* New upstream release (http://www.openssh.com/txt/release-5.6):

- Added a ControlPersist option to ssh_config(5) that automatically starts a background ssh(1) multiplex master when connecting. This connection can stay alive indefinitely, or can be set to automatically close after a user-specified duration of inactivity (closes: #335697, #350898, #454787, #500573, #550262). - Support AuthorizedKeysFile, AuthorizedPrincipalsFile, HostbasedUsesNameFromPacketOnly, and PermitTunnel in sshd_config(5) Match blocks (closes: #549858). - sftp(1): fix ls in working directories that contain globbing characters in their pathnames (LP: #530714).
author: Colin Watson <cjwatson@debian.org> 2010-08-23 23:52:36 +0100
committer: Colin Watson <cjwatson@debian.org> 2010-08-23 23:52:36 +0100
commit: 78799892cb1858927be02be9737c594052e3f910 (patch)
tree: ac3dc2e848ab9dc62fe4252e01e52c3d456f628f /ssh-add.c
parent: 3875951bb76a9ec62634ae4026c9cc885d933477 (diff)
parent: 31e30b835fd9695d3b6647cab4867001b092e28f (diff)
1 files changed, 29 insertions, 21 deletions
diff --git a/ssh-add.c b/ssh-add.c
index 7249f0da6..9c118b228 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.94 2010/03/01 11:07:06 otto Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.96 2010/05/14 00:47:22 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -202,7 +202,7 @@ add_file(AuthenticationConnection *ac, const char *filename)
                            "Lifetime set to %d seconds\n", lifetime);
                if (confirm != 0)
                        fprintf(stderr,
-                            "The user has to confirm each use of the key\n");
+                            "The user must confirm each use of the key\n");
        } else {
                fprintf(stderr, "Could not add identity: %s\n", filename);
        }
@@ -210,29 +210,37 @@ add_file(AuthenticationConnection *ac, const char *filename)
        /* Now try to add the certificate flavour too */
        xasprintf(&certpath, "%s-cert.pub", filename);
-        if ((cert = key_load_public(certpath, NULL)) != NULL) {
+        if ((cert = key_load_public(certpath, NULL)) == NULL)
-                /* Graft with private bits */
+                goto out;
-                if (key_to_certified(private) != 0)
-                        fatal("%s: key_to_certified failed", __func__);
+        if (!key_equal_public(cert, private)) {
-                key_cert_copy(cert, private);
+                error("Certificate %s does not match private key %s",
+                    certpath, filename);
                key_free(cert);
+                goto out;
+        } 
-                if (ssh_add_identity_constrained(ac, private, comment,
+        /* Graft with private bits */
-                    lifetime, confirm)) {
+        if (key_to_certified(private, key_cert_is_legacy(cert)) != 0) {
-                        fprintf(stderr, "Certificate added: %s (%s)\n",
+                error("%s: key_to_certified failed", __func__);
-                            certpath, private->cert->key_id);
+                key_free(cert);
-                        if (lifetime != 0)
+                goto out;
-                                fprintf(stderr, "Lifetime set to %d seconds\n",
-                                    lifetime);
-                        if (confirm != 0)
-                                fprintf(stderr, "The user has to confirm each "
-                                    "use of the key\n");
-                } else {
-                        error("Certificate %s (%s) add failed", certpath,
-                            private->cert->key_id);
-                }
        }
+        key_cert_copy(cert, private);
+        key_free(cert);
+        if (!ssh_add_identity_constrained(ac, private, comment,
+            lifetime, confirm)) {
