[openssh-commits] [openssh] 04/10: upstream commit
git+noreply at mindrot.org
git+noreply at mindrot.org
Mon Nov 16 11:31:53 AEDT 2015
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 94bc0b72c29e511cbbc5772190d43282e5acfdfe
Author: djm at openbsd.org <djm at openbsd.org>
Date: Fri Nov 13 04:34:15 2015 +0000
upstream commit
support multiple certificates (one per line) and
reading from standard input (using "-f -") for "ssh-keygen -L"; ok dtucker@
Upstream-ID: ecbadeeef3926e5be6281689b7250a32a80e88db
---
ssh-keygen.1 | 6 ++---
ssh-keygen.c | 73 ++++++++++++++++++++++++++++++++++++++++++++++--------------
2 files changed, 59 insertions(+), 20 deletions(-)
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index ffa946b..74b3124 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-keygen.1,v 1.128 2015/11/05 09:48:05 jmc Exp $
+.\" $OpenBSD: ssh-keygen.1,v 1.129 2015/11/13 04:34:15 djm Exp $
.\"
.\" Author: Tatu Ylonen <ylo at cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: November 5 2015 $
+.Dd $Mdocdate: November 13 2015 $
.Dt SSH-KEYGEN 1
.Os
.Sh NAME
@@ -376,7 +376,7 @@ using the format described in the
.Sx KEY REVOCATION LISTS
section.
.It Fl L
-Prints the contents of a certificate.
+Prints the contents of one or more certificates.
.It Fl l
Show fingerprint of specified public key file.
Private RSA1 keys are also supported.
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 4e0a855..f584620 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.277 2015/08/19 23:17:51 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.278 2015/11/13 04:34:15 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -1851,23 +1851,10 @@ show_options(struct sshbuf *optbuf, int in_critical)
}
static void
-do_show_cert(struct passwd *pw)
+print_cert(struct sshkey *key)
{
- struct sshkey *key;
- struct stat st;
char *key_fp, *ca_fp;
u_int i;
- int r;
-
- if (!have_identity)
- ask_filename(pw, "Enter file in which the key is");
- if (stat(identity_file, &st) < 0)
- fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
- if ((r = sshkey_load_public(identity_file, &key, NULL)) != 0)
- fatal("Cannot load public key \"%s\": %s",
- identity_file, ssh_err(r));
- if (!sshkey_is_cert(key))
- fatal("%s is not a certificate", identity_file);
key_fp = sshkey_fingerprint(key, fingerprint_hash, SSH_FP_DEFAULT);
ca_fp = sshkey_fingerprint(key->cert->signature_key,
@@ -1875,7 +1862,6 @@ do_show_cert(struct passwd *pw)
if (key_fp == NULL || ca_fp == NULL)
fatal("%s: sshkey_fingerprint fail", __func__);
- printf("%s:\n", identity_file);
printf(" Type: %s %s certificate\n", sshkey_ssh_name(key),
sshkey_cert_type(key));
printf(" Public key: %s %s\n", sshkey_type(key), key_fp);
@@ -1908,7 +1894,60 @@ do_show_cert(struct passwd *pw)
printf("\n");
show_options(key->cert->extensions, 0);
}
- exit(0);
+}
+
+static void
+do_show_cert(struct passwd *pw)
+{
+ struct sshkey *key = NULL;
+ struct stat st;
+ int r, is_stdin = 0, ok = 0;
+ FILE *f;
+ char *cp, line[2048];
+ const char *path;
+ long int lnum = 0;
+
+ if (!have_identity)
+ ask_filename(pw, "Enter file in which the key is");
+ if (strcmp(identity_file, "-") != 0 && stat(identity_file, &st) < 0)
+ fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
+
+ path = identity_file;
+ if (strcmp(path, "-") == 0) {
+ f = stdin;
+ path = "(stdin)";
+ is_stdin = 1;
+ } else if ((f = fopen(identity_file, "r")) == NULL)
+ fatal("fopen %s: %s", identity_file, strerror(errno));
+
+ while (read_keyfile_line(f, path, line, sizeof(line), &lnum) == 0) {
+ sshkey_free(key);
+ key = NULL;
+ /* Trim leading space and comments */
+ cp = line + strspn(line, " \t");
+ if (*cp == '#' || *cp == '\0')
+ continue;
+ if ((key = sshkey_new(KEY_UNSPEC)) == NULL)
+ fatal("key_new");
+ if ((r = sshkey_read(key, &cp)) != 0) {
+ error("%s:%lu: invalid key: %s", path,
+ lnum, ssh_err(r));
+ continue;
+ }
+ if (!sshkey_is_cert(key)) {
+ error("%s:%lu is not a certificate", path, lnum);
+ continue;
+ }
+ ok = 1;
+ if (!is_stdin && lnum == 1)
+ printf("%s:\n", path);
+ else
+ printf("%s:%lu:\n", path, lnum);
+ print_cert(key);
+ }
+ sshkey_free(key);
+ fclose(f);
+ exit(ok ? 0 : 1);
}
static void
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list