summaryrefslogtreecommitdiff
path: root/ssh-keygen.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssh-keygen.c')
-rw-r--r--ssh-keygen.c25
1 files changed, 17 insertions, 8 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 08dd7cb8a..16d196fc8 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keygen.c,v 1.370 2019/11/25 00:51:37 djm Exp $ */ 1/* $OpenBSD: ssh-keygen.c,v 1.371 2019/11/25 00:54:23 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -120,11 +120,12 @@ static u_int64_t cert_valid_from = 0;
120static u_int64_t cert_valid_to = ~0ULL; 120static u_int64_t cert_valid_to = ~0ULL;
121 121
122/* Certificate options */ 122/* Certificate options */
123#define CERTOPT_X_FWD (1) 123#define CERTOPT_X_FWD (1)
124#define CERTOPT_AGENT_FWD (1<<1) 124#define CERTOPT_AGENT_FWD (1<<1)
125#define CERTOPT_PORT_FWD (1<<2) 125#define CERTOPT_PORT_FWD (1<<2)
126#define CERTOPT_PTY (1<<3) 126#define CERTOPT_PTY (1<<3)
127#define CERTOPT_USER_RC (1<<4) 127#define CERTOPT_USER_RC (1<<4)
128#define CERTOPT_NO_REQUIRE_USER_PRESENCE (1<<5)
128#define CERTOPT_DEFAULT (CERTOPT_X_FWD|CERTOPT_AGENT_FWD| \ 129#define CERTOPT_DEFAULT (CERTOPT_X_FWD|CERTOPT_AGENT_FWD| \
129 CERTOPT_PORT_FWD|CERTOPT_PTY|CERTOPT_USER_RC) 130 CERTOPT_PORT_FWD|CERTOPT_PTY|CERTOPT_USER_RC)
130static u_int32_t certflags_flags = CERTOPT_DEFAULT; 131static u_int32_t certflags_flags = CERTOPT_DEFAULT;
@@ -1666,6 +1667,9 @@ prepare_options_buf(struct sshbuf *c, int which)
1666 (certflags_flags & CERTOPT_USER_RC) != 0) 1667 (certflags_flags & CERTOPT_USER_RC) != 0)
1667 add_flag_option(c, "permit-user-rc"); 1668 add_flag_option(c, "permit-user-rc");
1668 if ((which & OPTIONS_CRITICAL) != 0 && 1669 if ((which & OPTIONS_CRITICAL) != 0 &&
1670 (certflags_flags & CERTOPT_NO_REQUIRE_USER_PRESENCE) != 0)
1671 add_flag_option(c, "no-touch-required");
1672 if ((which & OPTIONS_CRITICAL) != 0 &&
1669 certflags_src_addr != NULL) 1673 certflags_src_addr != NULL)
1670 add_string_option(c, "source-address", certflags_src_addr); 1674 add_string_option(c, "source-address", certflags_src_addr);
1671 for (i = 0; i < ncert_userext; i++) { 1675 for (i = 0; i < ncert_userext; i++) {
@@ -1967,6 +1971,10 @@ add_cert_option(char *opt)
1967 certflags_flags &= ~CERTOPT_USER_RC; 1971 certflags_flags &= ~CERTOPT_USER_RC;
1968 else if (strcasecmp(opt, "permit-user-rc") == 0) 1972 else if (strcasecmp(opt, "permit-user-rc") == 0)
1969 certflags_flags |= CERTOPT_USER_RC; 1973 certflags_flags |= CERTOPT_USER_RC;
1974 else if (strcasecmp(opt, "touch-required") == 0)
1975 certflags_flags &= ~CERTOPT_NO_REQUIRE_USER_PRESENCE;
1976 else if (strcasecmp(opt, "no-touch-required") == 0)
1977 certflags_flags |= CERTOPT_NO_REQUIRE_USER_PRESENCE;
1970 else if (strncasecmp(opt, "force-command=", 14) == 0) { 1978 else if (strncasecmp(opt, "force-command=", 14) == 0) {
1971 val = opt + 14; 1979 val = opt + 14;
1972 if (*val == '\0') 1980 if (*val == '\0')
@@ -2020,9 +2028,10 @@ show_options(struct sshbuf *optbuf, int in_critical)
2020 strcmp(name, "permit-agent-forwarding") == 0 || 2028 strcmp(name, "permit-agent-forwarding") == 0 ||
2021 strcmp(name, "permit-port-forwarding") == 0 || 2029 strcmp(name, "permit-port-forwarding") == 0 ||
2022 strcmp(name, "permit-pty") == 0 || 2030 strcmp(name, "permit-pty") == 0 ||
2023 strcmp(name, "permit-user-rc") == 0)) 2031 strcmp(name, "permit-user-rc") == 0 ||
2032 strcmp(name, "no-touch-required") == 0)) {
2024 printf("\n"); 2033 printf("\n");
2025 else if (in_critical && 2034 } else if (in_critical &&
2026 (strcmp(name, "force-command") == 0 || 2035 (strcmp(name, "force-command") == 0 ||
2027 strcmp(name, "source-address") == 0)) { 2036 strcmp(name, "source-address") == 0)) {
2028 if ((r = sshbuf_get_cstring(option, &arg, NULL)) != 0) 2037 if ((r = sshbuf_get_cstring(option, &arg, NULL)) != 0)
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 12:27:56 +0000