77 cert_option_list(struct sshauthopt *opts, struct sshbuf *oblob,  in cert_option_list()  argument
103 				opts->no_require_user_presence = 1;  in cert_option_list()
106 				opts->permit_x11_forwarding_flag = 1;  in cert_option_list()
110 				opts->permit_agent_forwarding_flag = 1;  in cert_option_list()
114 				opts->permit_port_forwarding_flag = 1;  in cert_option_list()
117 				opts->permit_pty_flag = 1;  in cert_option_list()
120 				opts->permit_user_rc = 1;  in cert_option_list()
126 				opts->require_verify = 1;  in cert_option_list()
135 				if (opts->force_command != NULL) {  in cert_option_list()
141 				opts->force_command = command;  in cert_option_list()
150 				if (opts->required_from_host_cert != NULL) {  in cert_option_list()
162 				opts->required_from_host_cert = allowed;  in cert_option_list()
206 sshauthopt_free(struct sshauthopt *opts)  in sshauthopt_free()  argument
210 	if (opts == NULL)  in sshauthopt_free()
213 	free(opts->cert_principals);  in sshauthopt_free()
214 	free(opts->force_command);  in sshauthopt_free()
215 	free(opts->required_from_host_cert);  in sshauthopt_free()
216 	free(opts->required_from_host_keys);  in sshauthopt_free()
218 	for (i = 0; i < opts->nenv; i++)  in sshauthopt_free()
219 		free(opts->env[i]);  in sshauthopt_free()
220 	free(opts->env);  in sshauthopt_free()
222 	for (i = 0; i < opts->npermitopen; i++)  in sshauthopt_free()
223 		free(opts->permitopen[i]);  in sshauthopt_free()
224 	free(opts->permitopen);  in sshauthopt_free()
226 	for (i = 0; i < opts->npermitlisten; i++)  in sshauthopt_free()
227 		free(opts->permitlisten[i]);  in sshauthopt_free()
228 	free(opts->permitlisten);  in sshauthopt_free()
230 	freezero(opts, sizeof(*opts));  in sshauthopt_free()
324 sshauthopt_parse(const char *opts, const char **errstrp)  in sshauthopt_parse()  argument
338 	if (opts == NULL)  in sshauthopt_parse()
341 	while (*opts && *opts != ' ' && *opts != '\t') {  in sshauthopt_parse()
343 		if ((r = opt_flag("restrict", 0, &opts)) != -1) {  in sshauthopt_parse()
350 		} else if ((r = opt_flag("cert-authority", 0, &opts)) != -1) {  in sshauthopt_parse()
352 		} else if ((r = opt_flag("port-forwarding", 1, &opts)) != -1) {  in sshauthopt_parse()
354 		} else if ((r = opt_flag("agent-forwarding", 1, &opts)) != -1) {  in sshauthopt_parse()
356 		} else if ((r = opt_flag("x11-forwarding", 1, &opts)) != -1) {  in sshauthopt_parse()
358 		} else if ((r = opt_flag("touch-required", 1, &opts)) != -1) {  in sshauthopt_parse()
360 		} else if ((r = opt_flag("verify-required", 1, &opts)) != -1) {  in sshauthopt_parse()
362 		} else if ((r = opt_flag("pty", 1, &opts)) != -1) {  in sshauthopt_parse()
364 		} else if ((r = opt_flag("user-rc", 1, &opts)) != -1) {  in sshauthopt_parse()
366 		} else if (opt_match(&opts, "command")) {  in sshauthopt_parse()
371 			ret->force_command = opt_dequote(&opts, &errstr);  in sshauthopt_parse()
374 		} else if (opt_match(&opts, "principals")) {  in sshauthopt_parse()
379 			ret->cert_principals = opt_dequote(&opts, &errstr);  in sshauthopt_parse()
382 		} else if (opt_match(&opts, "from")) {  in sshauthopt_parse()
387 			ret->required_from_host_keys = opt_dequote(&opts,  in sshauthopt_parse()
391 		} else if (opt_match(&opts, "expiry-time")) {  in sshauthopt_parse()
392 			if ((opt = opt_dequote(&opts, &errstr)) == NULL)  in sshauthopt_parse()
404 		} else if (opt_match(&opts, "environment")) {  in sshauthopt_parse()
409 			if ((opt = opt_dequote(&opts, &errstr)) == NULL)  in sshauthopt_parse()
452 		} else if (opt_match(&opts, "permitopen")) {  in sshauthopt_parse()
453 			if (handle_permit(&opts, 0, &ret->permitopen,  in sshauthopt_parse()
456 		} else if (opt_match(&opts, "permitlisten")) {  in sshauthopt_parse()
