diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2015-01-08 10:14:08 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2015-01-09 00:17:12 +1100 |
| commit | 1195f4cb07ef4b0405c839293c38600b3e9bdb46 (patch) | |
| tree | bee2cbc3442638bf18a2905608787a0c62b8994b /ssh-keysign.c | |
| parent | febbe09e4e9aff579b0c5cc1623f756862e4757d (diff) | |
upstream commit
deprecate key_load_private_pem() and
sshkey_load_private_pem() interfaces. Refactor the generic key loading API to
not require pathnames to be specified (they weren't really used).
Fixes a few other things en passant:
Makes ed25519 keys work for hostbased authentication (ssh-keysign
previously used the PEM-only routines).
Fixes key comment regression bz#2306: key pathnames were being lost as
comment fields.
ok markus@
Diffstat (limited to 'ssh-keysign.c')
| -rw-r--r-- | ssh-keysign.c | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/ssh-keysign.c b/ssh-keysign.c index b86e18d8c..d59f115fc 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-keysign.c,v 1.44 2014/12/21 22:27:56 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keysign.c,v 1.45 2015/01/08 10:14:08 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2002 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2002 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -52,6 +52,8 @@ | |||
| 52 | #include "pathnames.h" | 52 | #include "pathnames.h" |
| 53 | #include "readconf.h" | 53 | #include "readconf.h" |
| 54 | #include "uidswap.h" | 54 | #include "uidswap.h" |
| 55 | #include "sshkey.h" | ||
| 56 | #include "ssherr.h" | ||
| 55 | 57 | ||
| 56 | /* XXX readconf.c needs these */ | 58 | /* XXX readconf.c needs these */ |
| 57 | uid_t original_real_uid; | 59 | uid_t original_real_uid; |
| @@ -69,6 +71,8 @@ valid_request(struct passwd *pw, char *host, Key **ret, u_char *data, | |||
| 69 | char *pkalg, *p; | 71 | char *pkalg, *p; |
| 70 | int pktype, fail; | 72 | int pktype, fail; |
| 71 | 73 | ||
| 74 | if (ret != NULL) | ||
| 75 | *ret = NULL; | ||
| 72 | fail = 0; | 76 | fail = 0; |
| 73 | 77 | ||
| 74 | buffer_init(&b); | 78 | buffer_init(&b); |
| @@ -153,7 +157,7 @@ main(int argc, char **argv) | |||
| 153 | #define NUM_KEYTYPES 4 | 157 | #define NUM_KEYTYPES 4 |
| 154 | Key *keys[NUM_KEYTYPES], *key = NULL; | 158 | Key *keys[NUM_KEYTYPES], *key = NULL; |
| 155 | struct passwd *pw; | 159 | struct passwd *pw; |
| 156 | int key_fd[NUM_KEYTYPES], i, found, version = 2, fd; | 160 | int r, key_fd[NUM_KEYTYPES], i, found, version = 2, fd; |
| 157 | u_char *signature, *data; | 161 | u_char *signature, *data; |
| 158 | char *host, *fp; | 162 | char *host, *fp; |
| 159 | u_int slen, dlen; | 163 | u_int slen, dlen; |
| @@ -209,14 +213,15 @@ main(int argc, char **argv) | |||
| 209 | keys[i] = NULL; | 213 | keys[i] = NULL; |
| 210 | if (key_fd[i] == -1) | 214 | if (key_fd[i] == -1) |
| 211 | continue; | 215 | continue; |
| 212 | #ifdef WITH_OPENSSL | 216 | r = sshkey_load_private_type_fd(key_fd[i], KEY_UNSPEC, |
| 213 | /* XXX wrong api */ | 217 | NULL, &key, NULL); |
| 214 | keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC, | ||
| 215 | NULL, NULL); | ||
| 216 | #endif | ||
| 217 | close(key_fd[i]); | 218 | close(key_fd[i]); |
| 218 | if (keys[i] != NULL) | 219 | if (r != 0) |
| 220 | debug("parse key %d: %s", i, ssh_err(r)); | ||
| 221 | else if (key != NULL) { | ||
| 222 | keys[i] = key; | ||
| 219 | found = 1; | 223 | found = 1; |
| 224 | } | ||
| 220 | } | 225 | } |
| 221 | if (!found) | 226 | if (!found) |
| 222 | fatal("no hostkey found"); | 227 | fatal("no hostkey found"); |