* New upstream release (http://www.openssh.com/txt/release-5.6):

- Added a ControlPersist option to ssh_config(5) that automatically starts a background ssh(1) multiplex master when connecting. This connection can stay alive indefinitely, or can be set to automatically close after a user-specified duration of inactivity (closes: #335697, #350898, #454787, #500573, #550262). - Support AuthorizedKeysFile, AuthorizedPrincipalsFile, HostbasedUsesNameFromPacketOnly, and PermitTunnel in sshd_config(5) Match blocks (closes: #549858). - sftp(1): fix ls in working directories that contain globbing characters in their pathnames (LP: #530714).
author: Colin Watson <cjwatson@debian.org> 2010-08-23 23:52:36 +0100
committer: Colin Watson <cjwatson@debian.org> 2010-08-23 23:52:36 +0100
commit: 78799892cb1858927be02be9737c594052e3f910 (patch)
tree: ac3dc2e848ab9dc62fe4252e01e52c3d456f628f /authfile.c
parent: 3875951bb76a9ec62634ae4026c9cc885d933477 (diff)
parent: 31e30b835fd9695d3b6647cab4867001b092e28f (diff)
1 files changed, 61 insertions, 1 deletions
diff --git a/authfile.c b/authfile.c
index 4d0823209..deac28f6a 100644
--- a/authfile.c
+++ b/authfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfile.c,v 1.80 2010/03/04 10:36:03 djm Exp $ */
+/* $OpenBSD: authfile.c,v 1.82 2010/08/04 05:49:22 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -694,6 +694,66 @@ key_load_public(const char *filename, char **commentp)
        return NULL;
 }
+/* Load the certificate associated with the named private key */
+Key *
+key_load_cert(const char *filename)
+{
+        Key *pub;
+        char *file;
+        pub = key_new(KEY_UNSPEC);
+        xasprintf(&file, "%s-cert.pub", filename);
+        if (key_try_load_public(pub, file, NULL) == 1) {
+                xfree(file);
+                return pub;
+        }
+        xfree(file);
+        key_free(pub);
+        return NULL;
+}
+/* Load private key and certificate */
+Key *
+key_load_private_cert(int type, const char *filename, const char *passphrase,
+    int *perm_ok)
+{
+        Key *key, *pub;
+        switch (type) {
+        case KEY_RSA:
+        case KEY_DSA:
+                break;
+        default:
+                error("%s: unsupported key type", __func__);
+                return NULL;
+        }
+        if ((key = key_load_private_type(type, filename, 
+            passphrase, NULL, perm_ok)) == NULL)
+                return NULL;
+        if ((pub = key_load_cert(filename)) == NULL) {
+                key_free(key);
+                return NULL;
+        }
+        /* Make sure the private key matches the certificate */
+        if (key_equal_public(key, pub) == 0) {
+                error("%s: certificate does not match private key %s",
+                    __func__, filename);
+        } else if (key_to_certified(key, key_cert_is_legacy(pub)) != 0) {
+                error("%s: key_to_certified failed", __func__);
+        } else {
+                key_cert_copy(pub, key);
+                key_free(pub);
+                return key;
+        }
+        key_free(key);
+        key_free(pub);
+        return NULL;
+}
 /*
 * Returns 1 if the specified "key" is listed in the file "filename",
 * 0 if the key is not listed or -1 on error.
author	Colin Watson <cjwatson@debian.org>	2010-08-23 23:52:36 +0100
committer	Colin Watson <cjwatson@debian.org>	2010-08-23 23:52:36 +0100
commit	78799892cb1858927be02be9737c594052e3f910 (patch)
tree	ac3dc2e848ab9dc62fe4252e01e52c3d456f628f /authfile.c
parent	3875951bb76a9ec62634ae4026c9cc885d933477 (diff)
parent	31e30b835fd9695d3b6647cab4867001b092e28f (diff)

diff --git a/authfile.c b/authfile.c index 4d0823209..deac28f6a 100644 --- a/authfile.c +++ b/authfile.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: authfile.c,v 1.80 2010/03/04 10:36:03 djm Exp $ */	1	/* $OpenBSD: authfile.c,v 1.82 2010/08/04 05:49:22 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -694,6 +694,66 @@ key_load_public(const char filename, char *commentp)
694	return NULL;	694	return NULL;
695	}	695	}
696		696
		697	/* Load the certificate associated with the named private key */
		698	Key *
		699	key_load_cert(const char *filename)
		700	{
		701	Key *pub;
		702	char *file;
		703
		704	pub = key_new(KEY_UNSPEC);
		705	xasprintf(&file, "%s-cert.pub", filename);
		706	if (key_try_load_public(pub, file, NULL) == 1) {
		707	xfree(file);
		708	return pub;
		709	}
		710	xfree(file);
		711	key_free(pub);
		712	return NULL;
		713	}
		714
		715	/* Load private key and certificate */
		716	Key *
		717	key_load_private_cert(int type, const char filename, const char passphrase,
		718	int *perm_ok)
		719	{
		720	Key key, pub;
		721
		722	switch (type) {
		723	case KEY_RSA:
		724	case KEY_DSA:
		725	break;
		726	default:
		727	error("%s: unsupported key type", __func__);
		728	return NULL;
		729	}
		730
		731	if ((key = key_load_private_type(type, filename,
		732	passphrase, NULL, perm_ok)) == NULL)
		733	return NULL;
		734
		735	if ((pub = key_load_cert(filename)) == NULL) {
		736	key_free(key);
		737	return NULL;
		738	}
		739
		740	/* Make sure the private key matches the certificate */
		741	if (key_equal_public(key, pub) == 0) {
		742	error("%s: certificate does not match private key %s",
		743	__func__, filename);
		744	} else if (key_to_certified(key, key_cert_is_legacy(pub)) != 0) {
		745	error("%s: key_to_certified failed", __func__);
		746	} else {
		747	key_cert_copy(pub, key);
		748	key_free(pub);
		749	return key;
		750	}
		751
		752	key_free(key);
		753	key_free(pub);
		754	return NULL;
		755	}
		756
697	/*	757	/*
698	* Returns 1 if the specified "key" is listed in the file "filename",	758	* Returns 1 if the specified "key" is listed in the file "filename",
699	* 0 if the key is not listed or -1 on error.	759	* 0 if the key is not listed or -1 on error.