diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2020-01-25 00:03:36 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2020-01-25 11:35:55 +1100 |
| commit | 89a8d4525e8edd9958ed3df60cf683551142eae0 (patch) | |
| tree | 5251d0355691f30dca76d17724dd0d2123285e6e /ssh.c | |
| parent | a8c05c640873621681ab64d2e47a314592d5efa2 (diff) | |
upstream: expose PKCS#11 key labels/X.509 subjects as comments
Extract the key label or X.509 subject string when PKCS#11 keys
are retrieved from the token and plumb this through to places where
it may be used as a comment.
based on https://github.com/openssh/openssh-portable/pull/138
by Danielle Church
feedback and ok markus@
OpenBSD-Commit-ID: cae1fda10d9e10971dea29520916e27cfec7ca35
Diffstat (limited to 'ssh.c')
| -rw-r--r-- | ssh.c | 12 |
1 files changed, 7 insertions, 5 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh.c,v 1.513 2020/01/23 10:24:29 dtucker Exp $ */ | 1 | /* $OpenBSD: ssh.c,v 1.514 2020/01/25 00:03:36 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -2072,7 +2072,8 @@ load_public_identity_files(struct passwd *pw) | |||
| 2072 | struct sshkey *certificates[SSH_MAX_CERTIFICATE_FILES]; | 2072 | struct sshkey *certificates[SSH_MAX_CERTIFICATE_FILES]; |
| 2073 | int certificate_file_userprovided[SSH_MAX_CERTIFICATE_FILES]; | 2073 | int certificate_file_userprovided[SSH_MAX_CERTIFICATE_FILES]; |
| 2074 | #ifdef ENABLE_PKCS11 | 2074 | #ifdef ENABLE_PKCS11 |
| 2075 | struct sshkey **keys; | 2075 | struct sshkey **keys = NULL; |
| 2076 | char **comments = NULL; | ||
| 2076 | int nkeys; | 2077 | int nkeys; |
| 2077 | #endif /* PKCS11 */ | 2078 | #endif /* PKCS11 */ |
| 2078 | 2079 | ||
| @@ -2091,18 +2092,19 @@ load_public_identity_files(struct passwd *pw) | |||
| 2091 | options.num_identity_files < SSH_MAX_IDENTITY_FILES && | 2092 | options.num_identity_files < SSH_MAX_IDENTITY_FILES && |
| 2092 | (pkcs11_init(!options.batch_mode) == 0) && | 2093 | (pkcs11_init(!options.batch_mode) == 0) && |
| 2093 | (nkeys = pkcs11_add_provider(options.pkcs11_provider, NULL, | 2094 | (nkeys = pkcs11_add_provider(options.pkcs11_provider, NULL, |
| 2094 | &keys)) > 0) { | 2095 | &keys, &comments)) > 0) { |
| 2095 | for (i = 0; i < nkeys; i++) { | 2096 | for (i = 0; i < nkeys; i++) { |
| 2096 | if (n_ids >= SSH_MAX_IDENTITY_FILES) { | 2097 | if (n_ids >= SSH_MAX_IDENTITY_FILES) { |
| 2097 | sshkey_free(keys[i]); | 2098 | sshkey_free(keys[i]); |
| 2099 | free(comments[i]); | ||
| 2098 | continue; | 2100 | continue; |
| 2099 | } | 2101 | } |
| 2100 | identity_keys[n_ids] = keys[i]; | 2102 | identity_keys[n_ids] = keys[i]; |
| 2101 | identity_files[n_ids] = | 2103 | identity_files[n_ids] = comments[i]; /* transferred */ |
| 2102 | xstrdup(options.pkcs11_provider); /* XXX */ | ||
| 2103 | n_ids++; | 2104 | n_ids++; |
| 2104 | } | 2105 | } |
| 2105 | free(keys); | 2106 | free(keys); |
| 2107 | free(comments); | ||
| 2106 | } | 2108 | } |
| 2107 | #endif /* ENABLE_PKCS11 */ | 2109 | #endif /* ENABLE_PKCS11 */ |
| 2108 | for (i = 0; i < options.num_identity_files; i++) { | 2110 | for (i = 0; i < options.num_identity_files; i++) { |