- djm@cvs.openbsd.org 2010/08/04 05:40:39

[PROTOCOL.certkeys ssh-keygen.c] tighten the rules for certificate encoding by requiring that options appear in lexical order and make our ssh-keygen comply. ok markus@
author: Damien Miller <djm@mindrot.org> 2010-08-05 13:03:51 +1000
committer: Damien Miller <djm@mindrot.org> 2010-08-05 13:03:51 +1000
commit: 1da638895916bc061ff6aca9f373d48a9776810b (patch)
tree: cb085a570b7fae045555c12b680c73506f333b03 /ssh-keygen.c
parent: 7fa96602e52f02e66897f98a1568cbd3a555192b (diff)
1 files changed, 7 insertions, 7 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 56bfee20d..4c60a659f 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.195 2010/07/16 04:45:30 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.196 2010/08/04 05:40:39 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1295,9 +1295,9 @@ static void
 prepare_options_buf(Buffer *c, int which)
 {
        buffer_clear(c);
-        if ((which & OPTIONS_EXTENSIONS) != 0 &&
+        if ((which & OPTIONS_CRITICAL) != 0 &&
-            (certflags_flags & CERTOPT_X_FWD) != 0)
+            certflags_command != NULL)
-                add_flag_option(c, "permit-X11-forwarding");
+                add_string_option(c, "force-command", certflags_command);
        if ((which & OPTIONS_EXTENSIONS) != 0 &&
            (certflags_flags & CERTOPT_AGENT_FWD) != 0)
                add_flag_option(c, "permit-agent-forwarding");
@@ -1310,9 +1310,9 @@ prepare_options_buf(Buffer *c, int which)
        if ((which & OPTIONS_EXTENSIONS) != 0 &&
            (certflags_flags & CERTOPT_USER_RC) != 0)
                add_flag_option(c, "permit-user-rc");
-        if ((which & OPTIONS_CRITICAL) != 0 &&
+        if ((which & OPTIONS_EXTENSIONS) != 0 &&
-            certflags_command != NULL)
+            (certflags_flags & CERTOPT_X_FWD) != 0)
-                add_string_option(c, "force-command", certflags_command);
+                add_flag_option(c, "permit-X11-forwarding");
        if ((which & OPTIONS_CRITICAL) != 0 &&
            certflags_src_addr != NULL)
                add_string_option(c, "source-address", certflags_src_addr);
author	Damien Miller <djm@mindrot.org>	2010-08-05 13:03:51 +1000
committer	Damien Miller <djm@mindrot.org>	2010-08-05 13:03:51 +1000
commit	1da638895916bc061ff6aca9f373d48a9776810b (patch)
tree	cb085a570b7fae045555c12b680c73506f333b03 /ssh-keygen.c
parent	7fa96602e52f02e66897f98a1568cbd3a555192b (diff)

diff --git a/ssh-keygen.c b/ssh-keygen.c index 56bfee20d..4c60a659f 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssh-keygen.c,v 1.195 2010/07/16 04:45:30 djm Exp $ */	1	/* $OpenBSD: ssh-keygen.c,v 1.196 2010/08/04 05:40:39 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1295,9 +1295,9 @@ static void
1295	prepare_options_buf(Buffer *c, int which)	1295	prepare_options_buf(Buffer *c, int which)
1296	{	1296	{
1297	buffer_clear(c);	1297	buffer_clear(c);
1298	if ((which & OPTIONS_EXTENSIONS) != 0 &&	1298	if ((which & OPTIONS_CRITICAL) != 0 &&
1299	(certflags_flags & CERTOPT_X_FWD) != 0)	1299	certflags_command != NULL)
1300	add_flag_option(c, "permit-X11-forwarding");	1300	add_string_option(c, "force-command", certflags_command);
1301	if ((which & OPTIONS_EXTENSIONS) != 0 &&	1301	if ((which & OPTIONS_EXTENSIONS) != 0 &&
1302	(certflags_flags & CERTOPT_AGENT_FWD) != 0)	1302	(certflags_flags & CERTOPT_AGENT_FWD) != 0)
1303	add_flag_option(c, "permit-agent-forwarding");	1303	add_flag_option(c, "permit-agent-forwarding");
@@ -1310,9 +1310,9 @@ prepare_options_buf(Buffer *c, int which)
1310	if ((which & OPTIONS_EXTENSIONS) != 0 &&	1310	if ((which & OPTIONS_EXTENSIONS) != 0 &&
1311	(certflags_flags & CERTOPT_USER_RC) != 0)	1311	(certflags_flags & CERTOPT_USER_RC) != 0)
1312	add_flag_option(c, "permit-user-rc");	1312	add_flag_option(c, "permit-user-rc");
1313	if ((which & OPTIONS_CRITICAL) != 0 &&	1313	if ((which & OPTIONS_EXTENSIONS) != 0 &&
1314	certflags_command != NULL)	1314	(certflags_flags & CERTOPT_X_FWD) != 0)
1315	add_string_option(c, "force-command", certflags_command);	1315	add_flag_option(c, "permit-X11-forwarding");
1316	if ((which & OPTIONS_CRITICAL) != 0 &&	1316	if ((which & OPTIONS_CRITICAL) != 0 &&
1317	certflags_src_addr != NULL)	1317	certflags_src_addr != NULL)
1318	add_string_option(c, "source-address", certflags_src_addr);	1318	add_string_option(c, "source-address", certflags_src_addr);