Attachment #3611 for bug #3468

Lines 2299-2313 parse_absolute_time(const char s, uint64_t tp) Link Here

(-)a/misc.c (-4 / +20 lines)
2299	struct tm tm;	2299	struct tm tm;
2300	time_t tt;	2300	time_t tt;
2301	char buf[32], *fmt;	2301	char buf[32], *fmt;
		2302	const char *cp;
		2303	size_t l;
		2304	int is_utc = 0;
2302		2305
2303	*tp = 0;	2306	*tp = 0;
2304		2307
		2308	l = strlen(s);
		2309	if (l > 1 && strcasecmp(s + l - 1, "Z") == 0) {
		2310	is_utc = 1;
		2311	l--;
		2312	} else if (l > 3 && strcasecmp(s + l - 3, "UTC") == 0) {
		2313	is_utc = 1;
		2314	l -= 3;
		2315	}
2305	/*	2316	/*
2306	* POSIX strptime says "The application shall ensure that there	2317	* POSIX strptime says "The application shall ensure that there
2307	* is white-space or other non-alphanumeric characters between	2318	* is white-space or other non-alphanumeric characters between
2308	* any two conversion specifications" so arrange things this way.	2319	* any two conversion specifications" so arrange things this way.
2309	*/	2320	*/
2310	switch (strlen(s)) {	2321	switch (l) {
2311	case 8: /* YYYYMMDD */	2322	case 8: /* YYYYMMDD */
2312	fmt = "%Y-%m-%d";	2323	fmt = "%Y-%m-%d";
2313	snprintf(buf, sizeof(buf), "%.4s-%.2s-%.2s", s, s + 4, s + 6);	2324	snprintf(buf, sizeof(buf), "%.4s-%.2s-%.2s", s, s + 4, s + 6);
Lines 2327-2336 parse_absolute_time(const char s, uint64_t tp) Link Here
2327	}	2338	}
2328		2339
2329	memset(&tm, 0, sizeof(tm));	2340	memset(&tm, 0, sizeof(tm));
2330	if (strptime(buf, fmt, &tm) == NULL)	2341	if ((cp = strptime(buf, fmt, &tm)) == NULL \|\| *cp != '\0')
2331	return SSH_ERR_INVALID_FORMAT;
2332	if ((tt = mktime(&tm)) < 0)
2333	return SSH_ERR_INVALID_FORMAT;	2342	return SSH_ERR_INVALID_FORMAT;
		2343	if (is_utc) {
		2344	if ((tt = timegm(&tm)) < 0)
		2345	return SSH_ERR_INVALID_FORMAT;
		2346	} else {
		2347	if ((tt = mktime(&tm)) < 0)
		2348	return SSH_ERR_INVALID_FORMAT;
		2349	}
2334	/* success */	2350	/* success */
2335	*tp = (uint64_t)tt;	2351	*tp = (uint64_t)tt;
2336	return 0;	2352	return 0;

Lines 511-518 Print the full public key to standard output after signature verification. Link Here

(-)a/ssh-keygen.1 (-21 / +63 lines)
511	.It Cm verify-time Ns = Ns Ar timestamp	511	.It Cm verify-time Ns = Ns Ar timestamp
512	Specifies a time to use when validating signatures instead of the current	512	Specifies a time to use when validating signatures instead of the current
513	time.	513	time.
514	The time may be specified as a date in YYYYMMDD format or a time	514	The time may be specified as a date or time in the YYYYMMDD[Z] or
515	in YYYYMMDDHHMM[SS] format.	515	in YYYYMMDDHHMM[SS][Z] formats.
		516	Dates and times will be interpreted in the current system time zone unless
		517	suffixed with a Z character, which causes them to be interpreted in the
		518	UTC time zone.
516	.El	519	.El
517	.Pp	520	.Pp
518	The	521	The
Lines 603-633 A validity interval may consist of a single time, indicating that the Link Here
603	certificate is valid beginning now and expiring at that time, or may consist	606	certificate is valid beginning now and expiring at that time, or may consist
604	of two times separated by a colon to indicate an explicit time interval.	607	of two times separated by a colon to indicate an explicit time interval.
605	.Pp	608	.Pp
606	The start time may be specified as the string	609	The start time may be specified as:
		610	.Bl -bullet -compact
		611	.It
		612	The string
607	.Dq always	613	.Dq always
608	to indicate the certificate has no specified start time,	614	to indicate the certificate has no specified start time.
609	a date in YYYYMMDD format, a time in YYYYMMDDHHMM[SS] format,	615	.It
610	a relative time (to the current time) consisting of a minus sign followed by	616	A date or time in the system time zone formatted as YYYYMMDD or
611	an interval in the format described in the	617	YYYYMMDDHHMM[SS].
		618	.It
		619	A date or time in the UTC time zone as YYYYMMDDZ or YYYYMMDDHHMM[SS]Z.
		620	.It
		621	A relative time before the current system time consisting of a minus sign
		622	followed by an interval in the format described in the
612	TIME FORMATS section of	623	TIME FORMATS section of
613	.Xr sshd_config 5 .	624	.Xr sshd_config 5 .
		625	.It
		626	A raw seconds since epoch (Jan 1 1970 00:00:00 UTC) as a hexadecimal
		627	number beginning with
		628	.Dq 0x .
		629	.El
614	.Pp	630	.Pp
615	The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMM[SS] time,	631	The end time may be specified similarly to the start time:
616	a relative time starting with a plus character or the string	632	.Bl -bullet -compact
		633	.It
		634	The string
617	.Dq forever	635	.Dq forever
618	to indicate that the certificate has no expiry date.	636	to indicate the certificate has no specified end time.
		637	.It
		638	A date or time in the system time zone formatted as YYYYMMDD or
		639	YYYYMMDDHHMM[SS].
		640	.It
		641	A date or time in the UTC time zone as YYYYMMDDZ or YYYYMMDDHHMM[SS]Z.
		642	.It
		643	A relative time after the current system time consisting of a plus sign
		644	followed by an interval in the format described in the
		645	TIME FORMATS section of
		646	.Xr sshd_config 5 .
		647	.It
		648	A raw seconds since epoch (Jan 1 1970 00:00:00 UTC) as a hexadecimal
		649	number beginning with
		650	.Dq 0x .
		651	.El
619	.Pp	652	.Pp
620	For example:	653	For example:
621	.Dq +52w1d	654	.Bl -tag -width Ds
622	(valid from now to 52 weeks and one day from now),	655	.It +52w1d
623	.Dq -4w:+4w	656	Valid from now to 52 weeks and one day from now.
624	(valid from four weeks ago to four weeks from now),	657	.It -4w:+4w
625	.Dq 20100101123000:20110101123000	658	Valid from four weeks ago to four weeks from now.
626	(valid from 12:30 PM, January 1st, 2010 to 12:30 PM, January 1st, 2011),	659	.It 20100101123000:20110101123000
627	.Dq -1d:20110101	660	Valid from 12:30 PM, January 1st, 2010 to 12:30 PM, January 1st, 2011.
628	(valid from yesterday to midnight, January 1st, 2011),	661	.It 20100101123000Z:20110101123000Z
629	.Dq -1m:forever	662	Similar, but interpreted in the UTC time zone rather than the system time zone.
630	(valid from one minute ago and never expiring).	663	.It -1d:20110101
		664	Valid from yesterday to midnight, January 1st, 2011.
		665	.It 0x1:0x2000000000
		666	Valid from roughly early 1970 to May 2033.
		667	.It -1m:forever
		668	Valid from one minute ago and never expiring.
		669	.El
631	.It Fl v	670	.It Fl v
632	Verbose mode.	671	Verbose mode.
633	Causes	672	Causes
Lines 1206-1212 signature object and presented on the verification command-line must Link Here
1206	match the specified list before the key will be considered acceptable.	1245	match the specified list before the key will be considered acceptable.
1207	.It Cm valid-after Ns = Ns "timestamp"	1246	.It Cm valid-after Ns = Ns "timestamp"
1208	Indicates that the key is valid for use at or after the specified timestamp,	1247	Indicates that the key is valid for use at or after the specified timestamp,
1209	which may be a date in YYYYMMDD format or a time in YYYYMMDDHHMM[SS] format.	1248	which may be a date or time in the YYYYMMDD[Z] or YYYYMMDDHHMM[SS][Z] formats.
		1249	Dates and times will be interpreted in the current system time zone unless
		1250	suffixed with a Z character, which causes them to be interpreted in the UTC
		1251	time zone.
1210	.It Cm valid-before Ns = Ns "timestamp"	1252	.It Cm valid-before Ns = Ns "timestamp"
1211	Indicates that the key is valid for use at or before the specified timestamp.	1253	Indicates that the key is valid for use at or before the specified timestamp.
1212	.El	1254	.El




	return now + (u_int64_t)(secs * mul);
}

static void
parse_hex_u64(const char *s, uint64_t *up)
{
	char *ep;
	unsigned long long ull;

	errno = 0;
	ull = strtoull(s, &ep, 16);
	if (*s == '\0' || *ep != '\0')
		fatal("Invalid certificate time: not a number");
	if (errno == ERANGE && ull == ULONG_MAX)
		fatal_fr(SSH_ERR_SYSTEM_ERROR, "Invalid certificate time");
	*up = (uint64_t)ull;
}

static void
parse_cert_times(char *timespec)
{


	/*
	 * from:to, where
	 * from := [+-]timespec | YYYYMMDD | YYYYMMDDHHMMSS | 0x... | "always"
	 *   to := [+-]timespec | YYYYMMDD | YYYYMMDDHHMMSS | 0x... | "forever"
	 */
	from = xstrdup(timespec);
	to = strchr(from, ':');

		cert_valid_from = parse_relative_time(from, now);
	else if (strcmp(from, "always") == 0)
		cert_valid_from = 0;
	else if (strncmp(from, "0x", 2) == 0)
		parse_hex_u64(from, &cert_valid_from);
	else if (parse_absolute_time(from, &cert_valid_from) != 0)
		fatal("Invalid from time \"%s\"", from);


		cert_valid_to = parse_relative_time(to, now);
	else if (strcmp(to, "forever") == 0)
		cert_valid_to = ~(u_int64_t)0;
	else if (strncmp(from, "0x", 2) == 0)
		parse_hex_u64(from, &cert_valid_to);
	else if (parse_absolute_time(to, &cert_valid_to) != 0)
		fatal("Invalid to time \"%s\"", to);


Lines 506-513 controlled via the Link Here

(-)a/sshd.8 (-2 / +3 lines)
506	option.	506	option.
507	.It Cm expiry-time="timespec"	507	.It Cm expiry-time="timespec"
508	Specifies a time after which the key will not be accepted.	508	Specifies a time after which the key will not be accepted.
509	The time may be specified as a YYYYMMDD date or a YYYYMMDDHHMM[SS] time	509	The time may be specified as a YYYYMMDD[Z] date or a YYYYMMDDHHMM[SS][Z] time.
510	in the system time-zone.	510	Dates and times will be interpreted in the system time zone unless suffixed
		511	by a Z character, in which case they will be interpreted in the UTC time zone.
511	.It Cm from="pattern-list"	512	.It Cm from="pattern-list"
512	Specifies that in addition to public key authentication, either the canonical	513	Specifies that in addition to public key authentication, either the canonical
513	name of the remote host or its IP address must be present in the	514	name of the remote host or its IP address must be present in the

Return to bug 3468

Lines 1893-1898 parse_relative_time(const char *s, time_t now) Link Here

(-)a/ssh-keygen.c (-2 / +21 lines)
1893	return now + (u_int64_t)(secs * mul);	1893	return now + (u_int64_t)(secs * mul);
1894	}	1894	}
1895		1895
		1896	static void
		1897	parse_hex_u64(const char s, uint64_t up)
		1898	{
		1899	char *ep;
		1900	unsigned long long ull;
		1901
		1902	errno = 0;
		1903	ull = strtoull(s, &ep, 16);
		1904	if (s == '\0' \|\| ep != '\0')
		1905	fatal("Invalid certificate time: not a number");
		1906	if (errno == ERANGE && ull == ULONG_MAX)
		1907	fatal_fr(SSH_ERR_SYSTEM_ERROR, "Invalid certificate time");
		1908	*up = (uint64_t)ull;
		1909	}
		1910
1896	static void	1911	static void
1897	parse_cert_times(char *timespec)	1912	parse_cert_times(char *timespec)
1898	{	1913	{
Lines 1915-1922 parse_cert_times(char *timespec) Link Here
1915		1930
1916	/*	1931	/*
1917	* from:to, where	1932	* from:to, where
1918	* from := [+-]timespec \| YYYYMMDD \| YYYYMMDDHHMMSS \| "always"	1933	* from := [+-]timespec \| YYYYMMDD \| YYYYMMDDHHMMSS \| 0x... \| "always"
1919	* to := [+-]timespec \| YYYYMMDD \| YYYYMMDDHHMMSS \| "forever"	1934	* to := [+-]timespec \| YYYYMMDD \| YYYYMMDDHHMMSS \| 0x... \| "forever"
1920	*/	1935	*/
1921	from = xstrdup(timespec);	1936	from = xstrdup(timespec);
1922	to = strchr(from, ':');	1937	to = strchr(from, ':');
Lines 1928-1933 parse_cert_times(char *timespec) Link Here
1928	cert_valid_from = parse_relative_time(from, now);	1943	cert_valid_from = parse_relative_time(from, now);
1929	else if (strcmp(from, "always") == 0)	1944	else if (strcmp(from, "always") == 0)
1930	cert_valid_from = 0;	1945	cert_valid_from = 0;
		1946	else if (strncmp(from, "0x", 2) == 0)
		1947	parse_hex_u64(from, &cert_valid_from);
1931	else if (parse_absolute_time(from, &cert_valid_from) != 0)	1948	else if (parse_absolute_time(from, &cert_valid_from) != 0)
1932	fatal("Invalid from time \"%s\"", from);	1949	fatal("Invalid from time \"%s\"", from);
1933		1950
Lines 1935-1940 parse_cert_times(char *timespec) Link Here
1935	cert_valid_to = parse_relative_time(to, now);	1952	cert_valid_to = parse_relative_time(to, now);
1936	else if (strcmp(to, "forever") == 0)	1953	else if (strcmp(to, "forever") == 0)
1937	cert_valid_to = ~(u_int64_t)0;	1954	cert_valid_to = ~(u_int64_t)0;
		1955	else if (strncmp(from, "0x", 2) == 0)
		1956	parse_hex_u64(from, &cert_valid_to);
1938	else if (parse_absolute_time(to, &cert_valid_to) != 0)	1957	else if (parse_absolute_time(to, &cert_valid_to) != 0)
1939	fatal("Invalid to time \"%s\"", to);	1958	fatal("Invalid to time \"%s\"", to);
1940		1959