diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-01-23 04:16:22 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-01-23 15:33:04 +1100 |
commit | 851f80328931975fe68f71af363c4537cb896da2 (patch) | |
tree | 47d556b9a1f421d080a76999d9b0ab130ab2ae8a | |
parent | 2265402dc7d701a9aca9f8a7b7b0fd45b65c479f (diff) |
upstream: move a bunch of global flag variables to main(); make the
rest static
OpenBSD-Commit-ID: fa431d92584e81fe99f95882f4c56b43fe3242dc
-rw-r--r-- | ssh-keygen.c | 176 |
1 files changed, 82 insertions, 94 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index 6077bb20e..ffb92fd94 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keygen.c,v 1.324 2019/01/22 20:48:01 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.325 2019/01/23 04:16:22 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -71,75 +71,38 @@ | |||
71 | #define DEFAULT_BITS 2048 | 71 | #define DEFAULT_BITS 2048 |
72 | #define DEFAULT_BITS_DSA 1024 | 72 | #define DEFAULT_BITS_DSA 1024 |
73 | #define DEFAULT_BITS_ECDSA 256 | 73 | #define DEFAULT_BITS_ECDSA 256 |
74 | u_int32_t bits = 0; | ||
75 | 74 | ||
76 | /* | 75 | static int quiet = 0; |
77 | * Flag indicating that we just want to change the passphrase. This can be | ||
78 | * set on the command line. | ||
79 | */ | ||
80 | int change_passphrase = 0; | ||
81 | |||
82 | /* | ||
83 | * Flag indicating that we just want to change the comment. This can be set | ||
84 | * on the command line. | ||
85 | */ | ||
86 | int change_comment = 0; | ||
87 | |||
88 | int quiet = 0; | ||
89 | |||
90 | int log_level = SYSLOG_LEVEL_INFO; | ||
91 | |||
92 | /* Flag indicating that we want to hash a known_hosts file */ | ||
93 | int hash_hosts = 0; | ||
94 | /* Flag indicating that we want lookup a host in known_hosts file */ | ||
95 | int find_host = 0; | ||
96 | /* Flag indicating that we want to delete a host from a known_hosts file */ | ||
97 | int delete_host = 0; | ||
98 | |||
99 | /* Flag indicating that we want to show the contents of a certificate */ | ||
100 | int show_cert = 0; | ||
101 | 76 | ||
102 | /* Flag indicating that we just want to see the key fingerprint */ | 77 | /* Flag indicating that we just want to see the key fingerprint */ |
103 | int print_fingerprint = 0; | 78 | static int print_fingerprint = 0; |
104 | int print_bubblebabble = 0; | 79 | static int print_bubblebabble = 0; |
105 | 80 | ||
106 | /* Hash algorithm to use for fingerprints. */ | 81 | /* Hash algorithm to use for fingerprints. */ |
107 | int fingerprint_hash = SSH_FP_HASH_DEFAULT; | 82 | static int fingerprint_hash = SSH_FP_HASH_DEFAULT; |
108 | 83 | ||
109 | /* The identity file name, given on the command line or entered by the user. */ | 84 | /* The identity file name, given on the command line or entered by the user. */ |
110 | char identity_file[1024]; | 85 | static char identity_file[1024]; |
111 | int have_identity = 0; | 86 | static int have_identity = 0; |
112 | 87 | ||
113 | /* This is set to the passphrase if given on the command line. */ | 88 | /* This is set to the passphrase if given on the command line. */ |
114 | char *identity_passphrase = NULL; | 89 | static char *identity_passphrase = NULL; |
115 | 90 | ||
