summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ssh-keygen.c32
1 files changed, 21 insertions, 11 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c
index f2192edb9..2c9f67862 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keygen.c,v 1.390 2020/01/24 00:27:04 djm Exp $ */ 1/* $OpenBSD: ssh-keygen.c,v 1.391 2020/01/24 05:33:01 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2774,7 +2774,7 @@ sig_find_principals(const char *signature, const char *allowed_keys) {
2774 int r, ret = -1, sigfd = -1; 2774 int r, ret = -1, sigfd = -1;
2775 struct sshbuf *sigbuf = NULL, *abuf = NULL; 2775 struct sshbuf *sigbuf = NULL, *abuf = NULL;
2776 struct sshkey *sign_key = NULL; 2776 struct sshkey *sign_key = NULL;
2777 char *principals = NULL; 2777 char *principals = NULL, *cp, *tmp;
2778 2778
2779 if ((abuf = sshbuf_new()) == NULL) 2779 if ((abuf = sshbuf_new()) == NULL)
2780 fatal("%s: sshbuf_new() failed", __func__); 2780 fatal("%s: sshbuf_new() failed", __func__);
@@ -2806,9 +2806,12 @@ sig_find_principals(const char *signature, const char *allowed_keys) {
2806 ret = 0; 2806 ret = 0;
2807done: 2807done:
2808 if (ret == 0 ) { 2808 if (ret == 0 ) {
2809 printf("Found matching principal: %s\n", principals); 2809 /* Emit matching principals one per line */
2810 tmp = principals;
2811 while ((cp = strsep(&tmp, ",")) != NULL && *cp != '\0')
2812 puts(cp);
2810 } else { 2813 } else {
2811 printf("Could not find matching principal.\n"); 2814 fprintf(stderr, "No principal matched.\n");
2812 } 2815 }
2813 if (sigfd != -1) 2816 if (sigfd != -1)
2814 close(sigfd); 2817 close(sigfd);
@@ -3380,13 +3383,13 @@ main(int argc, char **argv)
3380 exit(1); 3383 exit(1);
3381 } 3384 }
3382 return sig_find_principals(ca_key_path, identity_file); 3385 return sig_find_principals(ca_key_path, identity_file);
3383 } 3386 } else if (strncmp(sign_op, "sign", 4) == 0) {
3384 if (cert_principals == NULL || *cert_principals == '\0') { 3387 if (cert_principals == NULL ||
3385 error("Too few arguments for sign/verify: " 3388 *cert_principals == '\0') {
3386 "missing namespace"); 3389 error("Too few arguments for sign: "
3387 exit(1); 3390 "missing namespace");
3388 } 3391 exit(1);
3389 if (strncmp(sign_op, "sign", 4) == 0) { 3392 }
3390 if (!have_identity) { 3393 if (!have_identity) {
3391 error("Too few arguments for sign: " 3394 error("Too few arguments for sign: "
3392 "missing key"); 3395 "missing key");
@@ -3403,6 +3406,12 @@ main(int argc, char **argv)
3403 return sig_verify(ca_key_path, cert_principals, 3406 return sig_verify(ca_key_path, cert_principals,
3404 NULL, NULL, NULL); 3407 NULL, NULL, NULL);
3405 } else if (strncmp(sign_op, "verify", 6) == 0) { 3408 } else if (strncmp(sign_op, "verify", 6) == 0) {
3409 if (cert_principals == NULL ||
3410 *cert_principals == '\0') {
3411 error("Too few arguments for verify: "
3412 "missing namespace");
3413 exit(1);
3414 }
3406 if (ca_key_path == NULL) { 3415 if (ca_key_path == NULL) {
3407 error("Too few arguments for verify: " 3416 error("Too few arguments for verify: "
3408 "missing signature file"); 3417 "missing signature file");
@@ -3421,6 +3430,7 @@ main(int argc, char **argv)
3421 return sig_verify(ca_key_path, cert_principals, 3430 return sig_verify(ca_key_path, cert_principals,
3422 cert_key_id, identity_file, rr_hostname); 3431 cert_key_id, identity_file, rr_hostname);
3423 } 3432 }
3433 error("Unsupported operation for -Y: \"%s\"", sign_op);
3424 usage(); 3434 usage();
3425 /* NOTREACHED */ 3435 /* NOTREACHED */
3426 } 3436 }