version 1.260, 2015/01/30 00:59:19 |
version 1.261, 2015/01/30 01:10:33 |
|
|
} |
} |
|
|
static void |
static void |
update_krl_from_file(struct passwd *pw, const char *file, |
update_krl_from_file(struct passwd *pw, const char *file, int wild_ca, |
const struct sshkey *ca, struct ssh_krl *krl) |
const struct sshkey *ca, struct ssh_krl *krl) |
{ |
{ |
struct sshkey *key = NULL; |
struct sshkey *key = NULL; |
|
|
if (*cp == '\0') |
if (*cp == '\0') |
continue; |
continue; |
if (strncasecmp(cp, "serial:", 7) == 0) { |
if (strncasecmp(cp, "serial:", 7) == 0) { |
if (ca == NULL) { |
if (ca == NULL && !wild_ca) { |
fatal("revoking certificates by serial number " |
fatal("revoking certificates by serial number " |
"requires specification of a CA key"); |
"requires specification of a CA key"); |
} |
} |
|
|
__func__); |
__func__); |
} |
} |
} else if (strncasecmp(cp, "id:", 3) == 0) { |
} else if (strncasecmp(cp, "id:", 3) == 0) { |
if (ca == NULL) { |
if (ca == NULL && !wild_ca) { |
fatal("revoking certificates by key ID " |
fatal("revoking certificates by key ID " |
"requires specification of a CA key"); |
"requires specification of a CA key"); |
} |
} |
|
|
struct ssh_krl *krl; |
struct ssh_krl *krl; |
struct stat sb; |
struct stat sb; |
struct sshkey *ca = NULL; |
struct sshkey *ca = NULL; |
int fd, i, r; |
int fd, i, r, wild_ca = 0; |
char *tmp; |
char *tmp; |
struct sshbuf *kbuf; |
struct sshbuf *kbuf; |
|
|
|
|
fatal("KRL \"%s\" does not exist", identity_file); |
fatal("KRL \"%s\" does not exist", identity_file); |
} |
} |
if (ca_key_path != NULL) { |
if (ca_key_path != NULL) { |
tmp = tilde_expand_filename(ca_key_path, pw->pw_uid); |
if (strcasecmp(ca_key_path, "none") == 0) |
if ((r = sshkey_load_public(tmp, &ca, NULL)) != 0) |
wild_ca = 1; |
fatal("Cannot load CA public key %s: %s", |
else { |
tmp, ssh_err(r)); |
tmp = tilde_expand_filename(ca_key_path, pw->pw_uid); |
free(tmp); |
if ((r = sshkey_load_public(tmp, &ca, NULL)) != 0) |
|
fatal("Cannot load CA public key %s: %s", |
|
tmp, ssh_err(r)); |
|
free(tmp); |
|
} |
} |
} |
|
|
if (updating) |
if (updating) |
|
|
ssh_krl_set_comment(krl, identity_comment); |
ssh_krl_set_comment(krl, identity_comment); |
|
|
for (i = 0; i < argc; i++) |
for (i = 0; i < argc; i++) |
update_krl_from_file(pw, argv[i], ca, krl); |
update_krl_from_file(pw, argv[i], wild_ca, ca, krl); |
|
|
if ((kbuf = sshbuf_new()) == NULL) |
if ((kbuf = sshbuf_new()) == NULL) |
fatal("sshbuf_new failed"); |
fatal("sshbuf_new failed"); |