116 | /* This is set to the new passphrase if given on the command line. */ | 91 | /* This is set to the new passphrase if given on the command line. */ |
117 | char *identity_new_passphrase = NULL; | 92 | static char *identity_new_passphrase = NULL; |
118 | |||
119 | /* This is set to the new comment if given on the command line. */ | ||
120 | char *identity_comment = NULL; | ||
121 | |||
122 | /* Path to CA key when certifying keys. */ | ||
123 | char *ca_key_path = NULL; | ||
124 | |||
125 | /* Prefer to use agent keys for CA signing */ | ||
126 | int prefer_agent = 0; | ||
127 | |||
128 | /* Certificate serial number */ | ||
129 | unsigned long long cert_serial = 0; | ||
130 | 93 | ||
131 | /* Key type when certifying */ | 94 | /* Key type when certifying */ |
132 | u_int cert_key_type = SSH2_CERT_TYPE_USER; | 95 | static u_int cert_key_type = SSH2_CERT_TYPE_USER; |
133 | 96 | ||
134 | /* "key ID" of signed key */ | 97 | /* "key ID" of signed key */ |
135 | char *cert_key_id = NULL; | 98 | static char *cert_key_id = NULL; |
136 | 99 | ||
137 | /* Comma-separated list of principal names for certifying keys */ | 100 | /* Comma-separated list of principal names for certifying keys */ |
138 | char *cert_principals = NULL; | 101 | static char *cert_principals = NULL; |
139 | 102 | ||
140 | /* Validity period for certificates */ | 103 | /* Validity period for certificates */ |
141 | u_int64_t cert_valid_from = 0; | 104 | static u_int64_t cert_valid_from = 0; |
142 | u_int64_t cert_valid_to = ~0ULL; | 105 | static u_int64_t cert_valid_to = ~0ULL; |
143 | 106 | ||
144 | /* Certificate options */ | 107 | /* Certificate options */ |
145 | #define CERTOPT_X_FWD (1) | 108 | #define CERTOPT_X_FWD (1) |
@@ -149,9 +112,9 @@ u_int64_t cert_valid_to = ~0ULL; | |||
149 | #define CERTOPT_USER_RC (1<<4) | 112 | #define CERTOPT_USER_RC (1<<4) |
150 | #define CERTOPT_DEFAULT (CERTOPT_X_FWD|CERTOPT_AGENT_FWD| \ | 113 | #define CERTOPT_DEFAULT (CERTOPT_X_FWD|CERTOPT_AGENT_FWD| \ |
151 | CERTOPT_PORT_FWD|CERTOPT_PTY|CERTOPT_USER_RC) | 114 | CERTOPT_PORT_FWD|CERTOPT_PTY|CERTOPT_USER_RC) |
152 | u_int32_t certflags_flags = CERTOPT_DEFAULT; | 115 | static u_int32_t certflags_flags = CERTOPT_DEFAULT; |
153 | char *certflags_command = NULL; | 116 | static char *certflags_command = NULL; |
154 | char *certflags_src_addr = NULL; | 117 | static char *certflags_src_addr = NULL; |
155 | 118 | ||
156 | /* Arbitrary extensions specified by user */ | 119 | /* Arbitrary extensions specified by user */ |
157 | struct cert_userext { | 120 | struct cert_userext { |
@@ -159,41 +122,37 @@ struct cert_userext { | |||
159 | char *val; | 122 | char *val; |
160 | int crit; | 123 | int crit; |
161 | }; | 124 | }; |
162 | struct cert_userext *cert_userext; | 125 | static struct cert_userext *cert_userext; |
163 | size_t ncert_userext; | 126 | static size_t ncert_userext; |
164 | 127 | ||
165 | /* Conversion to/from various formats */ | 128 | /* Conversion to/from various formats */ |
166 | int convert_to = 0; | ||
167 | int convert_from = 0; | ||
168 | enum { | 129 | enum { |
169 | FMT_RFC4716, | 130 | FMT_RFC4716, |
170 | FMT_PKCS8, | 131 | FMT_PKCS8, |
171 | FMT_PEM | 132 | FMT_PEM |
