version 1.257, 2015/01/18 21:51:19 |
version 1.261, 2015/01/30 01:10:33 |
|
|
fatal("%s: unknown key format %d", __func__, convert_format); |
fatal("%s: unknown key format %d", __func__, convert_format); |
} |
} |
|
|
if (!private) |
if (!private) { |
if ((r = sshkey_write(k, stdout)) == 0) |
if ((r = sshkey_write(k, stdout)) == 0) |
ok = 1; |
ok = 1; |
if (ok) |
if (ok) |
fprintf(stdout, "\n"); |
fprintf(stdout, "\n"); |
else { |
} else { |
switch (k->type) { |
switch (k->type) { |
case KEY_DSA: |
case KEY_DSA: |
ok = PEM_write_DSAPrivateKey(stdout, k->dsa, NULL, |
ok = PEM_write_DSAPrivateKey(stdout, k->dsa, NULL, |
|
|
fp = sshkey_fingerprint(keys[i], fptype, rep); |
fp = sshkey_fingerprint(keys[i], fptype, rep); |
ra = sshkey_fingerprint(keys[i], fingerprint_hash, |
ra = sshkey_fingerprint(keys[i], fingerprint_hash, |
SSH_FP_RANDOMART); |
SSH_FP_RANDOMART); |
|
if (fp == NULL || ra == NULL) |
|
fatal("%s: sshkey_fingerprint fail", __func__); |
printf("%u %s %s (PKCS11 key)\n", sshkey_size(keys[i]), |
printf("%u %s %s (PKCS11 key)\n", sshkey_size(keys[i]), |
fp, sshkey_type(keys[i])); |
fp, sshkey_type(keys[i])); |
if (log_level >= SYSLOG_LEVEL_VERBOSE) |
if (log_level >= SYSLOG_LEVEL_VERBOSE) |
|
|
fp = sshkey_fingerprint(public, fptype, rep); |
fp = sshkey_fingerprint(public, fptype, rep); |
ra = sshkey_fingerprint(public, fingerprint_hash, |
ra = sshkey_fingerprint(public, fingerprint_hash, |
SSH_FP_RANDOMART); |
SSH_FP_RANDOMART); |
|
if (fp == NULL || ra == NULL) |
|
fatal("%s: sshkey_fingerprint fail", __func__); |
printf("%u %s %s (%s)\n", sshkey_size(public), fp, comment, |
printf("%u %s %s (%s)\n", sshkey_size(public), fp, comment, |
sshkey_type(public)); |
sshkey_type(public)); |
if (log_level >= SYSLOG_LEVEL_VERBOSE) |
if (log_level >= SYSLOG_LEVEL_VERBOSE) |
|
|
fp = sshkey_fingerprint(public, fptype, rep); |
fp = sshkey_fingerprint(public, fptype, rep); |
ra = sshkey_fingerprint(public, fingerprint_hash, |
ra = sshkey_fingerprint(public, fingerprint_hash, |
SSH_FP_RANDOMART); |
SSH_FP_RANDOMART); |
|
if (fp == NULL || ra == NULL) |
|
fatal("%s: sshkey_fingerprint fail", __func__); |
printf("%u %s %s (%s)\n", sshkey_size(public), fp, |
printf("%u %s %s (%s)\n", sshkey_size(public), fp, |
comment ? comment : "no comment", sshkey_type(public)); |
comment ? comment : "no comment", sshkey_type(public)); |
if (log_level >= SYSLOG_LEVEL_VERBOSE) |
if (log_level >= SYSLOG_LEVEL_VERBOSE) |
|
|
static void |
static void |
do_known_hosts(struct passwd *pw, const char *name) |
do_known_hosts(struct passwd *pw, const char *name) |
{ |
{ |
char *cp, tmp[MAXPATHLEN], old[MAXPATHLEN]; |
char *cp, tmp[PATH_MAX], old[PATH_MAX]; |
int r, fd, oerrno, inplace = 0; |
int r, fd, oerrno, inplace = 0; |
struct known_hosts_ctx ctx; |
struct known_hosts_ctx ctx; |
|
|
|
|
key_fp = sshkey_fingerprint(key, fingerprint_hash, SSH_FP_DEFAULT); |
key_fp = sshkey_fingerprint(key, fingerprint_hash, SSH_FP_DEFAULT); |
ca_fp = sshkey_fingerprint(key->cert->signature_key, |
ca_fp = sshkey_fingerprint(key->cert->signature_key, |
fingerprint_hash, SSH_FP_DEFAULT); |
fingerprint_hash, SSH_FP_DEFAULT); |
|
if (key_fp == NULL || ca_fp == NULL) |
|
fatal("%s: sshkey_fingerprint fail", __func__); |
|
|
printf("%s:\n", identity_file); |
printf("%s:\n", identity_file); |
printf(" Type: %s %s certificate\n", sshkey_ssh_name(key), |
printf(" Type: %s %s certificate\n", sshkey_ssh_name(key), |
|
|
} |
} |
|
|
static void |
static void |
