[openssh-commits] [openssh] 05/11: upstream: minor tweaks to ssh-keygen -Y find-principals:
git+noreply at mindrot.org
git+noreply at mindrot.org
Sat Jan 25 11:36:31 AEDT 2020
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit d15c8adf2c6f1a6b4845131074383eb9c3d05c3d
Author: djm at openbsd.org <djm at openbsd.org>
Date: Fri Jan 24 05:33:01 2020 +0000
upstream: minor tweaks to ssh-keygen -Y find-principals:
emit matched principals one per line to stdout rather than as comma-
separated and with a free-text preamble (easy confusion opportunity)
emit "not found" error to stderr
fix up argument testing for -Y operations and improve error message for
unsupported operations
OpenBSD-Commit-ID: 3d9c9a671ab07fc04a48f543edfa85eae77da69c
---
ssh-keygen.c | 32 +++++++++++++++++++++-----------
1 file changed, 21 insertions(+), 11 deletions(-)
diff --git a/ssh-keygen.c b/ssh-keygen.c
index f2192edb..2c9f6786 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.390 2020/01/24 00:27:04 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.391 2020/01/24 05:33:01 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -2774,7 +2774,7 @@ sig_find_principals(const char *signature, const char *allowed_keys) {
int r, ret = -1, sigfd = -1;
struct sshbuf *sigbuf = NULL, *abuf = NULL;
struct sshkey *sign_key = NULL;
- char *principals = NULL;
+ char *principals = NULL, *cp, *tmp;
if ((abuf = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new() failed", __func__);
@@ -2806,9 +2806,12 @@ sig_find_principals(const char *signature, const char *allowed_keys) {
ret = 0;
done:
if (ret == 0 ) {
- printf("Found matching principal: %s\n", principals);
+ /* Emit matching principals one per line */
+ tmp = principals;
+ while ((cp = strsep(&tmp, ",")) != NULL && *cp != '\0')
+ puts(cp);
} else {
- printf("Could not find matching principal.\n");
+ fprintf(stderr, "No principal matched.\n");
}
if (sigfd != -1)
close(sigfd);
@@ -3380,13 +3383,13 @@ main(int argc, char **argv)
exit(1);
}
return sig_find_principals(ca_key_path, identity_file);
- }
- if (cert_principals == NULL || *cert_principals == '\0') {
- error("Too few arguments for sign/verify: "
- "missing namespace");
- exit(1);
- }
- if (strncmp(sign_op, "sign", 4) == 0) {
+ } else if (strncmp(sign_op, "sign", 4) == 0) {
+ if (cert_principals == NULL ||
+ *cert_principals == '\0') {
+ error("Too few arguments for sign: "
+ "missing namespace");
+ exit(1);
+ }
if (!have_identity) {
error("Too few arguments for sign: "
"missing key");
@@ -3403,6 +3406,12 @@ main(int argc, char **argv)
return sig_verify(ca_key_path, cert_principals,
NULL, NULL, NULL);
} else if (strncmp(sign_op, "verify", 6) == 0) {
+ if (cert_principals == NULL ||
+ *cert_principals == '\0') {
+ error("Too few arguments for verify: "
+ "missing namespace");
+ exit(1);
+ }
if (ca_key_path == NULL) {
error("Too few arguments for verify: "
"missing signature file");
@@ -3421,6 +3430,7 @@ main(int argc, char **argv)
return sig_verify(ca_key_path, cert_principals,
cert_key_id, identity_file, rr_hostname);
}
+ error("Unsupported operation for -Y: \"%s\"", sign_op);
usage();
/* NOTREACHED */
}
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list