diff options
author | djm@openbsd.org <djm@openbsd.org> | 2015-07-03 03:43:18 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2015-07-15 15:35:09 +1000 |
commit | c28fc62d789d860c75e23a9fa9fb250eb2beca57 (patch) | |
tree | 9b540db8aed167256bb61cd9df90dbedb31cc79d /auth-options.c | |
parent | 564d63e1b4a9637a209d42a9d49646781fc9caef (diff) |
upstream commit
delete support for legacy v00 certificates; "sure"
markus@ dtucker@
Upstream-ID: b5b9bb5f9202d09e88f912989d74928601b6636f
Diffstat (limited to 'auth-options.c')
-rw-r--r-- | auth-options.c | 46 |
1 files changed, 16 insertions, 30 deletions
diff --git a/auth-options.c b/auth-options.c index facfc025b..e387697d3 100644 --- a/auth-options.c +++ b/auth-options.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth-options.c,v 1.67 2015/05/01 03:20:54 djm Exp $ */ | 1 | /* $OpenBSD: auth-options.c,v 1.68 2015/07/03 03:43:18 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -588,35 +588,21 @@ auth_cert_options(struct sshkey *k, struct passwd *pw) | |||
588 | char *cert_forced_command = NULL; | 588 | char *cert_forced_command = NULL; |
589 | int cert_source_address_done = 0; | 589 | int cert_source_address_done = 0; |
590 | 590 | ||
591 | if (sshkey_cert_is_legacy(k)) { | 591 | /* Separate options and extensions for v01 certs */ |
592 | /* All options are in the one field for v00 certs */ | 592 | if (parse_option_list(k->cert->critical, pw, |
593 | if (parse_option_list(k->cert->critical, pw, | 593 | OPTIONS_CRITICAL, 1, NULL, NULL, NULL, NULL, NULL, |
594 | OPTIONS_CRITICAL|OPTIONS_EXTENSIONS, 1, | 594 | &cert_forced_command, |
595 | &cert_no_port_forwarding_flag, | 595 | &cert_source_address_done) == -1) |
596 | &cert_no_agent_forwarding_flag, | 596 | return -1; |
597 | &cert_no_x11_forwarding_flag, | 597 | if (parse_option_list(k->cert->extensions, pw, |
598 | &cert_no_pty_flag, | 598 | OPTIONS_EXTENSIONS, 0, |
599 | &cert_no_user_rc, | 599 | &cert_no_port_forwarding_flag, |
600 | &cert_forced_command, | 600 | &cert_no_agent_forwarding_flag, |
601 | &cert_source_address_done) == -1) | 601 | &cert_no_x11_forwarding_flag, |
602 | return -1; | 602 | &cert_no_pty_flag, |
603 | } else { | 603 | &cert_no_user_rc, |
604 | /* Separate options and extensions for v01 certs */ | 604 | NULL, NULL) == -1) |
605 | if (parse_option_list(k->cert->critical, pw, | 605 | return -1; |
606 | OPTIONS_CRITICAL, 1, NULL, NULL, NULL, NULL, NULL, | ||
607 | &cert_forced_command, | ||
608 | &cert_source_address_done) == -1) | ||
609 | return -1; | ||
610 | if (parse_option_list(k->cert->extensions, pw, | ||
611 | OPTIONS_EXTENSIONS, 0, | ||
612 | &cert_no_port_forwarding_flag, | ||
613 | &cert_no_agent_forwarding_flag, | ||
614 | &cert_no_x11_forwarding_flag, | ||
615 | &cert_no_pty_flag, | ||
616 | &cert_no_user_rc, | ||
617 | NULL, NULL) == -1) | ||
618 | return -1; | ||
619 | } | ||
620 | 606 | ||
621 | no_port_forwarding_flag |= cert_no_port_forwarding_flag; | 607 | no_port_forwarding_flag |= cert_no_port_forwarding_flag; |
622 | no_agent_forwarding_flag |= cert_no_agent_forwarding_flag; | 608 | no_agent_forwarding_flag |= cert_no_agent_forwarding_flag; |