172 | } convert_format = FMT_RFC4716; | 133 | } convert_format = FMT_RFC4716; |
173 | int print_public = 0; | ||
174 | int print_generic = 0; | ||
175 | 134 | ||
176 | char *key_type_name = NULL; | 135 | static char *key_type_name = NULL; |
177 | 136 | ||
178 | /* Load key from this PKCS#11 provider */ | 137 | /* Load key from this PKCS#11 provider */ |
179 | char *pkcs11provider = NULL; | 138 | static char *pkcs11provider = NULL; |
180 | 139 | ||
181 | /* Use new OpenSSH private key format when writing SSH2 keys instead of PEM */ | 140 | /* Use new OpenSSH private key format when writing SSH2 keys instead of PEM */ |
182 | int use_new_format = 1; | 141 | static int use_new_format = 1; |
183 | 142 | ||
184 | /* Cipher for new-format private keys */ | 143 | /* Cipher for new-format private keys */ |
185 | char *new_format_cipher = NULL; | 144 | static char *new_format_cipher = NULL; |
186 | 145 | ||
187 | /* | 146 | /* |
188 | * Number of KDF rounds to derive new format keys / | 147 | * Number of KDF rounds to derive new format keys / |
189 | * number of primality trials when screening moduli. | 148 | * number of primality trials when screening moduli. |
190 | */ | 149 | */ |
191 | int rounds = 0; | 150 | static int rounds = 0; |
192 | 151 | ||
193 | /* argv0 */ | 152 | /* argv0 */ |
194 | extern char *__progname; | 153 | extern char *__progname; |
195 | 154 | ||
196 | char hostname[NI_MAXHOST]; | 155 | static char hostname[NI_MAXHOST]; |
197 | 156 | ||
198 | #ifdef WITH_OPENSSL | 157 | #ifdef WITH_OPENSSL |
199 | /* moduli.c */ | 158 | /* moduli.c */ |
@@ -823,7 +782,7 @@ do_download(struct passwd *pw) | |||
823 | fatal("%s: sshkey_fingerprint fail", __func__); | 782 | fatal("%s: sshkey_fingerprint fail", __func__); |
824 | printf("%u %s %s (PKCS11 key)\n", sshkey_size(keys[i]), | 783 | printf("%u %s %s (PKCS11 key)\n", sshkey_size(keys[i]), |
825 | fp, sshkey_type(keys[i])); | 784 | fp, sshkey_type(keys[i])); |
826 | if (log_level >= SYSLOG_LEVEL_VERBOSE) | 785 | if (log_level_get() >= SYSLOG_LEVEL_VERBOSE) |
827 | printf("%s\n", ra); | 786 | printf("%s\n", ra); |
828 | free(ra); | 787 | free(ra); |
829 | free(fp); | 788 | free(fp); |
@@ -871,7 +830,7 @@ fingerprint_one_key(const struct sshkey *public, const char *comment) | |||
871 | fatal("%s: sshkey_fingerprint failed", __func__); | 830 | fatal("%s: sshkey_fingerprint failed", __func__); |
872 | mprintf("%u %s %s (%s)\n", sshkey_size(public), fp, | 831 | mprintf("%u %s %s (%s)\n", sshkey_size(public), fp, |
873 | comment ? comment : "no comment", sshkey_type(public)); | 832 | comment ? comment : "no comment", sshkey_type(public)); |
874 | if (log_level >= SYSLOG_LEVEL_VERBOSE) | 833 | if (log_level_get() >= SYSLOG_LEVEL_VERBOSE) |
875 | printf("%s\n", ra); | 834 | printf("%s\n", ra); |
876 | free(ra); | 835 | free(ra); |
877 | free(fp); | 836 | free(fp); |
@@ -1019,6 +978,7 @@ do_gen_all_hostkeys(struct passwd *pw) | |||
1019 | { NULL, NULL, NULL } | 978 | { NULL, NULL, NULL } |
1020 | }; | 979 | }; |
1021 | 980 | ||
981 | u_int bits = 0; | ||
1022 | int first = 0; | 982 | int first = 0; |
1023 | struct stat st; | 983 | struct stat st; |
1024 | struct sshkey *private, *public; | 984 | struct sshkey *private, *public; |