457 			if (handle_permit(&opts, 1, &ret->permitlisten,  in sshauthopt_parse()
460 		} else if (opt_match(&opts, "tunnel")) {  in sshauthopt_parse()
461 			if ((opt = opt_dequote(&opts, &errstr)) == NULL)  in sshauthopt_parse()
474 		if (*opts == '\0' || *opts == ' ' || *opts == '\t')  in sshauthopt_parse()
477 		if (*opts != ',') {  in sshauthopt_parse()
481 		opts++;  in sshauthopt_parse()
482 		if (*opts == '\0') {  in sshauthopt_parse()
798 sshauthopt_serialise(const struct sshauthopt *opts, struct sshbuf *m,  in sshauthopt_serialise()  argument
804 	if ((r = sshbuf_put_u8(m, opts->permit_port_forwarding_flag)) != 0 ||  in sshauthopt_serialise()
805 	    (r = sshbuf_put_u8(m, opts->permit_agent_forwarding_flag)) != 0 ||  in sshauthopt_serialise()
806 	    (r = sshbuf_put_u8(m, opts->permit_x11_forwarding_flag)) != 0 ||  in sshauthopt_serialise()
807 	    (r = sshbuf_put_u8(m, opts->permit_pty_flag)) != 0 ||  in sshauthopt_serialise()
808 	    (r = sshbuf_put_u8(m, opts->permit_user_rc)) != 0 ||  in sshauthopt_serialise()
809 	    (r = sshbuf_put_u8(m, opts->restricted)) != 0 ||  in sshauthopt_serialise()
810 	    (r = sshbuf_put_u8(m, opts->cert_authority)) != 0 ||  in sshauthopt_serialise()
811 	    (r = sshbuf_put_u8(m, opts->no_require_user_presence)) != 0 ||  in sshauthopt_serialise()
812 	    (r = sshbuf_put_u8(m, opts->require_verify)) != 0)  in sshauthopt_serialise()
816 	if ((r = sshbuf_put_u64(m, opts->valid_before)) != 0)  in sshauthopt_serialise()
820 	if ((r = sshbuf_put_u8(m, opts->force_tun_device == -1)) != 0 ||  in sshauthopt_serialise()
821 	    (r = sshbuf_put_u32(m, (opts->force_tun_device < 0) ?  in sshauthopt_serialise()
822 	    0 : (u_int)opts->force_tun_device)) != 0)  in sshauthopt_serialise()
827 	    untrusted ? "yes" : opts->cert_principals)) != 0 ||  in sshauthopt_serialise()
829 	    untrusted ? "true" : opts->force_command)) != 0 ||  in sshauthopt_serialise()
831 	    untrusted ? NULL : opts->required_from_host_cert)) != 0 ||  in sshauthopt_serialise()
833 	    untrusted ? NULL : opts->required_from_host_keys)) != 0)  in sshauthopt_serialise()
837 	if ((r = serialise_array(m, opts->env,  in sshauthopt_serialise()
838 	    untrusted ? 0 : opts->nenv)) != 0 ||  in sshauthopt_serialise()
839 	    (r = serialise_array(m, opts->permitopen,  in sshauthopt_serialise()
840 	    untrusted ? 0 : opts->npermitopen)) != 0 ||  in sshauthopt_serialise()
841 	    (r = serialise_array(m, opts->permitlisten,  in sshauthopt_serialise()
842 	    untrusted ? 0 : opts->npermitlisten)) != 0)  in sshauthopt_serialise()
852 	struct sshauthopt *opts = NULL;  in sshauthopt_deserialise()  local
857 	if ((opts = calloc(1, sizeof(*opts))) == NULL)  in sshauthopt_deserialise()
865 		opts->x = f; \  in sshauthopt_deserialise()
879 	if ((r = sshbuf_get_u64(m, &opts->valid_before)) != 0)  in sshauthopt_deserialise()
886 	opts->force_tun_device = f ? -1 : (int)tmp;  in sshauthopt_deserialise()
889 	if ((r = deserialise_nullable_string(m, &opts->cert_principals)) != 0 ||  in sshauthopt_deserialise()
890 	    (r = deserialise_nullable_string(m, &opts->force_command)) != 0 ||  in sshauthopt_deserialise()
892 	    &opts->required_from_host_cert)) != 0 ||  in sshauthopt_deserialise()
894 	    &opts->required_from_host_keys)) != 0)  in sshauthopt_deserialise()
898 	if ((r = deserialise_array(m, &opts->env, &opts->nenv)) != 0 ||  in sshauthopt_deserialise()
900 	    &opts->permitopen, &opts->npermitopen)) != 0 ||  in sshauthopt_deserialise()
902 	    &opts->permitlisten, &opts->npermitlisten)) != 0)  in sshauthopt_deserialise()
907 	*optsp = opts;  in sshauthopt_deserialise()
908 	opts = NULL;  in sshauthopt_deserialise()
910 	sshauthopt_free(opts);  in sshauthopt_deserialise()