[openssh-commits] [openssh] 02/10: upstream commit
git+noreply at mindrot.org
git+noreply at mindrot.org
Mon Jun 6 11:36:57 AEST 2016
This is an automated email from the git hooks/post-receive script.
dtucker pushed a commit to branch master
in repository openssh.
commit 82f24c3ddc52053aeb7beb3332fa94c92014b0c5
Author: djm at openbsd.org <djm at openbsd.org>
Date: Mon May 23 23:30:50 2016 +0000
upstream commit
prefer agent-hosted keys to keys from PKCS#11; ok markus
Upstream-ID: 7417f7653d58d6306d9f8c08d0263d050e2fd8f4
---
sshconnect2.c | 48 ++++++++++++++++++++++++------------------------
1 file changed, 24 insertions(+), 24 deletions(-)
diff --git a/sshconnect2.c b/sshconnect2.c
index 945471f..c0814e5 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.243 2016/05/02 10:26:04 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.244 2016/05/23 23:30:50 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -1299,29 +1299,6 @@ pubkey_prepare(Authctxt *authctxt)
id->userprovided = options.identity_file_userprovided[i];
TAILQ_INSERT_TAIL(&files, id, next);
}
- /* Prefer PKCS11 keys that are explicitly listed */
- TAILQ_FOREACH_SAFE(id, &files, next, tmp) {
- if (id->key == NULL || (id->key->flags & SSHKEY_FLAG_EXT) == 0)
- continue;
- found = 0;
- TAILQ_FOREACH(id2, &files, next) {
- if (id2->key == NULL ||
- (id2->key->flags & SSHKEY_FLAG_EXT) == 0)
- continue;
- if (sshkey_equal(id->key, id2->key)) {
- TAILQ_REMOVE(&files, id, next);
- TAILQ_INSERT_TAIL(preferred, id, next);
- found = 1;
- break;
- }
- }
- /* If IdentitiesOnly set and key not found then don't use it */
- if (!found && options.identities_only) {
- TAILQ_REMOVE(&files, id, next);
- explicit_bzero(id, sizeof(*id));
- free(id);
- }
- }
/* list of certificates specified by user */
for (i = 0; i < options.num_certificate_files; i++) {
key = options.certificates[i];
@@ -1380,6 +1357,29 @@ pubkey_prepare(Authctxt *authctxt)
}
authctxt->agent_fd = agent_fd;
}
+ /* Prefer PKCS11 keys that are explicitly listed */
+ TAILQ_FOREACH_SAFE(id, &files, next, tmp) {
+ if (id->key == NULL || (id->key->flags & SSHKEY_FLAG_EXT) == 0)
+ continue;
+ found = 0;
+ TAILQ_FOREACH(id2, &files, next) {
+ if (id2->key == NULL ||
+ (id2->key->flags & SSHKEY_FLAG_EXT) == 0)
+ continue;
+ if (sshkey_equal(id->key, id2->key)) {
+ TAILQ_REMOVE(&files, id, next);
+ TAILQ_INSERT_TAIL(preferred, id, next);
+ found = 1;
+ break;
+ }
+ }
+ /* If IdentitiesOnly set and key not found then don't use it */
+ if (!found && options.identities_only) {
+ TAILQ_REMOVE(&files, id, next);
+ explicit_bzero(id, sizeof(*id));
+ free(id);
+ }
+ }
/* append remaining keys from the config file */
for (id = TAILQ_FIRST(&files); id; id = TAILQ_FIRST(&files)) {
TAILQ_REMOVE(&files, id, next);
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list