summaryrefslogtreecommitdiff
path: root/usr.bin/ssh
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2010-06-23 02:59:03 +0000
committerDamien Miller <djm@cvs.openbsd.org>2010-06-23 02:59:03 +0000
commitf7a3ca0727d1eb79523002500ee1e3d56c9ddd38 (patch)
treed54a6118d8b2a8ec35c730c31e29df7139bd5b43 /usr.bin/ssh
parent41b0f020938fe9813afbe8c61237f6e1e88e2fbe (diff)
fix printing of extensions in v01 certificates that I broke in r1.190
Diffstat (limited to 'usr.bin/ssh')
-rw-r--r--usr.bin/ssh/ssh-keygen.c96
1 files changed, 46 insertions, 50 deletions
diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c
index fedc67da2f1..548ec93189e 100644
--- a/usr.bin/ssh/ssh-keygen.c
+++ b/usr.bin/ssh/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.191 2010/06/22 04:32:06 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.192 2010/06/23 02:59:02 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1402,14 +1402,54 @@ add_cert_option(char *opt)
}
static void
+show_options(const Buffer *optbuf, int v00, int in_critical)
+{
+ u_char *name, *data;
+ u_int dlen;
+ Buffer options, option;
+
+ buffer_init(&options);
+ buffer_append(&options, buffer_ptr(optbuf), buffer_len(optbuf));
+
+ buffer_init(&option);
+ while (buffer_len(&options) != 0) {
+ name = buffer_get_string(&options, NULL);
+ data = buffer_get_string_ptr(&options, &dlen);
+ buffer_append(&option, data, dlen);
+ printf(" %s", name);
+ if ((v00 || !in_critical) &&
+ (strcmp(name, "permit-X11-forwarding") == 0 ||
+ strcmp(name, "permit-agent-forwarding") == 0 ||
+ strcmp(name, "permit-port-forwarding") == 0 ||
+ strcmp(name, "permit-pty") == 0 ||
+ strcmp(name, "permit-user-rc") == 0))
+ printf("\n");
+ else if ((v00 || in_critical) &&
+ (strcmp(name, "force-command") == 0 ||
+ strcmp(name, "source-address") == 0)) {
+ data = buffer_get_string(&option, NULL);
+ printf(" %s\n", data);
+ xfree(data);
+ } else {
+ printf(" UNKNOWN OPTION (len %u)\n",
+ buffer_len(&option));
+ buffer_clear(&option);
+ }
+ xfree(name);
+ if (buffer_len(&option) != 0)
+ fatal("Option corrupt: extra data at end");
+ }
+ buffer_free(&option);
+ buffer_free(&options);
+}
+
+static void
do_show_cert(struct passwd *pw)
{
Key *key;
struct stat st;
char *key_fp, *ca_fp;
- Buffer options, option;
- u_char *name, *data;
- u_int i, dlen, v00;
+ u_int i, v00;
if (!have_identity)
ask_filename(pw, "Enter file in which the key is");
@@ -1450,38 +1490,7 @@ do_show_cert(struct passwd *pw)
printf("(none)\n");
else {
printf("\n");
- buffer_init(&options);
- buffer_append(&options,
- buffer_ptr(&key->cert->critical),
- buffer_len(&key->cert->critical));
- buffer_init(&option);
- while (buffer_len(&options) != 0) {
- name = buffer_get_string(&options, NULL);
- data = buffer_get_string_ptr(&options, &dlen);
- buffer_append(&option, data, dlen);
- printf(" %s", name);
- if (strcmp(name, "permit-X11-forwarding") == 0 ||
- strcmp(name, "permit-agent-forwarding") == 0 ||
- strcmp(name, "permit-port-forwarding") == 0 ||
- strcmp(name, "permit-pty") == 0 ||
- strcmp(name, "permit-user-rc") == 0)
- printf("\n");
- else if (strcmp(name, "force-command") == 0 ||
- strcmp(name, "source-address") == 0) {
- data = buffer_get_string(&option, NULL);
- printf(" %s\n", data);
- xfree(data);
- } else {
- printf(" UNKNOWN OPTION (len %u)\n",
- buffer_len(&option));
- buffer_clear(&option);
- }
- xfree(name);
- if (buffer_len(&option) != 0)
- fatal("Option corrupt: extra data at end");
- }
- buffer_free(&option);
- buffer_free(&options);
+ show_options(&key->cert->critical, v00, 1);
}
if (!v00) {
printf(" Extensions: ");
@@ -1489,20 +1498,7 @@ do_show_cert(struct passwd *pw)
printf("(none)\n");
else {
printf("\n");
- buffer_init(&options);
- buffer_append(&options,
- buffer_ptr(&key->cert->extensions),
- buffer_len(&key->cert->extensions));
- buffer_init(&option);
- while (buffer_len(&options) != 0) {
- name = buffer_get_string(&options, NULL);
- (void)buffer_get_string_ptr(&options, &dlen);
- printf(" %s UNKNOWN OPTION "
- "(len %u)\n", name, dlen);
- xfree(name);
- }
- buffer_free(&option);
- buffer_free(&options);
+ show_options(&key->cert->extensions, v00, 0);
}
}
exit(0);