+                error("Certificate %s (%s) add failed", certpath,
+                    private->cert->key_id);
+        }
+        fprintf(stderr, "Certificate added: %s (%s)\n", certpath,
+            private->cert->key_id);
+        if (lifetime != 0)
+                fprintf(stderr, "Lifetime set to %d seconds\n", lifetime);
+        if (confirm != 0)
+                fprintf(stderr, "The user must confirm each use of the key\n");
+ out:
        xfree(certpath);
        xfree(comment);
        key_free(private);
author	Colin Watson <cjwatson@debian.org>	2010-08-23 23:52:36 +0100
committer	Colin Watson <cjwatson@debian.org>	2010-08-23 23:52:36 +0100
commit	78799892cb1858927be02be9737c594052e3f910 (patch)
tree	ac3dc2e848ab9dc62fe4252e01e52c3d456f628f /ssh-add.c
parent	3875951bb76a9ec62634ae4026c9cc885d933477 (diff)
parent	31e30b835fd9695d3b6647cab4867001b092e28f (diff)

diff --git a/ssh-add.c b/ssh-add.c index 7249f0da6..9c118b228 100644 --- a/ssh-add.c +++ b/ssh-add.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssh-add.c,v 1.94 2010/03/01 11:07:06 otto Exp $ */	1	/* $OpenBSD: ssh-add.c,v 1.96 2010/05/14 00:47:22 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -202,7 +202,7 @@ add_file(AuthenticationConnection ac, const char filename)
202	"Lifetime set to %d seconds\n", lifetime);	202	"Lifetime set to %d seconds\n", lifetime);
203	if (confirm != 0)	203	if (confirm != 0)
204	fprintf(stderr,	204	fprintf(stderr,
205	"The user has to confirm each use of the key\n");	205	"The user must confirm each use of the key\n");
206	} else {	206	} else {
207	fprintf(stderr, "Could not add identity: %s\n", filename);	207	fprintf(stderr, "Could not add identity: %s\n", filename);
208	}	208	}
@@ -210,29 +210,37 @@ add_file(AuthenticationConnection ac, const char filename)
210		210
211	/* Now try to add the certificate flavour too */	211	/* Now try to add the certificate flavour too */
212	xasprintf(&certpath, "%s-cert.pub", filename);	212	xasprintf(&certpath, "%s-cert.pub", filename);
213	if ((cert = key_load_public(certpath, NULL)) != NULL) {	213	if ((cert = key_load_public(certpath, NULL)) == NULL)
214	/* Graft with private bits */	214	goto out;
215	if (key_to_certified(private) != 0)	215
216	fatal("%s: key_to_certified failed", __func__);	216	if (!key_equal_public(cert, private)) {
217	key_cert_copy(cert, private);	217	error("Certificate %s does not match private key %s",
		218	certpath, filename);
218	key_free(cert);	219	key_free(cert);
		220	goto out;
		221	}
219		222
220	if (ssh_add_identity_constrained(ac, private, comment,	223	/* Graft with private bits */
221	lifetime, confirm)) {	224	if (key_to_certified(private, key_cert_is_legacy(cert)) != 0) {
222	fprintf(stderr, "Certificate added: %s (%s)\n",	225	error("%s: key_to_certified failed", __func__);
223	certpath, private->cert->key_id);	226	key_free(cert);
224	if (lifetime != 0)	227	goto out;
225	fprintf(stderr, "Lifetime set to %d seconds\n",
226	lifetime);
227	if (confirm != 0)
228	fprintf(stderr, "The user has to confirm each "
229	"use of the key\n");
230	} else {
231	error("Certificate %s (%s) add failed", certpath,
232	private->cert->key_id);
233	}
234	}	228	}
		229	key_cert_copy(cert, private);
		230	key_free(cert);
235		231
		232	if (!ssh_add_identity_constrained(ac, private, comment,
		233	lifetime, confirm)) {
		234	error("Certificate %s (%s) add failed", certpath,
		235	private->cert->key_id);
		236	}
		237	fprintf(stderr, "Certificate added: %s (%s)\n", certpath,
		238	private->cert->key_id);
		239	if (lifetime != 0)
		240	fprintf(stderr, "Lifetime set to %d seconds\n", lifetime);
		241	if (confirm != 0)
		242	fprintf(stderr, "The user must confirm each use of the key\n");
		243	out:
236	xfree(certpath);	244	xfree(certpath);
237	xfree(comment);	245	xfree(comment);
238	key_free(private);	246	key_free(private);