@@ -1142,6 +1102,9 @@ struct known_hosts_ctx { | |||
1142 | int has_unhashed; /* When hashing, original had unhashed hosts */ | 1102 | int has_unhashed; /* When hashing, original had unhashed hosts */ |
1143 | int found_key; /* For find/delete, host was found */ | 1103 | int found_key; /* For find/delete, host was found */ |
1144 | int invalid; /* File contained invalid items; don't delete */ | 1104 | int invalid; /* File contained invalid items; don't delete */ |
1105 | int hash_hosts; /* Hash hostnames as we go */ | ||
1106 | int find_host; /* Search for specific hostname */ | ||
1107 | int delete_host; /* Delete host from known_hosts */ | ||
1145 | }; | 1108 | }; |
1146 | 1109 | ||
1147 | static int | 1110 | static int |
@@ -1161,7 +1124,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx) | |||
1161 | */ | 1124 | */ |
1162 | if (was_hashed || has_wild || l->marker != MRK_NONE) { | 1125 | if (was_hashed || has_wild || l->marker != MRK_NONE) { |
1163 | fprintf(ctx->out, "%s\n", l->line); | 1126 | fprintf(ctx->out, "%s\n", l->line); |
1164 | if (has_wild && !find_host) { | 1127 | if (has_wild && !ctx->find_host) { |
1165 | logit("%s:%lu: ignoring host name " | 1128 | logit("%s:%lu: ignoring host name " |
1166 | "with wildcard: %.64s", l->path, | 1129 | "with wildcard: %.64s", l->path, |
1167 | l->linenum, l->hosts); | 1130 | l->linenum, l->hosts); |
@@ -1207,7 +1170,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx) | |||
1207 | rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT; | 1170 | rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT; |
1208 | 1171 | ||
1209 | if (l->status == HKF_STATUS_MATCHED) { | 1172 | if (l->status == HKF_STATUS_MATCHED) { |
1210 | if (delete_host) { | 1173 | if (ctx->delete_host) { |
1211 | if (l->marker != MRK_NONE) { | 1174 | if (l->marker != MRK_NONE) { |
1212 | /* Don't remove CA and revocation lines */ | 1175 | /* Don't remove CA and revocation lines */ |
1213 | fprintf(ctx->out, "%s\n", l->line); | 1176 | fprintf(ctx->out, "%s\n", l->line); |
@@ -1223,7 +1186,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx) | |||
1223 | ctx->host, l->linenum); | 1186 | ctx->host, l->linenum); |
1224 | } | 1187 | } |
1225 | return 0; | 1188 | return 0; |
1226 | } else if (find_host) { | 1189 | } else if (ctx->find_host) { |
1227 | ctx->found_key = 1; | 1190 | ctx->found_key = 1; |
1228 | if (!quiet) { | 1191 | if (!quiet) { |
1229 | printf("# Host %s found: line %lu %s\n", | 1192 | printf("# Host %s found: line %lu %s\n", |
@@ -1231,7 +1194,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx) | |||
1231 | l->linenum, l->marker == MRK_CA ? "CA" : | 1194 | l->linenum, l->marker == MRK_CA ? "CA" : |
1232 | (l->marker == MRK_REVOKE ? "REVOKED" : "")); | 1195 | (l->marker == MRK_REVOKE ? "REVOKED" : "")); |
1233 | } | 1196 | } |
1234 | if (hash_hosts) | 1197 | if (ctx->hash_hosts) |
1235 | known_hosts_hash(l, ctx); | 1198 | known_hosts_hash(l, ctx); |
1236 | else if (print_fingerprint) { | 1199 | else if (print_fingerprint) { |
1237 | fp = sshkey_fingerprint(l->key, fptype, rep); | 1200 | fp = sshkey_fingerprint(l->key, fptype, rep); |
@@ -1242,7 +1205,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx) | |||
1242 | fprintf(ctx->out, "%s\n", l->line); | 1205 | fprintf(ctx->out, "%s\n", l->line); |
1243 | return 0; | 1206 | return 0; |
1244 | } | 1207 | } |
1245 | } else if (delete_host) { | 1208 | } else if (ctx->delete_host) { |
1246 | /* Retain non-matching hosts when deleting */ | 1209 | /* Retain non-matching hosts when deleting */ |
1247 | if (l->status == HKF_STATUS_INVALID) { | 1210 | if (l->status == HKF_STATUS_INVALID) { |
1248 | ctx->invalid = 1; | 1211 | ctx->invalid = 1; |
@@ -1254,7 +1217,8 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx) | |||
1254 | } | 1217 | } |
1255 | 1218 | ||
1256 | static void | 1219 | static void |
1257 | do_known_hosts(struct passwd *pw, const char *name) | 1220 | do_known_hosts(struct passwd *pw, const char *name, int find_host, |
1221 | int delete_host, int hash_hosts) | ||
1258 | { | 1222 | { |
1259 | char *cp, tmp[PATH_MAX], old[PATH_MAX]; | 1223 | char *cp, tmp[PATH_MAX], old[PATH_MAX]; |
1260 | int r, fd, oerrno, inplace = 0; | 1224 | int r, fd, oerrno, inplace = 0; |
@@ -1273,6 +1237,9 @@ do_known_hosts(struct passwd *pw, const char *name) | |||
1273 | memset(&ctx, 0, sizeof(ctx)); | 1237 | memset(&ctx, 0, sizeof(ctx)); |
1274 | ctx.out = stdout; | 1238 | ctx.out = stdout; |
1275 | ctx.host = name; | 1239 | ctx.host = name; |
1240 | ctx.hash_hosts = hash_hosts; | ||
1241 | ctx.find_host = find_host; | ||
1242 | ctx.delete_host = delete_host; | ||
1276 | 1243 | ||
1277 | /* | 1244 | /* |
1278 | * Find hosts goes to stdout, hash and deletions happen in-place | 1245 | * Find hosts goes to stdout, hash and deletions happen in-place |
@@ -1437,7 +1404,8 @@ do_change_passphrase(struct passwd *pw) | |||
1437 | * Print the SSHFP RR. | 1404 | * Print the SSHFP RR. |
1438 | */ | 1405 | */ |
1439 | static int | 1406 | static int |
1440 | do_print_resource_record(struct passwd *pw, char *fname, char *hname) | 1407 | do_print_resource_record(struct passwd *pw, char *fname, char *hname, |
1408 | int print_generic) | ||
1441 | { | 1409 | { |
1442 | struct sshkey *public; | 1410 | struct sshkey *public; |
1443 | char *comment = NULL; | 1411 | char *comment = NULL; |
@@ -1464,7 +1432,7 @@ do_print_resource_record(struct passwd *pw, char *fname, char *hname) | |||
1464 | * Change the comment of a private key file. | 1432 | * Change the comment of a private key file. |
1465 | */ | 1433 | */ |
1466 | static void | 1434 | static void |
1467 | do_change_comment(struct passwd *pw) | 1435 | do_change_comment(struct passwd *pw, const char *identity_comment) |
1468 | { | 1436 | { |
1469 | char new_comment[1024], *comment, *passphrase; | 1437 | char new_comment[1024], *comment, *passphrase; |
1470 | struct sshkey *private; | 1438 | struct sshkey *private; |
@@ -1676,7 +1644,8 @@ agent_signer(const struct sshkey *key, u_char **sigp, size_t *lenp, | |||
1676 | } | 1644 | } |
1677 | 1645 | ||
1678 | static void | 1646 | static void |
1679 | do_ca_sign(struct passwd *pw, int argc, char **argv) | 1647 | do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent, |
1648 | unsigned long long cert_serial, int argc, char **argv) | ||
1680 | { | 1649 | { |
1681 | int r, i, fd, found, agent_fd = -1; | 1650 | int r, i, fd, found, agent_fd = -1; |
