Mercurial > dropbear
annotate svr-authpubkeyoptions.c @ 1857:6022df862942
Use DSCP for IP QoS traffic classes
The previous TOS values are deprecated and not used by modern traffic
classifiers. This sets AF21 for "interactive" traffic (with a tty).
Non-tty traffic sets AF11 - that indicates high throughput but is not
lowest priority (which would be CS1 or LE).
This differs from the CS1 used by OpenSSH, it lets interactive git over SSH
have higher priority than background least effort traffic. Dropbear's settings
here should be suitable with the diffservs used by CAKE qdisc.
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Tue, 25 Jan 2022 17:32:20 +0800 |
| parents | 587c76726b5f |
| children | d39cfedaf015 |
| rev | line source |
|---|---|
|
475
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 /* |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 * Dropbear - a SSH2 server |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
3 * |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
4 * Copyright (c) 2008 Frederic Moulins |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
5 * All rights reserved. |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
6 * |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
7 * Permission is hereby granted, free of charge, to any person obtaining a copy |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
8 * of this software and associated documentation files (the "Software"), to deal |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
9 * in the Software without restriction, including without limitation the rights |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
11 * copies of the Software, and to permit persons to whom the Software is |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
12 * furnished to do so, subject to the following conditions: |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
13 * |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
14 * The above copyright notice and this permission notice shall be included in |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
15 * all copies or substantial portions of the Software. |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 * |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
23 * SOFTWARE. |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
24 * |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
25 * This file incorporates work covered by the following copyright and |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
26 * permission notice: |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
27 * |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
28 * Author: Tatu Ylonen <[email protected]> |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
29 * Copyright (c) 1995 Tatu Ylonen <[email protected]>, Espoo, Finland |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
30 * All rights reserved |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
31 * As far as I am concerned, the code I have written for this software |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
32 * can be used freely for any purpose. Any derived versions of this |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
33 * software must be clearly marked as such, and if the derived work is |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
34 * incompatible with the protocol description in the RFC file, it must be |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
35 * called by a name other than "ssh" or "Secure Shell". |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
36 * |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
37 * This copyright and permission notice applies to the code parsing public keys |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
38 * options string which can also be found in OpenSSH auth-options.c file |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
39 * (auth_parse_options). |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
40 * |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
41 */ |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
42 |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
43 /* Process pubkey options during a pubkey auth request */ |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
44 #include "includes.h" |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
45 #include "session.h" |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
46 #include "dbutil.h" |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
47 #include "signkey.h" |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
48 #include "auth.h" |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
49 |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1145
diff
changeset
|
50 #if DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT |
|
475
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
51 |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
52 /* Returns 1 if pubkey allows agent forwarding, |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
53 * 0 otherwise */ |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
54 int svr_pubkey_allows_agentfwd() { |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
55 if (ses.authstate.pubkey_options |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
56 && ses.authstate.pubkey_options->no_agent_forwarding_flag) { |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
57 return 0; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
58 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
59 return 1; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
60 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
61 |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
62 /* Returns 1 if pubkey allows tcp forwarding, |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
