version 1.299, 2017/03/10 04:26:06 |
version 1.300, 2017/04/29 04:12:25 |
|
|
char *certflags_command = NULL; |
char *certflags_command = NULL; |
char *certflags_src_addr = NULL; |
char *certflags_src_addr = NULL; |
|
|
|
/* Arbitrary extensions specified by user */ |
|
struct cert_userext { |
|
char *key; |
|
char *val; |
|
int crit; |
|
}; |
|
struct cert_userext *cert_userext; |
|
size_t ncert_userext; |
|
|
/* Conversion to/from various formats */ |
/* Conversion to/from various formats */ |
int convert_to = 0; |
int convert_to = 0; |
int convert_from = 0; |
int convert_from = 0; |
|
|
static void |
static void |
prepare_options_buf(struct sshbuf *c, int which) |
prepare_options_buf(struct sshbuf *c, int which) |
{ |
{ |
|
size_t i; |
|
|
sshbuf_reset(c); |
sshbuf_reset(c); |
if ((which & OPTIONS_CRITICAL) != 0 && |
if ((which & OPTIONS_CRITICAL) != 0 && |
certflags_command != NULL) |
certflags_command != NULL) |
|
|
if ((which & OPTIONS_CRITICAL) != 0 && |
if ((which & OPTIONS_CRITICAL) != 0 && |
certflags_src_addr != NULL) |
certflags_src_addr != NULL) |
add_string_option(c, "source-address", certflags_src_addr); |
add_string_option(c, "source-address", certflags_src_addr); |
|
for (i = 0; i < ncert_userext; i++) { |
|
if ((cert_userext[i].crit && (which & OPTIONS_EXTENSIONS)) || |
|
(!cert_userext[i].crit && (which & OPTIONS_CRITICAL))) |
|
continue; |
|
if (cert_userext[i].val == NULL) |
|
add_flag_option(c, cert_userext[i].key); |
|
else { |
|
add_string_option(c, cert_userext[i].key, |
|
cert_userext[i].val); |
|
} |
|
} |
} |
} |
|
|
static struct sshkey * |
static struct sshkey * |
|
|
static void |
static void |
add_cert_option(char *opt) |
add_cert_option(char *opt) |
{ |
{ |
char *val; |
char *val, *cp; |
|
int iscrit = 0; |
|
|
if (strcasecmp(opt, "clear") == 0) |
if (strcasecmp(opt, "clear") == 0) |
certflags_flags = 0; |
certflags_flags = 0; |
|
|
if (addr_match_cidr_list(NULL, val) != 0) |
if (addr_match_cidr_list(NULL, val) != 0) |
fatal("Invalid source-address list"); |
fatal("Invalid source-address list"); |
certflags_src_addr = xstrdup(val); |
certflags_src_addr = xstrdup(val); |
|
} else if (strncasecmp(opt, "extension:", 10) == 0 || |
|
(iscrit = (strncasecmp(opt, "critical:", 9) == 0))) { |
|
val = xstrdup(strchr(opt, ':') + 1); |
|
if ((cp = strchr(val, '=')) != NULL) |
|
*cp++ = '\0'; |
|
cert_userext = xreallocarray(cert_userext, ncert_userext + 1, |
|
sizeof(*cert_userext)); |
|
cert_userext[ncert_userext].key = val; |
|
cert_userext[ncert_userext].val = cp == NULL ? |
|
NULL : xstrdup(cp); |
|
cert_userext[ncert_userext].crit = iscrit; |
|
ncert_userext++; |
} else |
} else |
fatal("Unsupported certificate option \"%s\"", opt); |
fatal("Unsupported certificate option \"%s\"", opt); |
} |
} |