diff options
author | djm@openbsd.org <djm@openbsd.org> | 2015-01-08 10:14:08 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2015-01-09 00:17:12 +1100 |
commit | 1195f4cb07ef4b0405c839293c38600b3e9bdb46 (patch) | |
tree | bee2cbc3442638bf18a2905608787a0c62b8994b /ssh-keysign.c | |
parent | febbe09e4e9aff579b0c5cc1623f756862e4757d (diff) |
upstream commit
deprecate key_load_private_pem() and
sshkey_load_private_pem() interfaces. Refactor the generic key loading API to
not require pathnames to be specified (they weren't really used).
Fixes a few other things en passant:
Makes ed25519 keys work for hostbased authentication (ssh-keysign
previously used the PEM-only routines).
Fixes key comment regression bz#2306: key pathnames were being lost as
comment fields.
ok markus@
Diffstat (limited to 'ssh-keysign.c')
-rw-r--r-- | ssh-keysign.c | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/ssh-keysign.c b/ssh-keysign.c index b86e18d8c..d59f115fc 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keysign.c,v 1.44 2014/12/21 22:27:56 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keysign.c,v 1.45 2015/01/08 10:14:08 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2002 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2002 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -52,6 +52,8 @@ | |||
52 | #include "pathnames.h" | 52 | #include "pathnames.h" |
53 | #include "readconf.h" | 53 | #include "readconf.h" |
54 | #include "uidswap.h" | 54 | #include "uidswap.h" |
55 | #include "sshkey.h" | ||
56 | #include "ssherr.h" | ||
55 | 57 | ||
56 | /* XXX readconf.c needs these */ | 58 | /* XXX readconf.c needs these */ |
57 | uid_t original_real_uid; | 59 | uid_t original_real_uid; |
@@ -69,6 +71,8 @@ valid_request(struct passwd *pw, char *host, Key **ret, u_char *data, | |||
69 | char *pkalg, *p; | 71 | char *pkalg, *p; |
70 | int pktype, fail; | 72 | int pktype, fail; |
71 | 73 | ||
74 | if (ret != NULL) | ||
75 | *ret = NULL; | ||
72 | fail = 0; | 76 | fail = 0; |
73 | 77 | ||
74 | buffer_init(&b); | 78 | buffer_init(&b); |
@@ -153,7 +157,7 @@ main(int argc, char **argv) | |||
153 | #define NUM_KEYTYPES 4 | 157 | #define NUM_KEYTYPES 4 |
154 | Key *keys[NUM_KEYTYPES], *key = NULL; | 158 | Key *keys[NUM_KEYTYPES], *key = NULL; |
155 | struct passwd *pw; | 159 | struct passwd *pw; |
156 | int key_fd[NUM_KEYTYPES], i, found, version = 2, fd; | 160 | int r, key_fd[NUM_KEYTYPES], i, found, version = 2, fd; |
157 | u_char *signature, *data; | 161 | u_char *signature, *data; |
158 | char *host, *fp; | 162 | char *host, *fp; |
159 | u_int slen, dlen; | 163 | u_int slen, dlen; |
@@ -209,14 +213,15 @@ main(int argc, char **argv) | |||
209 | keys[i] = NULL; | 213 | keys[i] = NULL; |
210 | if (key_fd[i] == -1) | 214 | if (key_fd[i] == -1) |
211 | continue; | 215 | continue; |
212 | #ifdef WITH_OPENSSL | 216 | r = sshkey_load_private_type_fd(key_fd[i], KEY_UNSPEC, |
213 | /* XXX wrong api */ | 217 | NULL, &key, NULL); |
214 | keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC, | ||
215 | NULL, NULL); | ||
216 | #endif | ||
217 | close(key_fd[i]); | 218 | close(key_fd[i]); |
218 | if (keys[i] != NULL) | 219 | if (r != 0) |
220 | debug("parse key %d: %s", i, ssh_err(r)); | ||
221 | else if (key != NULL) { | ||
222 | keys[i] = key; | ||
219 | found = 1; | 223 | found = 1; |
224 | } | ||
220 | } | 225 | } |
221 | if (!found) | 226 | if (!found) |
222 | fatal("no hostkey found"); | 227 | fatal("no hostkey found"); |