| version 1.299, 2017/03/10 04:26:06 |
version 1.300, 2017/04/29 04:12:25 |
|
|
| char *certflags_command = NULL; |
char *certflags_command = NULL; |
| char *certflags_src_addr = NULL; |
char *certflags_src_addr = NULL; |
| |
|
| |
/* Arbitrary extensions specified by user */ |
| |
struct cert_userext { |
| |
char *key; |
| |
char *val; |
| |
int crit; |
| |
}; |
| |
struct cert_userext *cert_userext; |
| |
size_t ncert_userext; |
| |
|
| /* Conversion to/from various formats */ |
/* Conversion to/from various formats */ |
| int convert_to = 0; |
int convert_to = 0; |
| int convert_from = 0; |
int convert_from = 0; |
|
|
| static void |
static void |
| prepare_options_buf(struct sshbuf *c, int which) |
prepare_options_buf(struct sshbuf *c, int which) |
| { |
{ |
| |
size_t i; |
| |
|
| sshbuf_reset(c); |
sshbuf_reset(c); |
| if ((which & OPTIONS_CRITICAL) != 0 && |
if ((which & OPTIONS_CRITICAL) != 0 && |
| certflags_command != NULL) |
certflags_command != NULL) |
|
|
| if ((which & OPTIONS_CRITICAL) != 0 && |
if ((which & OPTIONS_CRITICAL) != 0 && |
| certflags_src_addr != NULL) |
certflags_src_addr != NULL) |
| add_string_option(c, "source-address", certflags_src_addr); |
add_string_option(c, "source-address", certflags_src_addr); |
| |
for (i = 0; i < ncert_userext; i++) { |
| |
if ((cert_userext[i].crit && (which & OPTIONS_EXTENSIONS)) || |
| |
(!cert_userext[i].crit && (which & OPTIONS_CRITICAL))) |
| |
continue; |
| |
if (cert_userext[i].val == NULL) |
| |
add_flag_option(c, cert_userext[i].key); |
| |
else { |
| |
add_string_option(c, cert_userext[i].key, |
| |
cert_userext[i].val); |
| |
} |
| |
} |
| } |
} |
| |
|
| static struct sshkey * |
static struct sshkey * |
|
|
| static void |
static void |
| add_cert_option(char *opt) |
add_cert_option(char *opt) |
| { |
{ |
| char *val; |
char *val, *cp; |
| |
int iscrit = 0; |
| |
|
| if (strcasecmp(opt, "clear") == 0) |
if (strcasecmp(opt, "clear") == 0) |
| certflags_flags = 0; |
certflags_flags = 0; |
|
|
| if (addr_match_cidr_list(NULL, val) != 0) |
if (addr_match_cidr_list(NULL, val) != 0) |
| fatal("Invalid source-address list"); |
fatal("Invalid source-address list"); |
| certflags_src_addr = xstrdup(val); |
certflags_src_addr = xstrdup(val); |
| |
} else if (strncasecmp(opt, "extension:", 10) == 0 || |
| |
(iscrit = (strncasecmp(opt, "critical:", 9) == 0))) { |
| |
val = xstrdup(strchr(opt, ':') + 1); |
| |
if ((cp = strchr(val, '=')) != NULL) |
| |
*cp++ = '\0'; |
| |
cert_userext = xreallocarray(cert_userext, ncert_userext + 1, |
| |
sizeof(*cert_userext)); |
| |
cert_userext[ncert_userext].key = val; |
| |
cert_userext[ncert_userext].val = cp == NULL ? |
| |
NULL : xstrdup(cp); |
| |
cert_userext[ncert_userext].crit = iscrit; |
| |
ncert_userext++; |
| } else |
} else |
| fatal("Unsupported certificate option \"%s\"", opt); |
fatal("Unsupported certificate option \"%s\"", opt); |
| } |
} |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-keygen.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh