1 files changed, 16 insertions, 30 deletions
diff --git a/auth-options.c b/auth-options.c
index 9ab1880d9..f1e3ddfdf 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.c,v 1.67 2015/05/01 03:20:54 djm Exp $ */
+/* $OpenBSD: auth-options.c,v 1.68 2015/07/03 03:43:18 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -605,35 +605,21 @@ auth_cert_options(struct sshkey *k, struct passwd *pw)
        char *cert_forced_command = NULL;
        int cert_source_address_done = 0;
-        if (sshkey_cert_is_legacy(k)) {
+        /* Separate options and extensions for v01 certs */
-                /* All options are in the one field for v00 certs */
+        if (parse_option_list(k->cert->critical, pw,
-                if (parse_option_list(k->cert->critical, pw,
+            OPTIONS_CRITICAL, 1, NULL, NULL, NULL, NULL, NULL,
-                    OPTIONS_CRITICAL|OPTIONS_EXTENSIONS, 1,
+            &cert_forced_command,
-                    &cert_no_port_forwarding_flag,
+            &cert_source_address_done) == -1)
-                    &cert_no_agent_forwarding_flag,
+                return -1;
-                    &cert_no_x11_forwarding_flag,
+        if (parse_option_list(k->cert->extensions, pw,
-                    &cert_no_pty_flag,
+            OPTIONS_EXTENSIONS, 0,
-                    &cert_no_user_rc,
+            &cert_no_port_forwarding_flag,
-                    &cert_forced_command,
+            &cert_no_agent_forwarding_flag,
-                    &cert_source_address_done) == -1)
+            &cert_no_x11_forwarding_flag,
-                        return -1;
+            &cert_no_pty_flag,
-        } else {
+            &cert_no_user_rc,
-                /* Separate options and extensions for v01 certs */
+            NULL, NULL) == -1)
-                if (parse_option_list(k->cert->critical, pw,
+                return -1;
-                    OPTIONS_CRITICAL, 1, NULL, NULL, NULL, NULL, NULL,
-                    &cert_forced_command,
-                    &cert_source_address_done) == -1)
-                        return -1;
-                if (parse_option_list(k->cert->extensions, pw,
-                    OPTIONS_EXTENSIONS, 0,
-                    &cert_no_port_forwarding_flag,
-                    &cert_no_agent_forwarding_flag,
-                    &cert_no_x11_forwarding_flag,
-                    &cert_no_pty_flag,
-                    &cert_no_user_rc,
-                    NULL, NULL) == -1)
-                        return -1;
-        }
        no_port_forwarding_flag |= cert_no_port_forwarding_flag;
        no_agent_forwarding_flag |= cert_no_agent_forwarding_flag;

diff --git a/auth-options.c b/auth-options.c index 9ab1880d9..f1e3ddfdf 100644 --- a/auth-options.c +++ b/auth-options.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: auth-options.c,v 1.67 2015/05/01 03:20:54 djm Exp $ */	1	/* $OpenBSD: auth-options.c,v 1.68 2015/07/03 03:43:18 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -605,35 +605,21 @@ auth_cert_options(struct sshkey k, struct passwd pw)
605	char *cert_forced_command = NULL;	605	char *cert_forced_command = NULL;
606	int cert_source_address_done = 0;	606	int cert_source_address_done = 0;
607		607
608	if (sshkey_cert_is_legacy(k)) {	608	/* Separate options and extensions for v01 certs */
609	/* All options are in the one field for v00 certs */	609	if (parse_option_list(k->cert->critical, pw,
610	if (parse_option_list(k->cert->critical, pw,	610	OPTIONS_CRITICAL, 1, NULL, NULL, NULL, NULL, NULL,
611	OPTIONS_CRITICAL\|OPTIONS_EXTENSIONS, 1,	611	&cert_forced_command,
612	&cert_no_port_forwarding_flag,	612	&cert_source_address_done) == -1)
613	&cert_no_agent_forwarding_flag,	613	return -1;
614	&cert_no_x11_forwarding_flag,	614	if (parse_option_list(k->cert->extensions, pw,
615	&cert_no_pty_flag,	615	OPTIONS_EXTENSIONS, 0,
616	&cert_no_user_rc,	616	&cert_no_port_forwarding_flag,
617	&cert_forced_command,	617	&cert_no_agent_forwarding_flag,
618	&cert_source_address_done) == -1)	618	&cert_no_x11_forwarding_flag,
619	return -1;	619	&cert_no_pty_flag,
620	} else {	620	&cert_no_user_rc,
621	/* Separate options and extensions for v01 certs */	621	NULL, NULL) == -1)
622	if (parse_option_list(k->cert->critical, pw,	622	return -1;
623	OPTIONS_CRITICAL, 1, NULL, NULL, NULL, NULL, NULL,
624	&cert_forced_command,
625	&cert_source_address_done) == -1)
626	return -1;
627	if (parse_option_list(k->cert->extensions, pw,
628	OPTIONS_EXTENSIONS, 0,
629	&cert_no_port_forwarding_flag,
630	&cert_no_agent_forwarding_flag,
631	&cert_no_x11_forwarding_flag,
632	&cert_no_pty_flag,
633	&cert_no_user_rc,
634	NULL, NULL) == -1)
635	return -1;
636	}
637		623
638	no_port_forwarding_flag \|= cert_no_port_forwarding_flag;	624	no_port_forwarding_flag \|= cert_no_port_forwarding_flag;
639	no_agent_forwarding_flag \|= cert_no_agent_forwarding_flag;	625	no_agent_forwarding_flag \|= cert_no_agent_forwarding_flag;