[openssh-commits] [openssh] 04/04: upstream: expose allowed_signers options parsing code in header for

Thu Sep 5 14:57:34 AEST 2019

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit bab6feb01f9924758ca7129dba708298a53dde5f
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu Sep 5 04:55:32 2019 +0000

    upstream: expose allowed_signers options parsing code in header for
    
    fuzzing
    
    rename to make more consistent with philosophically-similar auth
    options parsing API.
    
    OpenBSD-Commit-ID: 0c67600ef04187f98e2912ca57b60c22a8025b7c
---
 sshsig.c | 18 +++++++++---------
 sshsig.h |  8 ++++++++
 2 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/sshsig.c b/sshsig.c
index ab9fe43b..bda57b30 100644
--- a/sshsig.c
+++ b/sshsig.c
@@ -605,16 +605,16 @@ sshsig_verify_fd(struct sshbuf *signature, int fd,
 	return r;
 }
 
-struct sigopts {
+struct sshsigopt {
 	int ca;
 	char *namespaces;
 };
 
-static struct sigopts *
-sigopts_parse(const char *opts, const char *path, u_long linenum,
+struct sshsigopt *
+sshsigopt_parse(const char *opts, const char *path, u_long linenum,
     const char **errstrp)
 {
-	struct sigopts *ret;
+	struct sshsigopt *ret;
 	int r;
 	const char *errstr = NULL;
 
@@ -662,8 +662,8 @@ sigopts_parse(const char *opts, const char *path, u_long linenum,
 	return NULL;
 }
 
-static void
-sigopts_free(struct sigopts *opts)
+void
+sshsigopt_free(struct sshsigopt *opts)
 {
 	if (opts == NULL)
 		return;
@@ -680,7 +680,7 @@ check_allowed_keys_line(const char *path, u_long linenum, char *line,
 	char *cp, *opts = NULL, *identities = NULL;
 	int r, found = 0;
 	const char *reason = NULL;
-	struct sigopts *sigopts = NULL;
+	struct sshsigopt *sigopts = NULL;
 
 	if ((found_key = sshkey_new(KEY_UNSPEC)) == NULL) {
 		error("%s: sshkey_new failed", __func__);
@@ -720,7 +720,7 @@ check_allowed_keys_line(const char *path, u_long linenum, char *line,
 		}
 	}
 	debug3("%s:%lu: options %s", path, linenum, opts == NULL ? "" : opts);
-	if ((sigopts = sigopts_parse(opts, path, linenum, &reason)) == NULL) {
+	if ((sigopts = sshsigopt_parse(opts, path, linenum, &reason)) == NULL) {
 		error("%s:%lu: bad options: %s", path, linenum, reason);
 		goto done;
 	}
@@ -756,7 +756,7 @@ check_allowed_keys_line(const char *path, u_long linenum, char *line,
 	}
  done:
 	sshkey_free(found_key);
-	sigopts_free(sigopts);
+	sshsigopt_free(sigopts);
 	return found ? 0 : SSH_ERR_KEY_NOT_FOUND;
 }
 
diff --git a/sshsig.h b/sshsig.h
index fc1d607b..e3eeb601 100644
--- a/sshsig.h
+++ b/sshsig.h
@@ -19,6 +19,7 @@
 
 struct sshbuf;
 struct sshkey;
+struct sshsigopt;
 
 typedef int sshsig_signer(struct sshkey *, u_char **, size_t *,
     const u_char *, size_t, const char *, u_int, void *);
@@ -81,4 +82,11 @@ int sshsig_dearmor(struct sshbuf *sig, struct sshbuf **out);
 int sshsig_check_allowed_keys(const char *path, const struct sshkey *sign_key,
     const char *principal, const char *ns);
 
+/* Parse zero or more allowed_keys signature options */
+struct sshsigopt *sshsigopt_parse(const char *opts,
+    const char *path, u_long linenum, const char **errstrp);
+
+/* Free signature options */
+void sshsigopt_free(struct sshsigopt *opts);
+
 #endif /* SSHSIG_H */

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
