diff options
author | djm@openbsd.org <djm@openbsd.org> | 2015-11-13 04:34:15 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2015-11-16 11:31:36 +1100 |
commit | 94bc0b72c29e511cbbc5772190d43282e5acfdfe (patch) | |
tree | c602d4382625065f3ce997c81dbaf7613d92e81c /ssh-keygen.c | |
parent | b6b9108f5b561c83612cb97ece4134eb59fde071 (diff) |
upstream commit
support multiple certificates (one per line) and
reading from standard input (using "-f -") for "ssh-keygen -L"; ok dtucker@
Upstream-ID: ecbadeeef3926e5be6281689b7250a32a80e88db
Diffstat (limited to 'ssh-keygen.c')
-rw-r--r-- | ssh-keygen.c | 73 |
1 files changed, 56 insertions, 17 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index 4e0a85554..f58462044 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keygen.c,v 1.277 2015/08/19 23:17:51 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.278 2015/11/13 04:34:15 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -1851,23 +1851,10 @@ show_options(struct sshbuf *optbuf, int in_critical) | |||
1851 | } | 1851 | } |
1852 | 1852 | ||
1853 | static void | 1853 | static void |
1854 | do_show_cert(struct passwd *pw) | 1854 | print_cert(struct sshkey *key) |
1855 | { | 1855 | { |
1856 | struct sshkey *key; | ||
1857 | struct stat st; | ||
1858 | char *key_fp, *ca_fp; | 1856 | char *key_fp, *ca_fp; |
1859 | u_int i; | 1857 | u_int i; |
1860 | int r; | ||
1861 | |||
1862 | if (!have_identity) | ||
1863 | ask_filename(pw, "Enter file in which the key is"); | ||
1864 | if (stat(identity_file, &st) < 0) | ||
1865 | fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); | ||
1866 | if ((r = sshkey_load_public(identity_file, &key, NULL)) != 0) | ||
1867 | fatal("Cannot load public key \"%s\": %s", | ||
1868 | identity_file, ssh_err(r)); | ||
1869 | if (!sshkey_is_cert(key)) | ||
1870 | fatal("%s is not a certificate", identity_file); | ||
1871 | 1858 | ||
1872 | key_fp = sshkey_fingerprint(key, fingerprint_hash, SSH_FP_DEFAULT); | 1859 | key_fp = sshkey_fingerprint(key, fingerprint_hash, SSH_FP_DEFAULT); |
1873 | ca_fp = sshkey_fingerprint(key->cert->signature_key, | 1860 | ca_fp = sshkey_fingerprint(key->cert->signature_key, |
@@ -1875,7 +1862,6 @@ do_show_cert(struct passwd *pw) | |||
1875 | if (key_fp == NULL || ca_fp == NULL) | 1862 | if (key_fp == NULL || ca_fp == NULL) |
1876 | fatal("%s: sshkey_fingerprint fail", __func__); | 1863 | fatal("%s: sshkey_fingerprint fail", __func__); |
1877 | 1864 | ||
1878 | printf("%s:\n", identity_file); | ||
1879 | printf(" Type: %s %s certificate\n", sshkey_ssh_name(key), | 1865 | printf(" Type: %s %s certificate\n", sshkey_ssh_name(key), |
1880 | sshkey_cert_type(key)); | 1866 | sshkey_cert_type(key)); |
1881 | printf(" Public key: %s %s\n", sshkey_type(key), key_fp); | 1867 | printf(" Public key: %s %s\n", sshkey_type(key), key_fp); |
@@ -1908,7 +1894,60 @@ do_show_cert(struct passwd *pw) | |||
1908 | printf("\n"); | 1894 | printf("\n"); |
1909 | show_options(key->cert->extensions, 0); | 1895 | show_options(key->cert->extensions, 0); |
1910 | } | 1896 | } |
1911 | exit(0); | 1897 | } |
1898 | |||
1899 | static void | ||
1900 | do_show_cert(struct passwd *pw) | ||
1901 | { | ||
1902 | struct sshkey *key = NULL; | ||
1903 | struct stat st; | ||
1904 | int r, is_stdin = 0, ok = 0; | ||
1905 | FILE *f; | ||
1906 | char *cp, line[2048]; | ||
1907 | const char *path; | ||
1908 | long int lnum = 0; | ||
1909 | |||
1910 | if (!have_identity) | ||
1911 | ask_filename(pw, "Enter file in which the key is"); | ||
1912 | if (strcmp(identity_file, "-") != 0 && stat(identity_file, &st) < 0) | ||
1913 | fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); | ||
1914 | |||
1915 | path = identity_file; | ||
1916 | if (strcmp(path, "-") == 0) { | ||
1917 | f = stdin; | ||
1918 | path = "(stdin)"; | ||
1919 | is_stdin = 1; | ||
1920 | } else if ((f = fopen(identity_file, "r")) == NULL) | ||
1921 | fatal("fopen %s: %s", identity_file, strerror(errno)); | ||
1922 | |||
1923 | while (read_keyfile_line(f, path, line, sizeof(line), &lnum) == 0) { | ||
1924 | sshkey_free(key); | ||
1925 | key = NULL; | ||
1926 | /* Trim leading space and comments */ | ||
1927 | cp = line + strspn(line, " \t"); | ||
1928 | if (*cp == '#' || *cp == '\0') | ||
1929 | continue; | ||
1930 | if ((key = sshkey_new(KEY_UNSPEC)) == NULL) | ||
1931 | fatal("key_new"); | ||
1932 | if ((r = sshkey_read(key, &cp)) != 0) { | ||
1933 | error("%s:%lu: invalid key: %s", path, | ||
1934 | lnum, ssh_err(r)); | ||
1935 | continue; | ||
1936 | } | ||
1937 | if (!sshkey_is_cert(key)) { | ||
1938 | error("%s:%lu is not a certificate", path, lnum); | ||
1939 | continue; | ||
1940 | } | ||
1941 | ok = 1; | ||
1942 | if (!is_stdin && lnum == 1) | ||
1943 | printf("%s:\n", path); | ||
1944 | else | ||
1945 | printf("%s:%lu:\n", path, lnum); | ||
1946 | print_cert(key); | ||
1947 | } | ||
1948 | sshkey_free(key); | ||
1949 | fclose(f); | ||
1950 | exit(ok ? 0 : 1); | ||
1912 | } | 1951 | } |
1913 | 1952 | ||
1914 | static void | 1953 | static void |