1682 | u_int n; | 1651 | u_int n; |
@@ -2302,7 +2271,9 @@ update_krl_from_file(struct passwd *pw, const char *file, int wild_ca, | |||
2302 | } | 2271 | } |
2303 | 2272 | ||
2304 | static void | 2273 | static void |
2305 | do_gen_krl(struct passwd *pw, int updating, int argc, char **argv) | 2274 | do_gen_krl(struct passwd *pw, int updating, const char *ca_key_path, |
2275 | unsigned long long krl_version, const char *krl_comment, | ||
2276 | int argc, char **argv) | ||
2306 | { | 2277 | { |
2307 | struct ssh_krl *krl; | 2278 | struct ssh_krl *krl; |
2308 | struct stat sb; | 2279 | struct stat sb; |
@@ -2337,10 +2308,10 @@ do_gen_krl(struct passwd *pw, int updating, int argc, char **argv) | |||
2337 | else if ((krl = ssh_krl_init()) == NULL) | 2308 | else if ((krl = ssh_krl_init()) == NULL) |
2338 | fatal("couldn't create KRL"); | 2309 | fatal("couldn't create KRL"); |
2339 | 2310 | ||
2340 | if (cert_serial != 0) | 2311 | if (krl_version != 0) |
2341 | ssh_krl_set_version(krl, cert_serial); | 2312 | ssh_krl_set_version(krl, krl_version); |
2342 | if (identity_comment != NULL) | 2313 | if (krl_comment != NULL) |
2343 | ssh_krl_set_comment(krl, identity_comment); | 2314 | ssh_krl_set_comment(krl, krl_comment); |
2344 | 2315 | ||
2345 | for (i = 0; i < argc; i++) | 2316 | for (i = 0; i < argc; i++) |
2346 | update_krl_from_file(pw, argv[i], wild_ca, ca, krl); | 2317 | update_krl_from_file(pw, argv[i], wild_ca, ca, krl); |
@@ -2439,9 +2410,17 @@ main(int argc, char **argv) | |||
2439 | struct passwd *pw; | 2410 | struct passwd *pw; |
2440 | struct stat st; | 2411 | struct stat st; |
2441 | int r, opt, type, fd; | 2412 | int r, opt, type, fd; |
2413 | int change_passphrase = 0, change_comment = 0, show_cert = 0; | ||
2414 | int find_host = 0, delete_host = 0, hash_hosts = 0; | ||
2442 | int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0; | 2415 | int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0; |
2416 | int prefer_agent = 0, convert_to = 0, convert_from = 0; | ||
2417 | int print_public = 0, print_generic = 0; | ||
2418 | unsigned long long cert_serial = 0; | ||
2419 | char *identity_comment = NULL, *ca_key_path = NULL; | ||
2420 | u_int bits = 0; | ||
2443 | FILE *f; | 2421 | FILE *f; |
2444 | const char *errstr; | 2422 | const char *errstr; |
2423 | int log_level = SYSLOG_LEVEL_INFO; | ||
2445 | #ifdef WITH_OPENSSL | 2424 | #ifdef WITH_OPENSSL |
2446 | /* Moduli generation/screening */ | 2425 | /* Moduli generation/screening */ |
2447 | char out_file[PATH_MAX], *checkpoint = NULL; | 2426 | char out_file[PATH_MAX], *checkpoint = NULL; |
@@ -2710,7 +2689,8 @@ main(int argc, char **argv) | |||
2710 | usage(); | 2689 | usage(); |
2711 | } | 2690 | } |
2712 | if (gen_krl) { | 2691 | if (gen_krl) { |
2713 | do_gen_krl(pw, update_krl, argc, argv); | 2692 | do_gen_krl(pw, update_krl, ca_key_path, |
2693 | cert_serial, identity_comment, argc, argv); | ||
2714 | return (0); | 2694 | return (0); |
2715 | } | 2695 | } |
2716 | if (check_krl) { | 2696 | if (check_krl) { |
@@ -2720,12 +2700,15 @@ main(int argc, char **argv) | |||
2720 | if (ca_key_path != NULL) { | 2700 | if (ca_key_path != NULL) { |
2721 | if (cert_key_id == NULL) | 2701 | if (cert_key_id == NULL) |
2722 | fatal("Must specify key id (-I) when certifying"); | 2702 | fatal("Must specify key id (-I) when certifying"); |
2723 | do_ca_sign(pw, argc, argv); | 2703 | do_ca_sign(pw, ca_key_path, prefer_agent, cert_serial, |
2704 | argc, argv); | ||
2724 | } | 2705 | } |
2725 | if (show_cert) | 2706 | if (show_cert) |
2726 | do_show_cert(pw); | 2707 | do_show_cert(pw); |
2727 | if (delete_host || hash_hosts || find_host) | 2708 | if (delete_host || hash_hosts || find_host) { |
2728 | do_known_hosts(pw, rr_hostname); | 2709 | do_known_hosts(pw, rr_hostname, find_host, |
2710 | delete_host, hash_hosts); | ||
2711 | } | ||
2729 | if (pkcs11provider != NULL) | 2712 | if (pkcs11provider != NULL) |
2730 | do_download(pw); | 2713 | do_download(pw); |
2731 | if (print_fingerprint || print_bubblebabble) | 2714 | if (print_fingerprint || print_bubblebabble) |
@@ -2733,7 +2716,7 @@ main(int argc, char **argv) | |||
2733 | if (change_passphrase) | 2716 | if (change_passphrase) |
2734 | do_change_passphrase(pw); | 2717 | do_change_passphrase(pw); |
2735 | if (change_comment) | 2718 | if (change_comment) |
2736 | do_change_comment(pw); | 2719 | do_change_comment(pw, identity_comment); |
2737 | #ifdef WITH_OPENSSL | 2720 | #ifdef WITH_OPENSSL |
2738 | if (convert_to) | 2721 | if (convert_to) |
2739 | do_convert_to(pw); | 2722 | do_convert_to(pw); |
@@ -2746,23 +2729,28 @@ main(int argc, char **argv) | |||
2746 | unsigned int n = 0; | 2729 | unsigned int n = 0; |
2747 | 2730 | ||
2748 | if (have_identity) { | 2731 | if (have_identity) { |
2749 | n = do_print_resource_record(pw, | 2732 | n = do_print_resource_record(pw, identity_file, |
2750 | identity_file, rr_hostname); | 2733 | rr_hostname, print_generic); |
2751 | if (n == 0) | 2734 | if (n == 0) |
2752 | fatal("%s: %s", identity_file, strerror(errno)); | 2735 | fatal("%s: %s", identity_file, strerror(errno)); |
2753 | exit(0); | 2736 | exit(0); |
2754 | } else { | 2737 | } else { |
2755 | 2738 | ||
2756 | n += do_print_resource_record(pw, | 2739 | n += do_print_resource_record(pw, |
2757 | _PATH_HOST_RSA_KEY_FILE, rr_hostname); | 2740 | _PATH_HOST_RSA_KEY_FILE, rr_hostname, |
2741 | print_generic); | ||
2758 | n += do_print_resource_record(pw, | 2742 | n += do_print_resource_record(pw, |
2759 | _PATH_HOST_DSA_KEY_FILE, rr_hostname); | 2743 | _PATH_HOST_DSA_KEY_FILE, rr_hostname, |
2744 | print_generic); | ||
2760 | n += do_print_resource_record(pw, | 2745 | n += do_print_resource_record(pw, |
2761 | _PATH_HOST_ECDSA_KEY_FILE, rr_hostname); | 2746 | _PATH_HOST_ECDSA_KEY_FILE, rr_hostname, |
2747 | print_generic); | ||
2762 | n += do_print_resource_record(pw, | 2748 | n += do_print_resource_record(pw, |
2763 | _PATH_HOST_ED25519_KEY_FILE, rr_hostname); | 2749 | _PATH_HOST_ED25519_KEY_FILE, rr_hostname, |
2750 | print_generic); | ||
2764 | n += do_print_resource_record(pw, | 2751 | n += do_print_resource_record(pw, |
2765 | _PATH_HOST_XMSS_KEY_FILE, rr_hostname); | 2752 | _PATH_HOST_XMSS_KEY_FILE, rr_hostname, |
2753 | print_generic); | ||
2766 | if (n == 0) | 2754 | if (n == 0) |
2767 | fatal("no keys found."); | 2755 | fatal("no keys found."); |
2768 | exit(0); | 2756 | exit(0); |