63 * 0 otherwise */ |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
64 int svr_pubkey_allows_tcpfwd() { |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
65 if (ses.authstate.pubkey_options |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
66 && ses.authstate.pubkey_options->no_port_forwarding_flag) { |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
67 return 0; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
68 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
69 return 1; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
70 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
71 |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
72 /* Returns 1 if pubkey allows x11 forwarding, |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
73 * 0 otherwise */ |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
74 int svr_pubkey_allows_x11fwd() { |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
75 if (ses.authstate.pubkey_options |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
76 && ses.authstate.pubkey_options->no_x11_forwarding_flag) { |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
77 return 0; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
78 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
79 return 1; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
80 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
81 |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
82 /* Returns 1 if pubkey allows pty, 0 otherwise */ |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
83 int svr_pubkey_allows_pty() { |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
84 if (ses.authstate.pubkey_options |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
85 && ses.authstate.pubkey_options->no_pty_flag) { |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
86 return 0; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
87 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
88 return 1; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
89 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
90 |
|
566
b321aeb57c64
- set $SSH_ORIGINAL_COMMAND if a command is forced, and log it
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
91 /* Set chansession command to the one forced |
|
b321aeb57c64
- set $SSH_ORIGINAL_COMMAND if a command is forced, and log it
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
92 * by any 'command' public key option. */ |
|
475
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
93 void svr_pubkey_set_forced_command(struct ChanSess *chansess) { |
|
1145
5709b15a1b57
Fix segfault with restricted authorized_key files without forced command
Guilhem Moulin <guilhem@fripost.org>
parents:
1094
diff
changeset
|
94 if (ses.authstate.pubkey_options && ses.authstate.pubkey_options->forced_command) { |
|
1661
6a6a0bac52f4
Don't log authorized_keys command= every time
Matt Johnston <matt@ucc.asn.au>
parents:
1599
diff
changeset
|
95 TRACE(("Forced command '%s'", ses.authstate.pubkey_options->forced_command)) |
|
654
818108bf7749
- Fix use-after-free if multiple command requests were sent. Move
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
96 if (chansess->cmd) { |
|
818108bf7749
- Fix use-after-free if multiple command requests were sent. Move
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
97 /* original_command takes ownership */ |
|
818108bf7749
- Fix use-after-free if multiple command requests were sent. Move
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
98 chansess->original_command = chansess->cmd; |
| 1331 | 99 chansess->cmd = NULL; |
|
654
818108bf7749
- Fix use-after-free if multiple command requests were sent. Move
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
100 } else { |
|
818108bf7749
- Fix use-after-free if multiple command requests were sent. Move
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
101 chansess->original_command = m_strdup(""); |
|
566
b321aeb57c64
- set $SSH_ORIGINAL_COMMAND if a command is forced, and log it
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
102 } |
|
654
818108bf7749
- Fix use-after-free if multiple command requests were sent. Move
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
103 chansess->cmd = m_strdup(ses.authstate.pubkey_options->forced_command); |
|
1499
2d450c1056e3
options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents:
1342
diff
changeset
|
104 #if LOG_COMMANDS |
|
654
818108bf7749
- Fix use-after-free if multiple command requests were sent. Move
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
105 dropbear_log(LOG_INFO, "Command forced to '%s'", chansess->original_command); |
|
566
b321aeb57c64
- set $SSH_ORIGINAL_COMMAND if a command is forced, and log it
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
106 #endif |
|
b321aeb57c64
- set $SSH_ORIGINAL_COMMAND if a command is forced, and log it
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
107 } |
|
475
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
108 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
109 |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
110 /* Free potential public key options */ |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
111 void svr_pubkey_options_cleanup() { |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
112 if (ses.authstate.pubkey_options) { |
| 1331 | 113 if (ses.authstate.pubkey_options->forced_command) { |
| 114 m_free(ses.authstate.pubkey_options->forced_command); | |
| 115 } | |
|
475
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
116 m_free(ses.authstate.pubkey_options); |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
117 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
118 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
119 |
|
476
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
120 /* helper for svr_add_pubkey_options. returns DROPBEAR_SUCCESS if the option is matched, |
