upstream: add valid-before="[time]" authorized_keys option. A

simple way of giving a key an expiry date. ok markus@ OpenBSD-Commit-ID: 1793b4dd5184fa87f42ed33c7b0f4f02bc877947
author: djm@openbsd.org <djm@openbsd.org> 2018-03-12 00:52:01 +0000
committer: Damien Miller <djm@mindrot.org> 2018-03-14 18:55:32 +1100
commit: bf0fbf2b11a44f06a64b620af7d01ff171c28e13 (patch)
tree: bebb13975a12e80a295cafeec72417a6911ea750 /misc.c
parent: fbd733ab7adc907118a6cf56c08ed90c7000043f (diff)
1 files changed, 54 insertions, 1 deletions
diff --git a/misc.c b/misc.c
index fbc363100..874dcc8a2 100644
--- a/misc.c
+++ b/misc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.126 2018/03/07 23:53:08 djm Exp $ */
+/* $OpenBSD: misc.c,v 1.127 2018/03/12 00:52:01 djm Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 * Copyright (c) 2005,2006 Damien Miller.  All rights reserved.
@@ -1976,3 +1976,56 @@ atoi_err(const char *nptr, int *val)
                *val = (int)num;
        return errstr;
 }
+int
+parse_absolute_time(const char *s, uint64_t *tp)
+{
+        struct tm tm;
+        time_t tt;
+        char buf[32], *fmt;
+        *tp = 0;
+        /*
+         * POSIX strptime says "The application shall ensure that there
+         * is white-space or other non-alphanumeric characters between
+         * any two conversion specifications" so arrange things this way.
+         */
+        switch (strlen(s)) {
+        case 8: /* YYYYMMDD */
+                fmt = "%Y-%m-%d";
+                snprintf(buf, sizeof(buf), "%.4s-%.2s-%.2s", s, s + 4, s + 6);
+                break;
+        case 12: /* YYYYMMDDHHMM */
+                fmt = "%Y-%m-%dT%H:%M";
+                snprintf(buf, sizeof(buf), "%.4s-%.2s-%.2sT%.2s:%.2s",
+                    s, s + 4, s + 6, s + 8, s + 10);
+                break;
+        case 14: /* YYYYMMDDHHMMSS */
+                fmt = "%Y-%m-%dT%H:%M:%S";
+                snprintf(buf, sizeof(buf), "%.4s-%.2s-%.2sT%.2s:%.2s:%.2s",
+                    s, s + 4, s + 6, s + 8, s + 10, s + 12);
+                break;
+        default:
+                return SSH_ERR_INVALID_FORMAT;
+        }
+        memset(&tm, 0, sizeof(tm));
+        if (strptime(buf, fmt, &tm) == NULL)
+                return SSH_ERR_INVALID_FORMAT;
+        if ((tt = mktime(&tm)) < 0)
+                return SSH_ERR_INVALID_FORMAT;
+        /* success */
+        *tp = (uint64_t)tt;
+        return 0;
+}
+void
+format_absolute_time(uint64_t t, char *buf, size_t len)
+{
+        time_t tt = t > INT_MAX ? INT_MAX : t; /* XXX revisit in 2038 :P */
+        struct tm tm;
+        localtime_r(&tt, &tm);
+        strftime(buf, len, "%Y-%m-%dT%H:%M:%S", &tm);
+}
author	djm@openbsd.org <djm@openbsd.org>	2018-03-12 00:52:01 +0000
committer	Damien Miller <djm@mindrot.org>	2018-03-14 18:55:32 +1100
commit	bf0fbf2b11a44f06a64b620af7d01ff171c28e13 (patch)
tree	bebb13975a12e80a295cafeec72417a6911ea750 /misc.c
parent	fbd733ab7adc907118a6cf56c08ed90c7000043f (diff)

diff --git a/misc.c b/misc.c index fbc363100..874dcc8a2 100644 --- a/misc.c +++ b/misc.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: misc.c,v 1.126 2018/03/07 23:53:08 djm Exp $ */	1	/* $OpenBSD: misc.c,v 1.127 2018/03/12 00:52:01 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000 Markus Friedl. All rights reserved.	3	* Copyright (c) 2000 Markus Friedl. All rights reserved.
4	* Copyright (c) 2005,2006 Damien Miller. All rights reserved.	4	* Copyright (c) 2005,2006 Damien Miller. All rights reserved.
@@ -1976,3 +1976,56 @@ atoi_err(const char nptr, int val)
1976	*val = (int)num;	1976	*val = (int)num;
1977	return errstr;	1977	return errstr;
1978	}	1978	}
		1979
		1980	int
		1981	parse_absolute_time(const char s, uint64_t tp)
		1982	{
		1983	struct tm tm;
		1984	time_t tt;
		1985	char buf[32], *fmt;
		1986
		1987	*tp = 0;
		1988
		1989	/*
		1990	* POSIX strptime says "The application shall ensure that there
		1991	* is white-space or other non-alphanumeric characters between
		1992	* any two conversion specifications" so arrange things this way.
		1993	*/
		1994	switch (strlen(s)) {
		1995	case 8: /* YYYYMMDD */
		1996	fmt = "%Y-%m-%d";
		1997	snprintf(buf, sizeof(buf), "%.4s-%.2s-%.2s", s, s + 4, s + 6);
		1998	break;
		1999	case 12: /* YYYYMMDDHHMM */
		2000	fmt = "%Y-%m-%dT%H:%M";
		2001	snprintf(buf, sizeof(buf), "%.4s-%.2s-%.2sT%.2s:%.2s",
		2002	s, s + 4, s + 6, s + 8, s + 10);
		2003	break;
		2004	case 14: /* YYYYMMDDHHMMSS */
		2005	fmt = "%Y-%m-%dT%H:%M:%S";
		2006	snprintf(buf, sizeof(buf), "%.4s-%.2s-%.2sT%.2s:%.2s:%.2s",
		2007	s, s + 4, s + 6, s + 8, s + 10, s + 12);
		2008	break;
		2009	default:
		2010	return SSH_ERR_INVALID_FORMAT;
		2011	}
		2012
		2013	memset(&tm, 0, sizeof(tm));
		2014	if (strptime(buf, fmt, &tm) == NULL)
		2015	return SSH_ERR_INVALID_FORMAT;
		2016	if ((tt = mktime(&tm)) < 0)
		2017	return SSH_ERR_INVALID_FORMAT;
		2018	/* success */
		2019	*tp = (uint64_t)tt;
		2020	return 0;
		2021	}
		2022
		2023	void
		2024	format_absolute_time(uint64_t t, char *buf, size_t len)
		2025	{
		2026	time_t tt = t > INT_MAX ? INT_MAX : t; /* XXX revisit in 2038 :P */
		2027	struct tm tm;
		2028
		2029	localtime_r(&tt, &tm);
		2030	strftime(buf, len, "%Y-%m-%dT%H:%M:%S", &tm);
		2031	}