upstream/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-06-08 16:24:51 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

sshca: ensure atleast cert type is allowed (#2508)

Browse source
This commit is contained in:
Vishal Nayak 2017-03-19 18:58:48 -04:00 committed by GitHub
parent cf0fb2119f
commit 16d41a8b28
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
builtin/logical/ssh/path_roles.go
View file

@ -420,7 +420,6 @@ func (b *backend) pathRoleWrite(req *logical.Request, d *framework.FieldData) (*
}
func (b *backend) createCARole(allowedUsers, defaultUser string, data *framework.FieldData) (*sshRole, *logical.Response) {
role := &sshRole{
MaxTTL: data.Get("max_ttl").(string),
TTL: data.Get("ttl").(string),
@ -437,6 +436,10 @@ func (b *backend) createCARole(allowedUsers, defaultUser string, data *framework
KeyType: KeyTypeCA,
}
if !role.AllowUserCertificates && !role.AllowHostCertificates {
return nil, logical.ErrorResponse("Either 'allow_user_certificates' or 'allow_host_certificates' must be set to 'true'")
}
defaultCriticalOptions := convertMapToStringValue(data.Get("default_critical_options").(map[string]interface{}))
defaultExtensions := convertMapToStringValue(data.Get("default_extensions").(map[string]interface{}))