diff options
| author | dtucker@openbsd.org <dtucker@openbsd.org> | 2019-09-06 04:24:06 +0000 |
|---|---|---|
| committer | Darren Tucker <dtucker@dtucker.net> | 2019-09-06 14:37:23 +1000 |
| commit | 1268f0bcd8fc844ac6c27167888443c8350005eb (patch) | |
| tree | 7743a87eb6c2220ae0dab2f92f777a439cb52753 | |
| parent | fd7a2dec652b9efc8e97f03f118f935dce732c60 (diff) | |
upstream: Check for RSA support before using it for the user key,
otherwise use ed25519 which is supported when built without OpenSSL.
OpenBSD-Regress-ID: 3d23ddfe83c5062f00ac845d463f19a2ec78c0f7
| -rw-r--r-- | regress/principals-command.sh | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/regress/principals-command.sh b/regress/principals-command.sh index 197c00021..7d380325b 100644 --- a/regress/principals-command.sh +++ b/regress/principals-command.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: principals-command.sh,v 1.6 2018/11/22 08:48:32 dtucker Exp $ | 1 | # $OpenBSD: principals-command.sh,v 1.7 2019/09/06 04:24:06 dtucker Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="authorized principals command" | 4 | tid="authorized principals command" |
| @@ -12,12 +12,17 @@ if [ -z "$SUDO" -a ! -w /var/run ]; then | |||
| 12 | exit 0 | 12 | exit 0 |
| 13 | fi | 13 | fi |
| 14 | 14 | ||
| 15 | case "`${SSH} -Q key-plain`" in | ||
| 16 | *ssh-rsa*) userkeytype=rsa ;; | ||
| 17 | *) userkeytype=ed25519 ;; | ||
| 18 | esac | ||
| 19 | |||
| 15 | SERIAL=$$ | 20 | SERIAL=$$ |
| 16 | 21 | ||
| 17 | # Create a CA key and a user certificate. | 22 | # Create a CA key and a user certificate. |
| 18 | ${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_ca_key || \ | 23 | ${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_ca_key || \ |
| 19 | fatal "ssh-keygen of user_ca_key failed" | 24 | fatal "ssh-keygen of user_ca_key failed" |
| 20 | ${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/cert_user_key || \ | 25 | ${SSHKEYGEN} -q -N '' -t ${userkeytype} -f $OBJ/cert_user_key || \ |
| 21 | fatal "ssh-keygen of cert_user_key failed" | 26 | fatal "ssh-keygen of cert_user_key failed" |
| 22 | ${SSHKEYGEN} -q -s $OBJ/user_ca_key -I "Joanne User" \ | 27 | ${SSHKEYGEN} -q -s $OBJ/user_ca_key -I "Joanne User" \ |
| 23 | -z $$ -n ${USER},mekmitasdigoat $OBJ/cert_user_key || \ | 28 | -z $$ -n ${USER},mekmitasdigoat $OBJ/cert_user_key || \ |
| @@ -35,7 +40,7 @@ trap "$SUDO rm -f ${PRINCIPALS_COMMAND}" 0 | |||
| 35 | cat << _EOF | $SUDO sh -c "cat > '$PRINCIPALS_COMMAND'" | 40 | cat << _EOF | $SUDO sh -c "cat > '$PRINCIPALS_COMMAND'" |
| 36 | #!/bin/sh | 41 | #!/bin/sh |
| 37 | test "x\$1" != "x${LOGNAME}" && exit 1 | 42 | test "x\$1" != "x${LOGNAME}" && exit 1 |
| 38 | test "x\$2" != "xssh-rsa-cert-v01@openssh.com" && exit 1 | 43 | test "x\$2" != "xssh-${userkeytype}-cert-v01@openssh.com" && exit 1 |
| 39 | test "x\$3" != "xssh-ed25519" && exit 1 | 44 | test "x\$3" != "xssh-ed25519" && exit 1 |
| 40 | test "x\$4" != "xJoanne User" && exit 1 | 45 | test "x\$4" != "xJoanne User" && exit 1 |
| 41 | test "x\$5" != "x${SERIAL}" && exit 1 | 46 | test "x\$5" != "x${SERIAL}" && exit 1 |