update_krl_from_file(struct passwd *pw, const char *file, |
update_krl_from_file(struct passwd *pw, const char *file, int wild_ca, |
const struct sshkey *ca, struct ssh_krl *krl) |
const struct sshkey *ca, struct ssh_krl *krl) |
{ |
{ |
struct sshkey *key = NULL; |
struct sshkey *key = NULL; |
|
|
if (*cp == '\0') |
if (*cp == '\0') |
continue; |
continue; |
if (strncasecmp(cp, "serial:", 7) == 0) { |
if (strncasecmp(cp, "serial:", 7) == 0) { |
if (ca == NULL) { |
if (ca == NULL && !wild_ca) { |
fatal("revoking certificates by serial number " |
fatal("revoking certificates by serial number " |
"requires specification of a CA key"); |
"requires specification of a CA key"); |
} |
} |
|
|
__func__); |
__func__); |
} |
} |
} else if (strncasecmp(cp, "id:", 3) == 0) { |
} else if (strncasecmp(cp, "id:", 3) == 0) { |
if (ca == NULL) { |
if (ca == NULL && !wild_ca) { |
fatal("revoking certificates by key ID " |
fatal("revoking certificates by key ID " |
"requires specification of a CA key"); |
"requires specification of a CA key"); |
} |
} |
|
|
struct ssh_krl *krl; |
struct ssh_krl *krl; |
struct stat sb; |
struct stat sb; |
struct sshkey *ca = NULL; |
struct sshkey *ca = NULL; |
int fd, i, r; |
int fd, i, r, wild_ca = 0; |
char *tmp; |
char *tmp; |
struct sshbuf *kbuf; |
struct sshbuf *kbuf; |
|
|
|
|
fatal("KRL \"%s\" does not exist", identity_file); |
fatal("KRL \"%s\" does not exist", identity_file); |
} |
} |
if (ca_key_path != NULL) { |
if (ca_key_path != NULL) { |
tmp = tilde_expand_filename(ca_key_path, pw->pw_uid); |
if (strcasecmp(ca_key_path, "none") == 0) |
if ((r = sshkey_load_public(tmp, &ca, NULL)) != 0) |
wild_ca = 1; |
fatal("Cannot load CA public key %s: %s", |
else { |
tmp, ssh_err(r)); |
tmp = tilde_expand_filename(ca_key_path, pw->pw_uid); |
free(tmp); |
if ((r = sshkey_load_public(tmp, &ca, NULL)) != 0) |
|
fatal("Cannot load CA public key %s: %s", |
|
tmp, ssh_err(r)); |
|
free(tmp); |
|
} |
} |
} |
|
|
if (updating) |
if (updating) |
|
|
ssh_krl_set_comment(krl, identity_comment); |
ssh_krl_set_comment(krl, identity_comment); |
|
|
for (i = 0; i < argc; i++) |
for (i = 0; i < argc; i++) |
update_krl_from_file(pw, argv[i], ca, krl); |
update_krl_from_file(pw, argv[i], wild_ca, ca, krl); |
|
|
if ((kbuf = sshbuf_new()) == NULL) |
if ((kbuf = sshbuf_new()) == NULL) |
fatal("sshbuf_new failed"); |
fatal("sshbuf_new failed"); |
|
|
{ |
{ |
char dotsshdir[PATH_MAX], comment[1024], *passphrase1, *passphrase2; |
char dotsshdir[PATH_MAX], comment[1024], *passphrase1, *passphrase2; |
char *checkpoint = NULL; |
char *checkpoint = NULL; |
char out_file[PATH_MAX], *rr_hostname = NULL, *ep; |
char out_file[PATH_MAX], *rr_hostname = NULL, *ep, *fp, *ra; |
struct sshkey *private, *public; |
struct sshkey *private, *public; |
struct passwd *pw; |
struct passwd *pw; |
struct stat st; |
struct stat st; |
|
|
fclose(f); |
fclose(f); |
|
|
if (!quiet) { |
if (!quiet) { |
char *fp = sshkey_fingerprint(public, fingerprint_hash, |
fp = sshkey_fingerprint(public, fingerprint_hash, |
SSH_FP_DEFAULT); |
SSH_FP_DEFAULT); |
char *ra = sshkey_fingerprint(public, fingerprint_hash, |
ra = sshkey_fingerprint(public, fingerprint_hash, |
SSH_FP_RANDOMART); |
SSH_FP_RANDOMART); |
|
if (fp == NULL || ra == NULL) |
|
fatal("sshkey_fingerprint failed"); |
printf("Your public key has been saved in %s.\n", |
printf("Your public key has been saved in %s.\n", |
identity_file); |
identity_file); |
printf("The key fingerprint is:\n"); |
printf("The key fingerprint is:\n"); |