| version 1.89, 2019/09/13 04:36:43 |
version 1.90, 2019/11/25 00:54:23 |
|
|
| name, sshbuf_len(data)); |
name, sshbuf_len(data)); |
| found = 0; |
found = 0; |
| if ((which & OPTIONS_EXTENSIONS) != 0) { |
if ((which & OPTIONS_EXTENSIONS) != 0) { |
| if (strcmp(name, "permit-X11-forwarding") == 0) { |
if (strcmp(name, "no-touch-required") == 0) { |
| |
opts->no_require_user_presence = 1; |
| |
found = 1; |
| |
} else if (strcmp(name, "permit-X11-forwarding") == 0) { |
| opts->permit_x11_forwarding_flag = 1; |
opts->permit_x11_forwarding_flag = 1; |
| found = 1; |
found = 1; |
| } else if (strcmp(name, |
} else if (strcmp(name, |
|
|
| ret->permit_agent_forwarding_flag = r == 1; |
ret->permit_agent_forwarding_flag = r == 1; |
| } else if ((r = opt_flag("x11-forwarding", 1, &opts)) != -1) { |
} else if ((r = opt_flag("x11-forwarding", 1, &opts)) != -1) { |
| ret->permit_x11_forwarding_flag = r == 1; |
ret->permit_x11_forwarding_flag = r == 1; |
| |
} else if ((r = opt_flag("touch-required", 1, &opts)) != -1) { |
| |
ret->no_require_user_presence = r != 1; /* NB. flip */ |
| } else if ((r = opt_flag("pty", 1, &opts)) != -1) { |
} else if ((r = opt_flag("pty", 1, &opts)) != -1) { |
| ret->permit_pty_flag = r == 1; |
ret->permit_pty_flag = r == 1; |
| } else if ((r = opt_flag("user-rc", 1, &opts)) != -1) { |
} else if ((r = opt_flag("user-rc", 1, &opts)) != -1) { |
|
|
| goto alloc_fail; |
goto alloc_fail; |
| } |
} |
| |
|
| /* Flags are logical-AND (i.e. must be set in both for permission) */ |
#define OPTFLAG_AND(x) ret->x = (primary->x == 1) && (additional->x == 1) |
| #define OPTFLAG(x) ret->x = (primary->x == 1) && (additional->x == 1) |
/* Permissive flags are logical-AND (i.e. must be set in both) */ |
| OPTFLAG(permit_port_forwarding_flag); |
OPTFLAG_AND(permit_port_forwarding_flag); |
| OPTFLAG(permit_agent_forwarding_flag); |
OPTFLAG_AND(permit_agent_forwarding_flag); |
| OPTFLAG(permit_x11_forwarding_flag); |
OPTFLAG_AND(permit_x11_forwarding_flag); |
| OPTFLAG(permit_pty_flag); |
OPTFLAG_AND(permit_pty_flag); |
| OPTFLAG(permit_user_rc); |
OPTFLAG_AND(permit_user_rc); |
| #undef OPTFLAG |
OPTFLAG_AND(no_require_user_presence); |
| |
#undef OPTFLAG_AND |
| |
|
| /* Earliest expiry time should win */ |
/* Earliest expiry time should win */ |
| if (primary->valid_before != 0) |
if (primary->valid_before != 0) |
|
|
| OPTSCALAR(cert_authority); |
OPTSCALAR(cert_authority); |
| OPTSCALAR(force_tun_device); |
OPTSCALAR(force_tun_device); |
| OPTSCALAR(valid_before); |
OPTSCALAR(valid_before); |
| |
OPTSCALAR(no_require_user_presence); |
| #undef OPTSCALAR |
#undef OPTSCALAR |
| #define OPTSTRING(x) \ |
#define OPTSTRING(x) \ |
| do { \ |
do { \ |
|
|
| { |
{ |
| int r = SSH_ERR_INTERNAL_ERROR; |
int r = SSH_ERR_INTERNAL_ERROR; |
| |
|
| /* Flag and simple integer options */ |
/* Flag options */ |
| if ((r = sshbuf_put_u8(m, opts->permit_port_forwarding_flag)) != 0 || |
if ((r = sshbuf_put_u8(m, opts->permit_port_forwarding_flag)) != 0 || |
| (r = sshbuf_put_u8(m, opts->permit_agent_forwarding_flag)) != 0 || |
(r = sshbuf_put_u8(m, opts->permit_agent_forwarding_flag)) != 0 || |
| (r = sshbuf_put_u8(m, opts->permit_x11_forwarding_flag)) != 0 || |
(r = sshbuf_put_u8(m, opts->permit_x11_forwarding_flag)) != 0 || |
|
|
| (r = sshbuf_put_u8(m, opts->permit_user_rc)) != 0 || |
(r = sshbuf_put_u8(m, opts->permit_user_rc)) != 0 || |
| (r = sshbuf_put_u8(m, opts->restricted)) != 0 || |
(r = sshbuf_put_u8(m, opts->restricted)) != 0 || |
| (r = sshbuf_put_u8(m, opts->cert_authority)) != 0 || |
(r = sshbuf_put_u8(m, opts->cert_authority)) != 0 || |
| (r = sshbuf_put_u64(m, opts->valid_before)) != 0) |
(r = sshbuf_put_u8(m, opts->no_require_user_presence)) != 0) |
| return r; |
return r; |
| |
|
| |
/* Simple integer options */ |
| |
if ((r = sshbuf_put_u64(m, opts->valid_before)) != 0) |
| |
return r; |
| |
|
| /* tunnel number can be negative to indicate "unset" */ |
/* tunnel number can be negative to indicate "unset" */ |
| if ((r = sshbuf_put_u8(m, opts->force_tun_device == -1)) != 0 || |
if ((r = sshbuf_put_u8(m, opts->force_tun_device == -1)) != 0 || |
| (r = sshbuf_put_u32(m, (opts->force_tun_device < 0) ? |
(r = sshbuf_put_u32(m, (opts->force_tun_device < 0) ? |
|
|
| if ((opts = calloc(1, sizeof(*opts))) == NULL) |
if ((opts = calloc(1, sizeof(*opts))) == NULL) |
| return SSH_ERR_ALLOC_FAIL; |
return SSH_ERR_ALLOC_FAIL; |
| |
|
| |
/* Flag options */ |
| #define OPT_FLAG(x) \ |
#define OPT_FLAG(x) \ |
| do { \ |
do { \ |
| if ((r = sshbuf_get_u8(m, &f)) != 0) \ |
if ((r = sshbuf_get_u8(m, &f)) != 0) \ |
|
|
| OPT_FLAG(permit_user_rc); |
OPT_FLAG(permit_user_rc); |
| OPT_FLAG(restricted); |
OPT_FLAG(restricted); |
| OPT_FLAG(cert_authority); |
OPT_FLAG(cert_authority); |
| |
OPT_FLAG(no_require_user_presence); |
| #undef OPT_FLAG |
#undef OPT_FLAG |
| |
|
| |
/* Simple integer options */ |
| if ((r = sshbuf_get_u64(m, &opts->valid_before)) != 0) |
if ((r = sshbuf_get_u64(m, &opts->valid_before)) != 0) |
| goto out; |
goto out; |
| |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to auth-options.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh