rpms/openssh
7
0
Fork 1
Code Issues Pull Requests Releases Activity
d18e1c1119
openssh/openssh-8.7p1-UTC-time-parse.patch
Dmitry Belyavskiy c5140cafa3 Allow specifying validity interval in UTC 
Resolves: rhbz#2115043
2023-06-14 11:15:41 +02:00

324 lines
11 KiB
Diff
Raw Blame History

diff --git a/misc.c b/misc.c
index a8e87430..f2135803 100644
--- a/misc.c
+++ b/misc.c
@@ -2399,15 +2399,26 @@ parse_absolute_time(const char *s, uint64_t *tp)
struct tm tm;
time_t tt;
char buf[32], *fmt;
+ const char *cp;
+ size_t l;
+ int is_utc = 0;
*tp = 0;
+ l = strlen(s);
+ if (l > 1 && strcasecmp(s + l - 1, "Z") == 0) {
+ is_utc = 1;
+ l--;
+ } else if (l > 3 && strcasecmp(s + l - 3, "UTC") == 0) {
+ is_utc = 1;
+ l -= 3;
+ }
/*
* POSIX strptime says "The application shall ensure that there
* is white-space or other non-alphanumeric characters between
* any two conversion specifications" so arrange things this way.
*/
- switch (strlen(s)) {
+ switch (l) {
case 8: /* YYYYMMDD */
fmt = "%Y-%m-%d";
snprintf(buf, sizeof(buf), "%.4s-%.2s-%.2s", s, s + 4, s + 6);
@@ -2427,10 +2438,15 @@ parse_absolute_time(const char *s, uint64_t *tp)
}
memset(&tm, 0, sizeof(tm));
- if (strptime(buf, fmt, &tm) == NULL)
- return SSH_ERR_INVALID_FORMAT;
- if ((tt = mktime(&tm)) < 0)
+ if ((cp = strptime(buf, fmt, &tm)) == NULL || *cp != '\0')
return SSH_ERR_INVALID_FORMAT;
+ if (is_utc) {
+ if ((tt = timegm(&tm)) < 0)
+ return SSH_ERR_INVALID_FORMAT;
+ } else {
+ if ((tt = mktime(&tm)) < 0)
+ return SSH_ERR_INVALID_FORMAT;
+ }
/* success */
*tp = (uint64_t)tt;
return 0;
diff --git a/regress/unittests/misc/test_convtime.c b/regress/unittests/misc/test_convtime.c
index ef6fd77d..4794dbd9 100644
--- a/regress/unittests/misc/test_convtime.c
+++ b/regress/unittests/misc/test_convtime.c
@@ -20,6 +20,7 @@
#include "log.h"
#include "misc.h"
+#include "ssherr.h"
void test_convtime(void);
@@ -27,6 +28,7 @@ void
test_convtime(void)
{
char buf[1024];
+ uint64_t t;
TEST_START("misc_convtime");
ASSERT_INT_EQ(convtime("0"), 0);
@@ -56,4 +58,64 @@ test_convtime(void)
ASSERT_INT_EQ(convtime("3550w5d3h14m8s"), -1);
#endif
TEST_DONE();
+
+ /* XXX timezones/DST make verification of this tricky */
+ /* XXX maybe setenv TZ and tzset() to make it unambiguous? */
+ TEST_START("misc_parse_absolute_time");
+ ASSERT_INT_EQ(parse_absolute_time("20000101", &t), 0);
+ ASSERT_INT_EQ(parse_absolute_time("200001011223", &t), 0);
+ ASSERT_INT_EQ(parse_absolute_time("20000101122345", &t), 0);
+
+ /* forced UTC TZ */
+ ASSERT_INT_EQ(parse_absolute_time("20000101Z", &t), 0);
+ ASSERT_U64_EQ(t, 946684800);
+ ASSERT_INT_EQ(parse_absolute_time("200001011223Z", &t), 0);
+ ASSERT_U64_EQ(t, 946729380);
+ ASSERT_INT_EQ(parse_absolute_time("20000101122345Z", &t), 0);
+ ASSERT_U64_EQ(t, 946729425);
+ ASSERT_INT_EQ(parse_absolute_time("20000101UTC", &t), 0);
+ ASSERT_U64_EQ(t, 946684800);
+ ASSERT_INT_EQ(parse_absolute_time("200001011223UTC", &t), 0);
+ ASSERT_U64_EQ(t, 946729380);
+ ASSERT_INT_EQ(parse_absolute_time("20000101122345UTC", &t), 0);
+ ASSERT_U64_EQ(t, 946729425);
+
+ /* Bad month */
+ ASSERT_INT_EQ(parse_absolute_time("20001301", &t),
+ SSH_ERR_INVALID_FORMAT);
+ ASSERT_INT_EQ(parse_absolute_time("20000001", &t),
+ SSH_ERR_INVALID_FORMAT);
+ /* Incomplete */
+ ASSERT_INT_EQ(parse_absolute_time("2", &t),
+ SSH_ERR_INVALID_FORMAT);
+ ASSERT_INT_EQ(parse_absolute_time("2000", &t),
+ SSH_ERR_INVALID_FORMAT);
+ ASSERT_INT_EQ(parse_absolute_time("20000", &t),
+ SSH_ERR_INVALID_FORMAT);
+ ASSERT_INT_EQ(parse_absolute_time("200001", &t),
+ SSH_ERR_INVALID_FORMAT);
+ ASSERT_INT_EQ(parse_absolute_time("2000010", &t),
+ SSH_ERR_INVALID_FORMAT);
+ ASSERT_INT_EQ(parse_absolute_time("200001010", &t),
+ SSH_ERR_INVALID_FORMAT);
+ /* Bad day, hour, minute, second */
+ ASSERT_INT_EQ(parse_absolute_time("20000199", &t),
+ SSH_ERR_INVALID_FORMAT);
+ ASSERT_INT_EQ(parse_absolute_time("200001019900", &t),
+ SSH_ERR_INVALID_FORMAT);
+ ASSERT_INT_EQ(parse_absolute_time("200001010099", &t),
+ SSH_ERR_INVALID_FORMAT);
+ ASSERT_INT_EQ(parse_absolute_time("20000101000099", &t),
+ SSH_ERR_INVALID_FORMAT);
+ /* Invalid TZ specifier */
+ ASSERT_INT_EQ(parse_absolute_time("20000101ZZ", &t),
+ SSH_ERR_INVALID_FORMAT);
+ ASSERT_INT_EQ(parse_absolute_time("20000101PDT", &t),
+ SSH_ERR_INVALID_FORMAT);
+ ASSERT_INT_EQ(parse_absolute_time("20000101U", &t),
+ SSH_ERR_INVALID_FORMAT);
+ ASSERT_INT_EQ(parse_absolute_time("20000101UTCUTC", &t),
+ SSH_ERR_INVALID_FORMAT);
+
+ TEST_DONE();
}
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 5f429813..6aeab1cb 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -511,8 +511,11 @@ Print the full public key to standard output after signature verification.
.It Cm verify-time Ns = Ns Ar timestamp
Specifies a time to use when validating signatures instead of the current
time.
-The time may be specified as a date in YYYYMMDD format or a time
-in YYYYMMDDHHMM[SS] format.
+The time may be specified as a date or time in the YYYYMMDD[Z] or
+in YYYYMMDDHHMM[SS][Z] formats.
+Dates and times will be interpreted in the current system time zone unless
+suffixed with a Z character, which causes them to be interpreted in the
+UTC time zone.
.El
.Pp
The
@@ -603,31 +606,67 @@ A validity interval may consist of a single time, indicating that the
certificate is valid beginning now and expiring at that time, or may consist
of two times separated by a colon to indicate an explicit time interval.
.Pp
-The start time may be specified as the string
+The start time may be specified as:
+.Bl -bullet -compact
+.It
+The string
.Dq always
-to indicate the certificate has no specified start time,
-a date in YYYYMMDD format, a time in YYYYMMDDHHMM[SS] format,
-a relative time (to the current time) consisting of a minus sign followed by
-an interval in the format described in the
+to indicate the certificate has no specified start time.
+.It
+A date or time in the system time zone formatted as YYYYMMDD or
+YYYYMMDDHHMM[SS].
+.It
+A date or time in the UTC time zone as YYYYMMDDZ or YYYYMMDDHHMM[SS]Z.
+.It
+A relative time before the current system time consisting of a minus sign
+followed by an interval in the format described in the
TIME FORMATS section of
.Xr sshd_config 5 .
+.It
+A raw seconds since epoch (Jan 1 1970 00:00:00 UTC) as a hexadecimal
+number beginning with
+.Dq 0x .
+.El
.Pp
-The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMM[SS] time,
-a relative time starting with a plus character or the string
+The end time may be specified similarly to the start time:
+.Bl -bullet -compact
+.It
+The string
.Dq forever
-to indicate that the certificate has no expiry date.
+to indicate the certificate has no specified end time.
+.It
+A date or time in the system time zone formatted as YYYYMMDD or
+YYYYMMDDHHMM[SS].
+.It
+A date or time in the UTC time zone as YYYYMMDDZ or YYYYMMDDHHMM[SS]Z.
+.It
+A relative time after the current system time consisting of a plus sign
+followed by an interval in the format described in the
+TIME FORMATS section of
+.Xr sshd_config 5 .
+.It
+A raw seconds since epoch (Jan 1 1970 00:00:00 UTC) as a hexadecimal
+number beginning with
+.Dq 0x .
+.El
.Pp
For example:
-.Dq +52w1d
-(valid from now to 52 weeks and one day from now),
-.Dq -4w:+4w
-(valid from four weeks ago to four weeks from now),
-.Dq 20100101123000:20110101123000
-(valid from 12:30 PM, January 1st, 2010 to 12:30 PM, January 1st, 2011),
-.Dq -1d:20110101
-(valid from yesterday to midnight, January 1st, 2011),
-.Dq -1m:forever
-(valid from one minute ago and never expiring).
+.Bl -tag -width Ds
+.It +52w1d
+Valid from now to 52 weeks and one day from now.
+.It -4w:+4w
+Valid from four weeks ago to four weeks from now.
+.It 20100101123000:20110101123000
+Valid from 12:30 PM, January 1st, 2010 to 12:30 PM, January 1st, 2011.
+.It 20100101123000Z:20110101123000Z
+Similar, but interpreted in the UTC time zone rather than the system time zone.
+.It -1d:20110101
+Valid from yesterday to midnight, January 1st, 2011.
+.It 0x1:0x2000000000
+Valid from roughly early 1970 to May 2033.
+.It -1m:forever
+Valid from one minute ago and never expiring.
+.El
.It Fl v
Verbose mode.
Causes
@@ -1206,7 +1245,10 @@ signature object and presented on the verification command-line must
match the specified list before the key will be considered acceptable.
.It Cm valid-after Ns = Ns "timestamp"
Indicates that the key is valid for use at or after the specified timestamp,
-which may be a date in YYYYMMDD format or a time in YYYYMMDDHHMM[SS] format.
+which may be a date or time in the YYYYMMDD[Z] or YYYYMMDDHHMM[SS][Z] formats.
+Dates and times will be interpreted in the current system time zone unless
+suffixed with a Z character, which causes them to be interpreted in the UTC
+time zone.
.It Cm valid-before Ns = Ns "timestamp"
Indicates that the key is valid for use at or before the specified timestamp.
.El
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 20b321cc..9b2beda0 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1916,6 +1916,21 @@ parse_relative_time(const char *s, time_t now)
return now + (u_int64_t)(secs * mul);
}
+static void
+parse_hex_u64(const char *s, uint64_t *up)
+{
+ char *ep;
+ unsigned long long ull;
+
+ errno = 0;
+ ull = strtoull(s, &ep, 16);
+ if (*s == '\0' || *ep != '\0')
+ fatal("Invalid certificate time: not a number");
+ if (errno == ERANGE && ull == ULONG_MAX)
+ fatal_fr(SSH_ERR_SYSTEM_ERROR, "Invalid certificate time");
+ *up = (uint64_t)ull;
+}
+
static void
parse_cert_times(char *timespec)
{
@@ -1938,8 +1953,8 @@ parse_cert_times(char *timespec)
/*
* from:to, where
- * from := [+-]timespec | YYYYMMDD | YYYYMMDDHHMMSS | "always"
- * to := [+-]timespec | YYYYMMDD | YYYYMMDDHHMMSS | "forever"
+ * from := [+-]timespec | YYYYMMDD | YYYYMMDDHHMMSS | 0x... | "always"
+ * to := [+-]timespec | YYYYMMDD | YYYYMMDDHHMMSS | 0x... | "forever"
*/
from = xstrdup(timespec);
to = strchr(from, ':');
@@ -1951,6 +1966,8 @@ parse_cert_times(char *timespec)
cert_valid_from = parse_relative_time(from, now);
else if (strcmp(from, "always") == 0)
cert_valid_from = 0;
+ else if (strncmp(from, "0x", 2) == 0)
+ parse_hex_u64(from, &cert_valid_from);
else if (parse_absolute_time(from, &cert_valid_from) != 0)
fatal("Invalid from time \"%s\"", from);
@@ -1958,6 +1975,8 @@ parse_cert_times(char *timespec)
cert_valid_to = parse_relative_time(to, now);
else if (strcmp(to, "forever") == 0)
cert_valid_to = ~(u_int64_t)0;
+ else if (strncmp(to, "0x", 2) == 0)
+ parse_hex_u64(to, &cert_valid_to);
else if (parse_absolute_time(to, &cert_valid_to) != 0)
fatal("Invalid to time \"%s\"", to);
diff --git a/sshd.8 b/sshd.8
index 2b50514e..8ccc5bc0 100644
--- a/sshd.8
+++ b/sshd.8
@@ -533,8 +533,9 @@ controlled via the
option.
.It Cm expiry-time="timespec"
Specifies a time after which the key will not be accepted.
-The time may be specified as a YYYYMMDD date or a YYYYMMDDHHMM[SS] time
-in the system time-zone.
+The time may be specified as a YYYYMMDD[Z] date or a YYYYMMDDHHMM[SS][Z] time.
+Dates and times will be interpreted in the system time zone unless suffixed
+by a Z character, in which case they will be interpreted in the UTC time zone.
.It Cm from="pattern-list"
Specifies that in addition to public key authentication, either the canonical
name of the remote host or its IP address must be present in the
Reference in New Issue View Git Blame Copy Permalink