forked from openssh/openssh-portable
-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
upstream: minor tweaks to ssh-keygen -Y find-principals:
emit matched principals one per line to stdout rather than as comma- separated and with a free-text preamble (easy confusion opportunity) emit "not found" error to stderr fix up argument testing for -Y operations and improve error message for unsupported operations OpenBSD-Commit-ID: 3d9c9a671ab07fc04a48f543edfa85eae77da69c
- Loading branch information
Showing
1 changed file
with
21 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,4 +1,4 @@ | ||
| /* $OpenBSD: ssh-keygen.c,v 1.390 2020/01/24 00:27:04 djm Exp $ */ | ||
| /* $OpenBSD: ssh-keygen.c,v 1.391 2020/01/24 05:33:01 djm Exp $ */ | ||
| /* | ||
| * Author: Tatu Ylonen <[email protected]> | ||
| * Copyright (c) 1994 Tatu Ylonen <[email protected]>, Espoo, Finland | ||
|
|
@@ -2774,7 +2774,7 @@ sig_find_principals(const char *signature, const char *allowed_keys) { | |
| int r, ret = -1, sigfd = -1; | ||
| struct sshbuf *sigbuf = NULL, *abuf = NULL; | ||
| struct sshkey *sign_key = NULL; | ||
| char *principals = NULL; | ||
| char *principals = NULL, *cp, *tmp; | ||
|
|
||
| if ((abuf = sshbuf_new()) == NULL) | ||
| fatal("%s: sshbuf_new() failed", __func__); | ||
|
|
@@ -2806,9 +2806,12 @@ sig_find_principals(const char *signature, const char *allowed_keys) { | |
| ret = 0; | ||
| done: | ||
| if (ret == 0 ) { | ||
| printf("Found matching principal: %s\n", principals); | ||
| /* Emit matching principals one per line */ | ||
| tmp = principals; | ||
| while ((cp = strsep(&tmp, ",")) != NULL && *cp != '\0') | ||
| puts(cp); | ||
| } else { | ||
| printf("Could not find matching principal.\n"); | ||
| fprintf(stderr, "No principal matched.\n"); | ||
| } | ||
| if (sigfd != -1) | ||
| close(sigfd); | ||
|
|
@@ -3380,13 +3383,13 @@ main(int argc, char **argv) | |
| exit(1); | ||
| } | ||
| return sig_find_principals(ca_key_path, identity_file); | ||
| } | ||
| if (cert_principals == NULL || *cert_principals == '\0') { | ||
| error("Too few arguments for sign/verify: " | ||
| "missing namespace"); | ||
| exit(1); | ||
| } | ||
| if (strncmp(sign_op, "sign", 4) == 0) { | ||
| } else if (strncmp(sign_op, "sign", 4) == 0) { | ||
| if (cert_principals == NULL || | ||
| *cert_principals == '\0') { | ||
| error("Too few arguments for sign: " | ||
| "missing namespace"); | ||
| exit(1); | ||
| } | ||
| if (!have_identity) { | ||
| error("Too few arguments for sign: " | ||
| "missing key"); | ||
|
|
@@ -3403,6 +3406,12 @@ main(int argc, char **argv) | |
| return sig_verify(ca_key_path, cert_principals, | ||
| NULL, NULL, NULL); | ||
| } else if (strncmp(sign_op, "verify", 6) == 0) { | ||
| if (cert_principals == NULL || | ||
| *cert_principals == '\0') { | ||
| error("Too few arguments for verify: " | ||
| "missing namespace"); | ||
| exit(1); | ||
| } | ||
| if (ca_key_path == NULL) { | ||
| error("Too few arguments for verify: " | ||
| "missing signature file"); | ||
|
|
@@ -3421,6 +3430,7 @@ main(int argc, char **argv) | |
| return sig_verify(ca_key_path, cert_principals, | ||
| cert_key_id, identity_file, rr_hostname); | ||
| } | ||
| error("Unsupported operation for -Y: \"%s\"", sign_op); | ||
| usage(); | ||
| /* NOTREACHED */ | ||
| } | ||
|
|
||