forked from openssh/openssh-portable
-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
upstream: expose PKCS#11 key labels/X.509 subjects as comments
Extract the key label or X.509 subject string when PKCS#11 keys are retrieved from the token and plumb this through to places where it may be used as a comment. based on openssh#138 by Danielle Church feedback and ok markus@ OpenBSD-Commit-ID: cae1fda10d9e10971dea29520916e27cfec7ca35
- Loading branch information
Showing
7 changed files
with
144 additions
and
82 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,4 +1,4 @@ | ||
| /* $OpenBSD: ssh-agent.c,v 1.252 2020/01/23 07:10:22 dtucker Exp $ */ | ||
| /* $OpenBSD: ssh-agent.c,v 1.253 2020/01/25 00:03:36 djm Exp $ */ | ||
| /* | ||
| * Author: Tatu Ylonen <[email protected]> | ||
| * Copyright (c) 1995 Tatu Ylonen <[email protected]>, Espoo, Finland | ||
|
|
@@ -633,6 +633,7 @@ static void | |
| process_add_smartcard_key(SocketEntry *e) | ||
| { | ||
| char *provider = NULL, *pin = NULL, canonical_provider[PATH_MAX]; | ||
| char **comments = NULL; | ||
| int r, i, count = 0, success = 0, confirm = 0; | ||
| u_int seconds; | ||
| time_t death = 0; | ||
|
|
@@ -682,28 +683,34 @@ process_add_smartcard_key(SocketEntry *e) | |
| if (lifetime && !death) | ||
| death = monotime() + lifetime; | ||
|
|
||
| count = pkcs11_add_provider(canonical_provider, pin, &keys); | ||
| count = pkcs11_add_provider(canonical_provider, pin, &keys, &comments); | ||
| for (i = 0; i < count; i++) { | ||
| k = keys[i]; | ||
| if (lookup_identity(k) == NULL) { | ||
| id = xcalloc(1, sizeof(Identity)); | ||
| id->key = k; | ||
| keys[i] = NULL; /* transferred */ | ||
| id->provider = xstrdup(canonical_provider); | ||
| id->comment = xstrdup(canonical_provider); /* XXX */ | ||
| if (*comments[i] != '\0') { | ||
| id->comment = comments[i]; | ||
| comments[i] = NULL; /* transferred */ | ||
| } else { | ||
| id->comment = xstrdup(canonical_provider); | ||
| } | ||
| id->death = death; | ||
| id->confirm = confirm; | ||
| TAILQ_INSERT_TAIL(&idtab->idlist, id, next); | ||
| idtab->nentries++; | ||
| success = 1; | ||
| } else { | ||
| sshkey_free(k); | ||
| } | ||
| keys[i] = NULL; | ||
| sshkey_free(keys[i]); | ||
| free(comments[i]); | ||
| } | ||
| send: | ||
| free(pin); | ||
| free(provider); | ||
| free(keys); | ||
| free(comments); | ||
| send_status(e, success); | ||
| } | ||
|
|
||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,4 +1,4 @@ | ||
| /* $OpenBSD: ssh-keygen.c,v 1.391 2020/01/24 05:33:01 djm Exp $ */ | ||
| /* $OpenBSD: ssh-keygen.c,v 1.392 2020/01/25 00:03:36 djm Exp $ */ | ||
| /* | ||
| * Author: Tatu Ylonen <[email protected]> | ||
| * Copyright (c) 1994 Tatu Ylonen <[email protected]>, Espoo, Finland | ||
|
|
@@ -829,13 +829,13 @@ do_download(struct passwd *pw) | |
| int i, nkeys; | ||
| enum sshkey_fp_rep rep; | ||
| int fptype; | ||
| char *fp, *ra; | ||
| char *fp, *ra, **comments = NULL; | ||
|
|
||
| fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash; | ||
| rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT; | ||
|
|
||
| pkcs11_init(1); | ||
| nkeys = pkcs11_add_provider(pkcs11provider, NULL, &keys); | ||
| nkeys = pkcs11_add_provider(pkcs11provider, NULL, &keys, &comments); | ||
| if (nkeys <= 0) | ||
| fatal("cannot read public key from pkcs11"); | ||
| for (i = 0; i < nkeys; i++) { | ||
|
|
@@ -853,10 +853,13 @@ do_download(struct passwd *pw) | |
| free(fp); | ||
| } else { | ||
| (void) sshkey_write(keys[i], stdout); /* XXX check */ | ||
| fprintf(stdout, "\n"); | ||
| fprintf(stdout, "%s%s\n", | ||
| *(comments[i]) == '\0' ? "" : " ", comments[i]); | ||
| } | ||
| free(comments[i]); | ||
| sshkey_free(keys[i]); | ||
| } | ||
| free(comments); | ||
| free(keys); | ||
| pkcs11_terminate(); | ||
| exit(0); | ||
|
|
@@ -1703,7 +1706,8 @@ load_pkcs11_key(char *path) | |
| fatal("Couldn't load CA public key \"%s\": %s", | ||
| path, ssh_err(r)); | ||
|
|
||
| nkeys = pkcs11_add_provider(pkcs11provider, identity_passphrase, &keys); | ||
| nkeys = pkcs11_add_provider(pkcs11provider, identity_passphrase, | ||
| &keys, NULL); | ||
| debug3("%s: %d keys", __func__, nkeys); | ||
| if (nkeys <= 0) | ||
| fatal("cannot read public key from pkcs11"); | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.