version 1.92, 2020/03/06 18:15:38 |
version 1.93, 2020/08/27 01:07:09 |
|
|
} |
} |
} |
} |
if (!found && (which & OPTIONS_CRITICAL) != 0) { |
if (!found && (which & OPTIONS_CRITICAL) != 0) { |
if (strcmp(name, "force-command") == 0) { |
if (strcmp(name, "verify-required") == 0) { |
|
opts->require_verify = 1; |
|
found = 1; |
|
} else if (strcmp(name, "force-command") == 0) { |
if ((r = sshbuf_get_cstring(data, &command, |
if ((r = sshbuf_get_cstring(data, &command, |
NULL)) != 0) { |
NULL)) != 0) { |
error("Unable to parse \"%s\" " |
error("Unable to parse \"%s\" " |
|
|
} |
} |
opts->force_command = command; |
opts->force_command = command; |
found = 1; |
found = 1; |
} |
} else if (strcmp(name, "source-address") == 0) { |
if (strcmp(name, "source-address") == 0) { |
|
if ((r = sshbuf_get_cstring(data, &allowed, |
if ((r = sshbuf_get_cstring(data, &allowed, |
NULL)) != 0) { |
NULL)) != 0) { |
error("Unable to parse \"%s\" " |
error("Unable to parse \"%s\" " |
|
|
ret->permit_x11_forwarding_flag = r == 1; |
ret->permit_x11_forwarding_flag = r == 1; |
} else if ((r = opt_flag("touch-required", 1, &opts)) != -1) { |
} else if ((r = opt_flag("touch-required", 1, &opts)) != -1) { |
ret->no_require_user_presence = r != 1; /* NB. flip */ |
ret->no_require_user_presence = r != 1; /* NB. flip */ |
|
} else if ((r = opt_flag("verify-required", 1, &opts)) != -1) { |
|
ret->require_verify = r == 1; |
} else if ((r = opt_flag("pty", 1, &opts)) != -1) { |
} else if ((r = opt_flag("pty", 1, &opts)) != -1) { |
ret->permit_pty_flag = r == 1; |
ret->permit_pty_flag = r == 1; |
} else if ((r = opt_flag("user-rc", 1, &opts)) != -1) { |
} else if ((r = opt_flag("user-rc", 1, &opts)) != -1) { |
|
|
} |
} |
|
|
#define OPTFLAG_AND(x) ret->x = (primary->x == 1) && (additional->x == 1) |
#define OPTFLAG_AND(x) ret->x = (primary->x == 1) && (additional->x == 1) |
|
#define OPTFLAG_OR(x) ret->x = (primary->x == 1) || (additional->x == 1) |
/* Permissive flags are logical-AND (i.e. must be set in both) */ |
/* Permissive flags are logical-AND (i.e. must be set in both) */ |
OPTFLAG_AND(permit_port_forwarding_flag); |
OPTFLAG_AND(permit_port_forwarding_flag); |
OPTFLAG_AND(permit_agent_forwarding_flag); |
OPTFLAG_AND(permit_agent_forwarding_flag); |
|
|
OPTFLAG_AND(permit_pty_flag); |
OPTFLAG_AND(permit_pty_flag); |
OPTFLAG_AND(permit_user_rc); |
OPTFLAG_AND(permit_user_rc); |
OPTFLAG_AND(no_require_user_presence); |
OPTFLAG_AND(no_require_user_presence); |
|
/* Restrictive flags are logical-OR (i.e. must be set in either) */ |
|
OPTFLAG_OR(require_verify); |
#undef OPTFLAG_AND |
#undef OPTFLAG_AND |
|
|
/* Earliest expiry time should win */ |
/* Earliest expiry time should win */ |
|
|
OPTSCALAR(force_tun_device); |
OPTSCALAR(force_tun_device); |
OPTSCALAR(valid_before); |
OPTSCALAR(valid_before); |
OPTSCALAR(no_require_user_presence); |
OPTSCALAR(no_require_user_presence); |
|
OPTSCALAR(require_verify); |
#undef OPTSCALAR |
#undef OPTSCALAR |
#define OPTSTRING(x) \ |
#define OPTSTRING(x) \ |
do { \ |
do { \ |
|
|
(r = sshbuf_put_u8(m, opts->permit_user_rc)) != 0 || |
(r = sshbuf_put_u8(m, opts->permit_user_rc)) != 0 || |
(r = sshbuf_put_u8(m, opts->restricted)) != 0 || |
(r = sshbuf_put_u8(m, opts->restricted)) != 0 || |
(r = sshbuf_put_u8(m, opts->cert_authority)) != 0 || |
(r = sshbuf_put_u8(m, opts->cert_authority)) != 0 || |
(r = sshbuf_put_u8(m, opts->no_require_user_presence)) != 0) |
(r = sshbuf_put_u8(m, opts->no_require_user_presence)) != 0 || |
|
(r = sshbuf_put_u8(m, opts->require_verify)) != 0) |
return r; |
return r; |
|
|
/* Simple integer options */ |
/* Simple integer options */ |
|
|
OPT_FLAG(restricted); |
OPT_FLAG(restricted); |
OPT_FLAG(cert_authority); |
OPT_FLAG(cert_authority); |
OPT_FLAG(no_require_user_presence); |
OPT_FLAG(no_require_user_presence); |
|
OPT_FLAG(require_verify); |
#undef OPT_FLAG |
#undef OPT_FLAG |
|
|
/* Simple integer options */ |
/* Simple integer options */ |