upstream: ssh-keygen -Y find-principals fixes based on feedback

from Markus: use "principals" instead of principal, as allowed_signers lines may list multiple. When the signing key is a certificate, emit only principals that match the certificate principal list. NB. the command -Y name changes: "find-principal" => "find-principals" ok markus@ OpenBSD-Commit-ID: ab575946ff9a55624cd4e811bfd338bf3b1d0faf
author: djm@openbsd.org <djm@openbsd.org> 2020-01-23 23:31:52 +0000
committer: Damien Miller <djm@mindrot.org> 2020-01-25 11:27:29 +1100
commit: 72a8bea2d748c8bd7f076a8b39a52082c79ae95f (patch)
tree: 14bea4a63d81af371d75708384811f5829a38267 /ssh-keygen.c
parent: 0585b5697201f5d8b32e6f1b0fee7e188268d30d (diff)
1 files changed, 13 insertions, 14 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c
index ce94a5ab0..363da70db 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.387 2020/01/23 07:54:04 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.388 2020/01/23 23:31:52 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2758,11 +2758,11 @@ done:
 }
 static int
-sig_find_principal(const char *signature, const char *allowed_keys) {
+sig_find_principals(const char *signature, const char *allowed_keys) {
        int r, ret = -1, sigfd = -1;
        struct sshbuf *sigbuf = NULL, *abuf = NULL;
        struct sshkey *sign_key = NULL;
-        char *principal = NULL;
+        char *principals = NULL;
        if ((abuf = sshbuf_new()) == NULL)
                fatal("%s: sshbuf_new() failed", __func__);
@@ -2782,12 +2782,11 @@ sig_find_principal(const char *signature, const char *allowed_keys) {
        }
        if ((r = sshsig_get_pubkey(sigbuf, &sign_key)) != 0) {
                error("%s: sshsig_get_pubkey: %s",
-                      __func__, ssh_err(r));
+                    __func__, ssh_err(r));
                goto done;
        }
+        if ((r = sshsig_find_principals(allowed_keys, sign_key,
-        if ((r = sshsig_find_principal(allowed_keys, sign_key,
+            &principals)) != 0) {
-                                      &principal)) != 0) {
                error("%s: sshsig_get_principal: %s",
                      __func__, ssh_err(r));
                goto done;
@@ -2795,7 +2794,7 @@ sig_find_principal(const char *signature, const char *allowed_keys) {
        ret = 0;
 done:
        if (ret == 0 ) {
-                printf("Found matching principal: %s\n", principal);
+                printf("Found matching principal: %s\n", principals);
        } else {
                printf("Could not find matching principal.\n");
        }
@@ -2804,7 +2803,7 @@ done:
        sshbuf_free(sigbuf);
        sshbuf_free(abuf);
        sshkey_free(sign_key);
-        free(principal);
+        free(principals);
        return ret;
 }
@@ -3093,7 +3092,7 @@ usage(void)
            "       ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]\n"
            "                  file ...\n"
            "       ssh-keygen -Q -f krl_file file ...\n"
-            "       ssh-keygen -Y find-principal -s signature_file -f allowed_signers_file\n"
+            "       ssh-keygen -Y find-principals -s signature_file -f allowed_signers_file\n"
            "       ssh-keygen -Y check-novalidate -n namespace -s signature_file\n"
            "       ssh-keygen -Y sign -f key_file -n namespace file ...\n"
            "       ssh-keygen -Y verify -f allowed_signers_file -I signer_identity\n"
@@ -3357,18 +3356,18 @@ main(int argc, char **argv)
        argc -= optind;
        if (sign_op != NULL) {
-                if (strncmp(sign_op, "find-principal", 14) == 0) {
+                if (strncmp(sign_op, "find-principals", 15) == 0) {
                        if (ca_key_path == NULL) {
-                                error("Too few arguments for find-principal:"
+                                error("Too few arguments for find-principals:"
                                      "missing signature file");
                                exit(1);
                        }
                        if (!have_identity) {
-                                error("Too few arguments for find-principal:"
+                                error("Too few arguments for find-principals:"
                                      "missing allowed keys file");
                                exit(1);
                        }
-                        return sig_find_principal(ca_key_path, identity_file);
+                        return sig_find_principals(ca_key_path, identity_file);
                }
                if (cert_principals == NULL || *cert_principals == '\0') {
                        error("Too few arguments for sign/verify: "
author	djm@openbsd.org <djm@openbsd.org>	2020-01-23 23:31:52 +0000
