version 1.89, 2019/09/13 04:36:43 |
version 1.90, 2019/11/25 00:54:23 |
|
|
name, sshbuf_len(data)); |
name, sshbuf_len(data)); |
found = 0; |
found = 0; |
if ((which & OPTIONS_EXTENSIONS) != 0) { |
if ((which & OPTIONS_EXTENSIONS) != 0) { |
if (strcmp(name, "permit-X11-forwarding") == 0) { |
if (strcmp(name, "no-touch-required") == 0) { |
|
opts->no_require_user_presence = 1; |
|
found = 1; |
|
} else if (strcmp(name, "permit-X11-forwarding") == 0) { |
opts->permit_x11_forwarding_flag = 1; |
opts->permit_x11_forwarding_flag = 1; |
found = 1; |
found = 1; |
} else if (strcmp(name, |
} else if (strcmp(name, |
|
|
ret->permit_agent_forwarding_flag = r == 1; |
ret->permit_agent_forwarding_flag = r == 1; |
} else if ((r = opt_flag("x11-forwarding", 1, &opts)) != -1) { |
} else if ((r = opt_flag("x11-forwarding", 1, &opts)) != -1) { |
ret->permit_x11_forwarding_flag = r == 1; |
ret->permit_x11_forwarding_flag = r == 1; |
|
} else if ((r = opt_flag("touch-required", 1, &opts)) != -1) { |
|
ret->no_require_user_presence = r != 1; /* NB. flip */ |
} else if ((r = opt_flag("pty", 1, &opts)) != -1) { |
} else if ((r = opt_flag("pty", 1, &opts)) != -1) { |
ret->permit_pty_flag = r == 1; |
ret->permit_pty_flag = r == 1; |
} else if ((r = opt_flag("user-rc", 1, &opts)) != -1) { |
} else if ((r = opt_flag("user-rc", 1, &opts)) != -1) { |
|
|
goto alloc_fail; |
goto alloc_fail; |
} |
} |
|
|
/* Flags are logical-AND (i.e. must be set in both for permission) */ |
#define OPTFLAG_AND(x) ret->x = (primary->x == 1) && (additional->x == 1) |
#define OPTFLAG(x) ret->x = (primary->x == 1) && (additional->x == 1) |
/* Permissive flags are logical-AND (i.e. must be set in both) */ |
OPTFLAG(permit_port_forwarding_flag); |
OPTFLAG_AND(permit_port_forwarding_flag); |
OPTFLAG(permit_agent_forwarding_flag); |
OPTFLAG_AND(permit_agent_forwarding_flag); |
OPTFLAG(permit_x11_forwarding_flag); |
OPTFLAG_AND(permit_x11_forwarding_flag); |
OPTFLAG(permit_pty_flag); |
OPTFLAG_AND(permit_pty_flag); |
OPTFLAG(permit_user_rc); |
OPTFLAG_AND(permit_user_rc); |
#undef OPTFLAG |
OPTFLAG_AND(no_require_user_presence); |
|
#undef OPTFLAG_AND |
|
|
/* Earliest expiry time should win */ |
/* Earliest expiry time should win */ |
if (primary->valid_before != 0) |
if (primary->valid_before != 0) |
|
|
OPTSCALAR(cert_authority); |
OPTSCALAR(cert_authority); |
OPTSCALAR(force_tun_device); |
OPTSCALAR(force_tun_device); |
OPTSCALAR(valid_before); |
OPTSCALAR(valid_before); |
|
OPTSCALAR(no_require_user_presence); |
#undef OPTSCALAR |
#undef OPTSCALAR |
#define OPTSTRING(x) \ |
#define OPTSTRING(x) \ |
do { \ |
do { \ |
|
|
{ |
{ |
int r = SSH_ERR_INTERNAL_ERROR; |
int r = SSH_ERR_INTERNAL_ERROR; |
|
|
/* Flag and simple integer options */ |
/* Flag options */ |
if ((r = sshbuf_put_u8(m, opts->permit_port_forwarding_flag)) != 0 || |
if ((r = sshbuf_put_u8(m, opts->permit_port_forwarding_flag)) != 0 || |
(r = sshbuf_put_u8(m, opts->permit_agent_forwarding_flag)) != 0 || |
(r = sshbuf_put_u8(m, opts->permit_agent_forwarding_flag)) != 0 || |
(r = sshbuf_put_u8(m, opts->permit_x11_forwarding_flag)) != 0 || |
(r = sshbuf_put_u8(m, opts->permit_x11_forwarding_flag)) != 0 || |
|
|
(r = sshbuf_put_u8(m, opts->permit_user_rc)) != 0 || |
(r = sshbuf_put_u8(m, opts->permit_user_rc)) != 0 || |
(r = sshbuf_put_u8(m, opts->restricted)) != 0 || |
(r = sshbuf_put_u8(m, opts->restricted)) != 0 || |
(r = sshbuf_put_u8(m, opts->cert_authority)) != 0 || |
(r = sshbuf_put_u8(m, opts->cert_authority)) != 0 || |
(r = sshbuf_put_u64(m, opts->valid_before)) != 0) |
(r = sshbuf_put_u8(m, opts->no_require_user_presence)) != 0) |
return r; |
return r; |
|
|
|
/* Simple integer options */ |
|
if ((r = sshbuf_put_u64(m, opts->valid_before)) != 0) |
|
return r; |
|
|
/* tunnel number can be negative to indicate "unset" */ |
/* tunnel number can be negative to indicate "unset" */ |
if ((r = sshbuf_put_u8(m, opts->force_tun_device == -1)) != 0 || |
if ((r = sshbuf_put_u8(m, opts->force_tun_device == -1)) != 0 || |
(r = sshbuf_put_u32(m, (opts->force_tun_device < 0) ? |
(r = sshbuf_put_u32(m, (opts->force_tun_device < 0) ? |
|
|
if ((opts = calloc(1, sizeof(*opts))) == NULL) |
if ((opts = calloc(1, sizeof(*opts))) == NULL) |
return SSH_ERR_ALLOC_FAIL; |
return SSH_ERR_ALLOC_FAIL; |
|
|
|
/* Flag options */ |
#define OPT_FLAG(x) \ |
#define OPT_FLAG(x) \ |
do { \ |
do { \ |
if ((r = sshbuf_get_u8(m, &f)) != 0) \ |
if ((r = sshbuf_get_u8(m, &f)) != 0) \ |
|
|
OPT_FLAG(permit_user_rc); |
OPT_FLAG(permit_user_rc); |
OPT_FLAG(restricted); |
OPT_FLAG(restricted); |
OPT_FLAG(cert_authority); |
OPT_FLAG(cert_authority); |
|
OPT_FLAG(no_require_user_presence); |
#undef OPT_FLAG |
#undef OPT_FLAG |
|
|
|
/* Simple integer options */ |
if ((r = sshbuf_get_u64(m, &opts->valid_before)) != 0) |
if ((r = sshbuf_get_u64(m, &opts->valid_before)) != 0) |
goto out; |
goto out; |
|
|