diff options
Diffstat (limited to 'ssh-keygen.c')
| -rw-r--r-- | ssh-keygen.c | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index ffb92fd94..992491f15 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-keygen.c,v 1.325 2019/01/23 04:16:22 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.326 2019/01/23 04:51:02 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -1645,7 +1645,8 @@ agent_signer(const struct sshkey *key, u_char **sigp, size_t *lenp, | |||
| 1645 | 1645 | ||
| 1646 | static void | 1646 | static void |
| 1647 | do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent, | 1647 | do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent, |
| 1648 | unsigned long long cert_serial, int argc, char **argv) | 1648 | unsigned long long cert_serial, int cert_serial_autoinc, |
| 1649 | int argc, char **argv) | ||
| 1649 | { | 1650 | { |
| 1650 | int r, i, fd, found, agent_fd = -1; | 1651 | int r, i, fd, found, agent_fd = -1; |
| 1651 | u_int n; | 1652 | u_int n; |
| @@ -1785,6 +1786,8 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent, | |||
| 1785 | 1786 | ||
| 1786 | sshkey_free(public); | 1787 | sshkey_free(public); |
| 1787 | free(out); | 1788 | free(out); |
| 1789 | if (cert_serial_autoinc) | ||
| 1790 | cert_serial++; | ||
| 1788 | } | 1791 | } |
| 1789 | #ifdef ENABLE_PKCS11 | 1792 | #ifdef ENABLE_PKCS11 |
| 1790 | pkcs11_terminate(); | 1793 | pkcs11_terminate(); |
| @@ -2414,7 +2417,7 @@ main(int argc, char **argv) | |||
| 2414 | int find_host = 0, delete_host = 0, hash_hosts = 0; | 2417 | int find_host = 0, delete_host = 0, hash_hosts = 0; |
| 2415 | int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0; | 2418 | int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0; |
| 2416 | int prefer_agent = 0, convert_to = 0, convert_from = 0; | 2419 | int prefer_agent = 0, convert_to = 0, convert_from = 0; |
| 2417 | int print_public = 0, print_generic = 0; | 2420 | int print_public = 0, print_generic = 0, cert_serial_autoinc = 0; |
| 2418 | unsigned long long cert_serial = 0; | 2421 | unsigned long long cert_serial = 0; |
| 2419 | char *identity_comment = NULL, *ca_key_path = NULL; | 2422 | char *identity_comment = NULL, *ca_key_path = NULL; |
| 2420 | u_int bits = 0; | 2423 | u_int bits = 0; |
| @@ -2610,6 +2613,10 @@ main(int argc, char **argv) | |||
| 2610 | break; | 2613 | break; |
| 2611 | case 'z': | 2614 | case 'z': |
| 2612 | errno = 0; | 2615 | errno = 0; |
| 2616 | if (*optarg == '+') { | ||
| 2617 | cert_serial_autoinc = 1; | ||
| 2618 | optarg++; | ||
| 2619 | } | ||
| 2613 | cert_serial = strtoull(optarg, &ep, 10); | 2620 | cert_serial = strtoull(optarg, &ep, 10); |
| 2614 | if (*optarg < '0' || *optarg > '9' || *ep != '\0' || | 2621 | if (*optarg < '0' || *optarg > '9' || *ep != '\0' || |
| 2615 | (errno == ERANGE && cert_serial == ULLONG_MAX)) | 2622 | (errno == ERANGE && cert_serial == ULLONG_MAX)) |
| @@ -2700,8 +2707,8 @@ main(int argc, char **argv) | |||
| 2700 | if (ca_key_path != NULL) { | 2707 | if (ca_key_path != NULL) { |
| 2701 | if (cert_key_id == NULL) | 2708 | if (cert_key_id == NULL) |
| 2702 | fatal("Must specify key id (-I) when certifying"); | 2709 | fatal("Must specify key id (-I) when certifying"); |
| 2703 | do_ca_sign(pw, ca_key_path, prefer_agent, cert_serial, | 2710 | do_ca_sign(pw, ca_key_path, prefer_agent, |
| 2704 | argc, argv); | 2711 | cert_serial, cert_serial_autoinc, argc, argv); |
| 2705 | } | 2712 | } |
| 2706 | if (show_cert) | 2713 | if (show_cert) |
| 2707 | do_show_cert(pw); | 2714 | do_show_cert(pw); |