committer	Damien Miller <djm@mindrot.org>	2020-01-25 11:27:29 +1100
commit	72a8bea2d748c8bd7f076a8b39a52082c79ae95f (patch)
tree	14bea4a63d81af371d75708384811f5829a38267 /ssh-keygen.c
parent	0585b5697201f5d8b32e6f1b0fee7e188268d30d (diff)

diff --git a/ssh-keygen.c b/ssh-keygen.c index ce94a5ab0..363da70db 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssh-keygen.c,v 1.387 2020/01/23 07:54:04 djm Exp $ */	1	/* $OpenBSD: ssh-keygen.c,v 1.388 2020/01/23 23:31:52 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2758,11 +2758,11 @@ done:
2758	}	2758	}
2759		2759
2760	static int	2760	static int
2761	sig_find_principal(const char signature, const char allowed_keys) {	2761	sig_find_principals(const char signature, const char allowed_keys) {
2762	int r, ret = -1, sigfd = -1;	2762	int r, ret = -1, sigfd = -1;
2763	struct sshbuf sigbuf = NULL, abuf = NULL;	2763	struct sshbuf sigbuf = NULL, abuf = NULL;
2764	struct sshkey *sign_key = NULL;	2764	struct sshkey *sign_key = NULL;
2765	char *principal = NULL;	2765	char *principals = NULL;
2766		2766
2767	if ((abuf = sshbuf_new()) == NULL)	2767	if ((abuf = sshbuf_new()) == NULL)
2768	fatal("%s: sshbuf_new() failed", __func__);	2768	fatal("%s: sshbuf_new() failed", __func__);
@@ -2782,12 +2782,11 @@ sig_find_principal(const char signature, const char allowed_keys) {
2782	}	2782	}
2783	if ((r = sshsig_get_pubkey(sigbuf, &sign_key)) != 0) {	2783	if ((r = sshsig_get_pubkey(sigbuf, &sign_key)) != 0) {
2784	error("%s: sshsig_get_pubkey: %s",	2784	error("%s: sshsig_get_pubkey: %s",
2785	__func__, ssh_err(r));	2785	__func__, ssh_err(r));
2786	goto done;	2786	goto done;
2787	}	2787	}
2788		2788	if ((r = sshsig_find_principals(allowed_keys, sign_key,
2789	if ((r = sshsig_find_principal(allowed_keys, sign_key,	2789	&principals)) != 0) {
2790	&principal)) != 0) {
2791	error("%s: sshsig_get_principal: %s",	2790	error("%s: sshsig_get_principal: %s",
2792	__func__, ssh_err(r));	2791	__func__, ssh_err(r));
2793	goto done;	2792	goto done;
@@ -2795,7 +2794,7 @@ sig_find_principal(const char signature, const char allowed_keys) {
2795	ret = 0;	2794	ret = 0;
2796	done:	2795	done:
2797	if (ret == 0 ) {	2796	if (ret == 0 ) {
2798	printf("Found matching principal: %s\n", principal);	2797	printf("Found matching principal: %s\n", principals);
2799	} else {	2798	} else {
2800	printf("Could not find matching principal.\n");	2799	printf("Could not find matching principal.\n");
2801	}	2800	}
@@ -2804,7 +2803,7 @@ done:
2804	sshbuf_free(sigbuf);	2803	sshbuf_free(sigbuf);
2805	sshbuf_free(abuf);	2804	sshbuf_free(abuf);
2806	sshkey_free(sign_key);	2805	sshkey_free(sign_key);
2807	free(principal);	2806	free(principals);
2808	return ret;	2807	return ret;
2809	}	2808	}
2810		2809
@@ -3093,7 +3092,7 @@ usage(void)
3093	" ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]\n"	3092	" ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]\n"
3094	" file ...\n"	3093	" file ...\n"
3095	" ssh-keygen -Q -f krl_file file ...\n"	3094	" ssh-keygen -Q -f krl_file file ...\n"
3096	" ssh-keygen -Y find-principal -s signature_file -f allowed_signers_file\n"	3095	" ssh-keygen -Y find-principals -s signature_file -f allowed_signers_file\n"
3097	" ssh-keygen -Y check-novalidate -n namespace -s signature_file\n"	3096	" ssh-keygen -Y check-novalidate -n namespace -s signature_file\n"
3098	" ssh-keygen -Y sign -f key_file -n namespace file ...\n"	3097	" ssh-keygen -Y sign -f key_file -n namespace file ...\n"
3099	" ssh-keygen -Y verify -f allowed_signers_file -I signer_identity\n"	3098	" ssh-keygen -Y verify -f allowed_signers_file -I signer_identity\n"
@@ -3357,18 +3356,18 @@ main(int argc, char **argv)
3357	argc -= optind;	3356	argc -= optind;
3358		3357
3359	if (sign_op != NULL) {	3358	if (sign_op != NULL) {
3360	if (strncmp(sign_op, "find-principal", 14) == 0) {	3359	if (strncmp(sign_op, "find-principals", 15) == 0) {
3361	if (ca_key_path == NULL) {	3360	if (ca_key_path == NULL) {
3362	error("Too few arguments for find-principal:"	3361	error("Too few arguments for find-principals:"
3363	"missing signature file");	3362	"missing signature file");
3364	exit(1);	3363	exit(1);
3365	}	3364	}
3366	if (!have_identity) {	3365	if (!have_identity) {
3367	error("Too few arguments for find-principal:"	3366	error("Too few arguments for find-principals:"
3368	"missing allowed keys file");	3367	"missing allowed keys file");
3369	exit(1);	3368	exit(1);
3370	}	3369	}
3371	return sig_find_principal(ca_key_path, identity_file);	3370	return sig_find_principals(ca_key_path, identity_file);
3372	}	3371	}
3373	if (cert_principals == NULL \|\| *cert_principals == '\0') {	3372	if (cert_principals == NULL \|\| *cert_principals == '\0') {
3374	error("Too few arguments for sign/verify: "	3373	error("Too few arguments for sign/verify: "