|
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
121 and increments the options_buf */ |
|
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
122 static int match_option(buffer *options_buf, const char *opt_name) { |
| 502 | 123 const unsigned int len = strlen(opt_name); |
|
476
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
124 if (options_buf->len - options_buf->pos < len) { |
|
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
125 return DROPBEAR_FAILURE; |
|
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
126 } |
|
1094
c45d65392c1a
Fix pointer differ in signess warnings [-Werror=pointer-sign]
Gaël PORTAY <gael.portay@gmail.com>
parents:
668
diff
changeset
|
127 if (strncasecmp((const char *) buf_getptr(options_buf, len), opt_name, len) == 0) { |
|
476
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
128 buf_incrpos(options_buf, len); |
|
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
129 return DROPBEAR_SUCCESS; |
|
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
130 } |
|
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
131 return DROPBEAR_FAILURE; |
|
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
132 } |
|
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
133 |
|
475
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
134 /* Parse pubkey options and set ses.authstate.pubkey_options accordingly. |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
135 * Returns DROPBEAR_SUCCESS if key is ok for auth, DROPBEAR_FAILURE otherwise */ |
|
476
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
136 int svr_add_pubkey_options(buffer *options_buf, int line_num, const char* filename) { |
|
475
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
137 int ret = DROPBEAR_FAILURE; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
138 |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
139 TRACE(("enter addpubkeyoptions")) |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
140 |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
141 ses.authstate.pubkey_options = (struct PubKeyOptions*)m_malloc(sizeof( struct PubKeyOptions )); |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
142 |
|
476
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
143 buf_setpos(options_buf, 0); |
|
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
144 while (options_buf->pos < options_buf->len) { |
|
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
145 if (match_option(options_buf, "no-port-forwarding") == DROPBEAR_SUCCESS) { |
|
475
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
146 dropbear_log(LOG_WARNING, "Port forwarding disabled."); |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
147 ses.authstate.pubkey_options->no_port_forwarding_flag = 1; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
148 goto next_option; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
149 } |
|
1732
2f5d797d9811
Don't choke on disabled authorized_keys(5) options
Guilhem Moulin <guilhem@debian.org>
parents:
1661
diff
changeset
|
150 if (match_option(options_buf, "no-agent-forwarding") == DROPBEAR_SUCCESS) { |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1145
diff
changeset
|
151 #if DROPBEAR_SVR_AGENTFWD |
|
475
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
152 dropbear_log(LOG_WARNING, "Agent forwarding disabled."); |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
153 ses.authstate.pubkey_options->no_agent_forwarding_flag = 1; |
|
1732
2f5d797d9811
Don't choke on disabled authorized_keys(5) options
Guilhem Moulin <guilhem@debian.org>
parents:
1661
diff
changeset
|
154 #endif |
|
475
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
155 goto next_option; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
156 } |
|
1732
2f5d797d9811
Don't choke on disabled authorized_keys(5) options
Guilhem Moulin <guilhem@debian.org>
parents:
1661
diff
changeset
|
157 if (match_option(options_buf, "no-X11-forwarding") == DROPBEAR_SUCCESS) { |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1145
diff
changeset
|
158 #if DROPBEAR_X11FWD |
|
475
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
159 dropbear_log(LOG_WARNING, "X11 forwarding disabled."); |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
160 ses.authstate.pubkey_options->no_x11_forwarding_flag = 1; |
|
1732
2f5d797d9811
Don't choke on disabled authorized_keys(5) options
Guilhem Moulin <guilhem@debian.org>
parents:
1661
diff
changeset
|
161 #endif |
|
475
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
162 goto next_option; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
163 } |
|
476
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
164 if (match_option(options_buf, "no-pty") == DROPBEAR_SUCCESS) { |
|
475
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
165 dropbear_log(LOG_WARNING, "Pty allocation disabled."); |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
166 ses.authstate.pubkey_options->no_pty_flag = 1; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
167 goto next_option; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
168 } |
|
1818
587c76726b5f
Add "restrict" authorized_keys option
Matt Johnston <matt@ucc.asn.au>
parents:
1732
diff
changeset
|
169 if (match_option(options_buf, "restrict") == DROPBEAR_SUCCESS) { |
|
587c76726b5f
Add "restrict" authorized_keys option
Matt Johnston <matt@ucc.asn.au>
parents:
1732
diff
changeset
|
170 dropbear_log(LOG_WARNING, "Restrict option set"); |
|
587c76726b5f
Add "restrict" authorized_keys option
Matt Johnston <matt@ucc.asn.au>
parents:
1732
diff
changeset
|
171 ses.authstate.pubkey_options->no_port_forwarding_flag = 1; |
|
587c76726b5f
Add "restrict" authorized_keys option
Matt Johnston <matt@ucc.asn.au>
parents:
1732
diff
changeset
|
172 #if DROPBEAR_SVR_AGENTFWD |
|
587c76726b5f
Add "restrict" authorized_keys option
