diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-09-05 04:55:32 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-09-05 14:56:51 +1000 |
commit | bab6feb01f9924758ca7129dba708298a53dde5f (patch) | |
tree | 5f9204d39f29dc9047a491401173847a6e7d8836 | |
parent | 4f9d75fbafde83d428e291516f8ce98e6b3a7c4b (diff) |
upstream: expose allowed_signers options parsing code in header for
fuzzing
rename to make more consistent with philosophically-similar auth
options parsing API.
OpenBSD-Commit-ID: 0c67600ef04187f98e2912ca57b60c22a8025b7c
-rw-r--r-- | sshsig.c | 18 | ||||
-rw-r--r-- | sshsig.h | 8 |
2 files changed, 17 insertions, 9 deletions
@@ -605,16 +605,16 @@ sshsig_verify_fd(struct sshbuf *signature, int fd, return r; } -struct sigopts { +struct sshsigopt { int ca; char *namespaces; }; -static struct sigopts * -sigopts_parse(const char *opts, const char *path, u_long linenum, +struct sshsigopt * +sshsigopt_parse(const char *opts, const char *path, u_long linenum, const char **errstrp) { - struct sigopts *ret; + struct sshsigopt *ret; int r; const char *errstr = NULL; @@ -662,8 +662,8 @@ sigopts_parse(const char *opts, const char *path, u_long linenum, return NULL; } -static void -sigopts_free(struct sigopts *opts) +void +sshsigopt_free(struct sshsigopt *opts) { if (opts == NULL) return; @@ -680,7 +680,7 @@ check_allowed_keys_line(const char *path, u_long linenum, char *line, char *cp, *opts = NULL, *identities = NULL; int r, found = 0; const char *reason = NULL; - struct sigopts *sigopts = NULL; + struct sshsigopt *sigopts = NULL; if ((found_key = sshkey_new(KEY_UNSPEC)) == NULL) { error("%s: sshkey_new failed", __func__); @@ -720,7 +720,7 @@ check_allowed_keys_line(const char *path, u_long linenum, char *line, } } debug3("%s:%lu: options %s", path, linenum, opts == NULL ? "" : opts); - if ((sigopts = sigopts_parse(opts, path, linenum, &reason)) == NULL) { + if ((sigopts = sshsigopt_parse(opts, path, linenum, &reason)) == NULL) { error("%s:%lu: bad options: %s", path, linenum, reason); goto done; } @@ -756,7 +756,7 @@ check_allowed_keys_line(const char *path, u_long linenum, char *line, } done: sshkey_free(found_key); - sigopts_free(sigopts); + sshsigopt_free(sigopts); return found ? 0 : SSH_ERR_KEY_NOT_FOUND; } @@ -19,6 +19,7 @@ struct sshbuf; struct sshkey; +struct sshsigopt; typedef int sshsig_signer(struct sshkey *, u_char **, size_t *, const u_char *, size_t, const char *, u_int, void *); @@ -81,4 +82,11 @@ int sshsig_dearmor(struct sshbuf *sig, struct sshbuf **out); int sshsig_check_allowed_keys(const char *path, const struct sshkey *sign_key, const char *principal, const char *ns); +/* Parse zero or more allowed_keys signature options */ +struct sshsigopt *sshsigopt_parse(const char *opts, + const char *path, u_long linenum, const char **errstrp); + +/* Free signature options */ +void sshsigopt_free(struct sshsigopt *opts); + #endif /* SSHSIG_H */ |