpenBSD-Commit-ID: 1793b4dd5184fa87f42ed33c7b0f4f02bc877947
Diffstat (limited to 'auth-options.c')
| -rw-r--r-- | auth-options.c | 32 |
1 files changed, 29 insertions, 3 deletions
diff --git a/auth-options.c b/auth-options.c index 484e44b74..38211fa2a 100644 --- a/auth-options.c +++ b/auth-options.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: auth-options.c,v 1.76 2018/03/03 03:15:51 djm Exp $ */ | 1 | /* $OpenBSD: auth-options.c,v 1.77 2018/03/12 00:52:01 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018 Damien Miller <djm@mindrot.org> | 3 | * Copyright (c) 2018 Damien Miller <djm@mindrot.org> |
| 4 | * | 4 | * |
| @@ -311,6 +311,7 @@ sshauthopt_parse(const char *opts, const char **errstrp) | |||
| 311 | int r; | 311 | int r; |
| 312 | struct sshauthopt *ret = NULL; | 312 | struct sshauthopt *ret = NULL; |
| 313 | const char *errstr = "unknown error"; | 313 | const char *errstr = "unknown error"; |
| 314 | uint64_t valid_before; | ||
| 314 | 315 | ||
| 315 | if (errstrp != NULL) | 316 | if (errstrp != NULL) |
| 316 | *errstrp = NULL; | 317 | *errstrp = NULL; |
| @@ -366,6 +367,19 @@ sshauthopt_parse(const char *opts, const char **errstrp) | |||
| 366 | &errstr); | 367 | &errstr); |
| 367 | if (ret->required_from_host_keys == NULL) | 368 | if (ret->required_from_host_keys == NULL) |
| 368 | goto fail; | 369 | goto fail; |
| 370 | } else if (opt_match(&opts, "valid-before")) { | ||
| 371 | if ((opt = opt_dequote(&opts, &errstr)) == NULL) | ||
| 372 | goto fail; | ||
| 373 | if (parse_absolute_time(opt, &valid_before) != 0 || | ||
| 374 | valid_before == 0) { | ||
| 375 | free(opt); | ||
| 376 | errstr = "invalid expires time"; | ||
| 377 | goto fail; | ||
| 378 | } | ||
| 379 | free(opt); | ||
| 380 | if (ret->valid_before == 0 || | ||
| 381 | valid_before < ret->valid_before) | ||
| 382 | ret->valid_before = valid_before; | ||
| 369 | } else if (opt_match(&opts, "environment")) { | 383 | } else if (opt_match(&opts, "environment")) { |
| 370 | if (ret->nenv > INT_MAX) { | 384 | if (ret->nenv > INT_MAX) { |
| 371 | errstr = "too many environment strings"; | 385 | errstr = "too many environment strings"; |
| @@ -572,6 +586,13 @@ sshauthopt_merge(const struct sshauthopt *primary, | |||
| 572 | OPTFLAG(permit_user_rc); | 586 | OPTFLAG(permit_user_rc); |
| 573 | #undef OPTFLAG | 587 | #undef OPTFLAG |
| 574 | 588 | ||
| 589 | /* Earliest expiry time should win */ | ||
| 590 | if (primary->valid_before != 0) | ||
| 591 | ret->valid_before = primary->valid_before; | ||
| 592 | if (additional->valid_before != 0 && | ||
| 593 | additional->valid_before < ret->valid_before) | ||
| 594 | ret->valid_before = additional->valid_before; | ||
| 595 | |||
| 575 | /* | 596 | /* |
| 576 | * When both multiple forced-command are specified, only | 597 | * When both multiple forced-command are specified, only |
| 577 | * proceed if they are identical, otherwise fail. | 598 | * proceed if they are identical, otherwise fail. |
| @@ -631,6 +652,7 @@ sshauthopt_copy(const struct sshauthopt *orig) | |||
| 631 | OPTSCALAR(restricted); | 652 | OPTSCALAR(restricted); |
| 632 | OPTSCALAR(cert_authority); | 653 | OPTSCALAR(cert_authority); |
| 633 | OPTSCALAR(force_tun_device); | 654 | OPTSCALAR(force_tun_device); |
| 655 | OPTSCALAR(valid_before); | ||
| 634 | #undef OPTSCALAR | 656 | #undef OPTSCALAR |
| 635 | #define OPTSTRING(x) \ | 657 | #define OPTSTRING(x) \ |
| 636 | do { \ | 658 | do { \ |
| @@ -751,14 +773,15 @@ sshauthopt_serialise(const struct sshauthopt *opts, struct sshbuf *m, | |||
| 751 | { | 773 | { |
| 752 | int r = SSH_ERR_INTERNAL_ERROR; | 774 | int r = SSH_ERR_INTERNAL_ERROR; |
| 753 | 775 | ||
| 754 | /* Flag options */ | 776 | /* Flag and simple integer options */ |
| 755 | if ((r = sshbuf_put_u8(m, opts->permit_port_forwarding_flag)) != 0 || | 777 | if ((r = sshbuf_put_u8(m, opts->permit_port_forwarding_flag)) != 0 || |
| 756 | (r = sshbuf_put_u8(m, opts->permit_agent_forwarding_flag)) != 0 || | 778 | (r = sshbuf_put_u8(m, opts->permit_agent_forwarding_flag)) != 0 || |
| 757 | (r = sshbuf_put_u8(m, opts->permit_x11_forwarding_flag)) != 0 || | 779 | (r = sshbuf_put_u8(m, opts->permit_x11_forwarding_flag)) != 0 || |
| 758 | (r = sshbuf_put_u8(m, opts->permit_pty_flag)) != 0 || | 780 | (r = sshbuf_put_u8(m, opts->permit_pty_flag)) != 0 || |
| 759 | (r = sshbuf_put_u8(m, opts->permit_user_rc)) != 0 || | 781 | (r = sshbuf_put_u8(m, opts->permit_user_rc)) != 0 || |
| 760 | (r = sshbuf_put_u8(m, opts->restricted)) != 0 || | 782 | (r = sshbuf_put_u8(m, opts->restricted)) != 0 || |
| 761 | (r = sshbuf_put_u8(m, opts->cert_authority)) != 0) | 783 | (r = sshbuf_put_u8(m, opts->cert_authority)) != 0 || |
| 784 | (r = sshbuf_put_u64(m, opts->valid_before)) != 0) | ||
| 762 | return r; | 785 | return r; |
| 763 | 786 | ||
| 764 | /* tunnel number can be negative to indicate "unset" */ | 787 | /* tunnel number can be negative to indicate "unset" */ |
| @@ -815,6 +838,9 @@ sshauthopt_deserialise(struct sshbuf *m, struct sshauthopt **optsp) | |||
| 815 | OPT_FLAG(cert_authority); | 838 | OPT_FLAG(cert_authority); |
| 816 | #undef OPT_FLAG | 839 | #undef OPT_FLAG |
| 817 | 840 | ||
| 841 | if ((r = sshbuf_get_u64(m, &opts->valid_before)) != 0) | ||
| 842 | goto out; | ||
| 843 | |||
| 818 | /* tunnel number can be negative to indicate "unset" */ | 844 | /* tunnel number can be negative to indicate "unset" */ |
| 819 | if ((r = sshbuf_get_u8(m, &f)) != 0 || | 845 | if ((r = sshbuf_get_u8(m, &f)) != 0 || |
| 820 | (r = sshbuf_get_u32(m, &tmp)) != 0) | 846 | (r = sshbuf_get_u32(m, &tmp)) != 0) |