Matt Johnston <matt@ucc.asn.au>
parents:
1732
diff
changeset
|
173 ses.authstate.pubkey_options->no_agent_forwarding_flag = 1; |
|
587c76726b5f
Add "restrict" authorized_keys option
Matt Johnston <matt@ucc.asn.au>
parents:
1732
diff
changeset
|
174 #endif |
|
587c76726b5f
Add "restrict" authorized_keys option
Matt Johnston <matt@ucc.asn.au>
parents:
1732
diff
changeset
|
175 #if DROPBEAR_X11FWD |
|
587c76726b5f
Add "restrict" authorized_keys option
Matt Johnston <matt@ucc.asn.au>
parents:
1732
diff
changeset
|
176 ses.authstate.pubkey_options->no_x11_forwarding_flag = 1; |
|
587c76726b5f
Add "restrict" authorized_keys option
Matt Johnston <matt@ucc.asn.au>
parents:
1732
diff
changeset
|
177 #endif |
|
587c76726b5f
Add "restrict" authorized_keys option
Matt Johnston <matt@ucc.asn.au>
parents:
1732
diff
changeset
|
178 ses.authstate.pubkey_options->no_pty_flag = 1; |
|
587c76726b5f
Add "restrict" authorized_keys option
Matt Johnston <matt@ucc.asn.au>
parents:
1732
diff
changeset
|
179 goto next_option; |
|
587c76726b5f
Add "restrict" authorized_keys option
Matt Johnston <matt@ucc.asn.au>
parents:
1732
diff
changeset
|
180 } |
|
476
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
181 if (match_option(options_buf, "command=\"") == DROPBEAR_SUCCESS) { |
|
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
182 int escaped = 0; |
|
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
183 const unsigned char* command_start = buf_getptr(options_buf, 0); |
|
1599
e37f98ea4f24
fix leak in option handling
Matt Johnston <matt@ucc.asn.au>
parents:
1598
diff
changeset
|
184 |
|
e37f98ea4f24
fix leak in option handling
Matt Johnston <matt@ucc.asn.au>
parents:
1598
diff
changeset
|
185 if (ses.authstate.pubkey_options->forced_command) { |
|
e37f98ea4f24
fix leak in option handling
Matt Johnston <matt@ucc.asn.au>
parents:
1598
diff
changeset
|
186 /* multiple command= options */ |
|
e37f98ea4f24
fix leak in option handling
Matt Johnston <matt@ucc.asn.au>
parents:
1598
diff
changeset
|
187 goto bad_option; |
|
e37f98ea4f24
fix leak in option handling
Matt Johnston <matt@ucc.asn.au>
parents:
1598
diff
changeset
|
188 } |
|
e37f98ea4f24
fix leak in option handling
Matt Johnston <matt@ucc.asn.au>
parents:
1598
diff
changeset
|
189 |
|
476
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
190 while (options_buf->pos < options_buf->len) { |
|
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
191 const char c = buf_getbyte(options_buf); |
|
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
192 if (!escaped && c == '"') { |
|
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
193 const int command_len = buf_getptr(options_buf, 0) - command_start; |
|
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
194 ses.authstate.pubkey_options->forced_command = m_malloc(command_len); |
|
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
195 memcpy(ses.authstate.pubkey_options->forced_command, |
|
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
196 command_start, command_len-1); |
|
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
197 ses.authstate.pubkey_options->forced_command[command_len-1] = '\0'; |
|
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
198 goto next_option; |
|
475
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
199 } |
|
476
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
200 escaped = (!escaped && c == '\\'); |
|
475
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
201 } |
|
476
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
202 dropbear_log(LOG_WARNING, "Badly formatted command= authorized_keys option"); |
|
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
203 goto bad_option; |
|
475
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
204 } |
|
476
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
205 |
|
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
206 next_option: |
|
475
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
207 /* |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
208 * Skip the comma, and move to the next option |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
209 * (or break out if there are no more). |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
210 */ |
|
476
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
211 if (options_buf->pos < options_buf->len |
|
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
212 && buf_getbyte(options_buf) != ',') { |
|
475
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
213 goto bad_option; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
214 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
215 /* Process the next option. */ |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
216 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
217 /* parsed all options with no problem */ |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
218 ret = DROPBEAR_SUCCESS; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
219 goto end; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
220 |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
221 bad_option: |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
222 ret = DROPBEAR_FAILURE; |
| 1331 | 223 svr_pubkey_options_cleanup(); |
|
476
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
224 dropbear_log(LOG_WARNING, "Bad public key options at %s:%d", filename, line_num); |
|
475
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
225 |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
226 end: |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
227 TRACE(("leave addpubkeyoptions")) |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
228 return ret; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
229 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
230 |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
231 #endif |