version 1.95, 2010/04/16 01:47:26 |
version 1.96, 2010/05/14 00:47:22 |
|
|
"Lifetime set to %d seconds\n", lifetime); |
"Lifetime set to %d seconds\n", lifetime); |
if (confirm != 0) |
if (confirm != 0) |
fprintf(stderr, |
fprintf(stderr, |
"The user has to confirm each use of the key\n"); |
"The user must confirm each use of the key\n"); |
} else { |
} else { |
fprintf(stderr, "Could not add identity: %s\n", filename); |
fprintf(stderr, "Could not add identity: %s\n", filename); |
} |
} |
|
|
|
|
/* Now try to add the certificate flavour too */ |
/* Now try to add the certificate flavour too */ |
xasprintf(&certpath, "%s-cert.pub", filename); |
xasprintf(&certpath, "%s-cert.pub", filename); |
if ((cert = key_load_public(certpath, NULL)) != NULL) { |
if ((cert = key_load_public(certpath, NULL)) == NULL) |
/* Graft with private bits */ |
goto out; |
if (key_to_certified(private, key_cert_is_legacy(cert)) != 0) |
|
fatal("%s: key_to_certified failed", __func__); |
if (!key_equal_public(cert, private)) { |
key_cert_copy(cert, private); |
error("Certificate %s does not match private key %s", |
|
certpath, filename); |
key_free(cert); |
key_free(cert); |
|
goto out; |
|
} |
|
|
if (ssh_add_identity_constrained(ac, private, comment, |
/* Graft with private bits */ |
lifetime, confirm)) { |
if (key_to_certified(private, key_cert_is_legacy(cert)) != 0) { |
fprintf(stderr, "Certificate added: %s (%s)\n", |
error("%s: key_to_certified failed", __func__); |
certpath, private->cert->key_id); |
key_free(cert); |
if (lifetime != 0) |
goto out; |
fprintf(stderr, "Lifetime set to %d seconds\n", |
|
lifetime); |
|
if (confirm != 0) |
|
fprintf(stderr, "The user has to confirm each " |
|
"use of the key\n"); |
|
} else { |
|
error("Certificate %s (%s) add failed", certpath, |
|
private->cert->key_id); |
|
} |
|
} |
} |
|
key_cert_copy(cert, private); |
|
key_free(cert); |
|
|
|
if (!ssh_add_identity_constrained(ac, private, comment, |
|
lifetime, confirm)) { |
|
error("Certificate %s (%s) add failed", certpath, |
|
private->cert->key_id); |
|
} |
|
fprintf(stderr, "Certificate added: %s (%s)\n", certpath, |
|
private->cert->key_id); |
|
if (lifetime != 0) |
|
fprintf(stderr, "Lifetime set to %d seconds\n", lifetime); |
|
if (confirm != 0) |
|
fprintf(stderr, "The user must confirm each use of the key\n"); |
|
out: |
xfree(certpath); |
xfree(certpath); |
xfree(comment); |
xfree(comment); |
key_free(private); |
key_free(private); |