| version 1.274, 2015/05/28 07:37:31 |
version 1.275, 2015/07/03 03:43:18 |
|
|
| name = _PATH_SSH_CLIENT_IDENTITY; |
name = _PATH_SSH_CLIENT_IDENTITY; |
| break; |
break; |
| case KEY_DSA_CERT: |
case KEY_DSA_CERT: |
| case KEY_DSA_CERT_V00: |
|
| case KEY_DSA: |
case KEY_DSA: |
| name = _PATH_SSH_CLIENT_ID_DSA; |
name = _PATH_SSH_CLIENT_ID_DSA; |
| break; |
break; |
|
|
| name = _PATH_SSH_CLIENT_ID_ECDSA; |
name = _PATH_SSH_CLIENT_ID_ECDSA; |
| break; |
break; |
| case KEY_RSA_CERT: |
case KEY_RSA_CERT: |
| case KEY_RSA_CERT_V00: |
|
| case KEY_RSA: |
case KEY_RSA: |
| name = _PATH_SSH_CLIENT_ID_RSA; |
name = _PATH_SSH_CLIENT_ID_RSA; |
| break; |
break; |
|
|
| struct sshkey *ca, *public; |
struct sshkey *ca, *public; |
| char *otmp, *tmp, *cp, *out, *comment, **plist = NULL; |
char *otmp, *tmp, *cp, *out, *comment, **plist = NULL; |
| FILE *f; |
FILE *f; |
| int v00 = 0; /* legacy keys */ |
|
| |
|
| if (key_type_name != NULL) { |
|
| switch (sshkey_type_from_name(key_type_name)) { |
|
| case KEY_RSA_CERT_V00: |
|
| case KEY_DSA_CERT_V00: |
|
| v00 = 1; |
|
| break; |
|
| case KEY_UNSPEC: |
|
| if (strcasecmp(key_type_name, "v00") == 0) { |
|
| v00 = 1; |
|
| break; |
|
| } else if (strcasecmp(key_type_name, "v01") == 0) |
|
| break; |
|
| /* FALLTHROUGH */ |
|
| default: |
|
| fatal("unknown key type %s", key_type_name); |
|
| } |
|
| } |
|
| |
|
| #ifdef ENABLE_PKCS11 |
#ifdef ENABLE_PKCS11 |
| pkcs11_init(1); |
pkcs11_init(1); |
| #endif |
#endif |
|
|
| __func__, tmp, sshkey_type(public)); |
__func__, tmp, sshkey_type(public)); |
| |
|
| /* Prepare certificate to sign */ |
/* Prepare certificate to sign */ |
| if ((r = sshkey_to_certified(public, v00)) != 0) |
if ((r = sshkey_to_certified(public)) != 0) |
| fatal("Could not upgrade key %s to certificate: %s", |
fatal("Could not upgrade key %s to certificate: %s", |
| tmp, ssh_err(r)); |
tmp, ssh_err(r)); |
| public->cert->type = cert_key_type; |
public->cert->type = cert_key_type; |
|
|
| public->cert->principals = plist; |
public->cert->principals = plist; |
| public->cert->valid_after = cert_valid_from; |
public->cert->valid_after = cert_valid_from; |
| public->cert->valid_before = cert_valid_to; |
public->cert->valid_before = cert_valid_to; |
| if (v00) { |
prepare_options_buf(public->cert->critical, OPTIONS_CRITICAL); |
| prepare_options_buf(public->cert->critical, |
prepare_options_buf(public->cert->extensions, |
| OPTIONS_CRITICAL|OPTIONS_EXTENSIONS); |
OPTIONS_EXTENSIONS); |
| } else { |
|
| prepare_options_buf(public->cert->critical, |
|
| OPTIONS_CRITICAL); |
|
| prepare_options_buf(public->cert->extensions, |
|
| OPTIONS_EXTENSIONS); |
|
| } |
|
| if ((r = sshkey_from_private(ca, |
if ((r = sshkey_from_private(ca, |
| &public->cert->signature_key)) != 0) |
&public->cert->signature_key)) != 0) |
| fatal("key_from_private (ca key): %s", ssh_err(r)); |
fatal("key_from_private (ca key): %s", ssh_err(r)); |
|
|
| } |
} |
| |
|
| static void |
static void |
| show_options(struct sshbuf *optbuf, int v00, int in_critical) |
show_options(struct sshbuf *optbuf, int in_critical) |
| { |
{ |
| char *name, *arg; |
char *name, *arg; |
| struct sshbuf *options, *option = NULL; |
struct sshbuf *options, *option = NULL; |
|
|
| (r = sshbuf_froms(options, &option)) != 0) |
(r = sshbuf_froms(options, &option)) != 0) |
| fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
| printf(" %s", name); |
printf(" %s", name); |
| if ((v00 || !in_critical) && |
if (!in_critical && |
| (strcmp(name, "permit-X11-forwarding") == 0 || |
(strcmp(name, "permit-X11-forwarding") == 0 || |
| strcmp(name, "permit-agent-forwarding") == 0 || |
strcmp(name, "permit-agent-forwarding") == 0 || |
| strcmp(name, "permit-port-forwarding") == 0 || |
strcmp(name, "permit-port-forwarding") == 0 || |
| strcmp(name, "permit-pty") == 0 || |
strcmp(name, "permit-pty") == 0 || |
| strcmp(name, "permit-user-rc") == 0)) |
strcmp(name, "permit-user-rc") == 0)) |
| printf("\n"); |
printf("\n"); |
| else if ((v00 || in_critical) && |
else if (in_critical && |
| (strcmp(name, "force-command") == 0 || |
(strcmp(name, "force-command") == 0 || |
| strcmp(name, "source-address") == 0)) { |
strcmp(name, "source-address") == 0)) { |
| if ((r = sshbuf_get_cstring(option, &arg, NULL)) != 0) |
if ((r = sshbuf_get_cstring(option, &arg, NULL)) != 0) |
|
|
| struct sshkey *key; |
struct sshkey *key; |
| struct stat st; |
struct stat st; |
| char *key_fp, *ca_fp; |
char *key_fp, *ca_fp; |
| u_int i, v00; |
u_int i; |
| int r; |
int r; |
| |
|
| if (!have_identity) |
if (!have_identity) |
|
|
| identity_file, ssh_err(r)); |
identity_file, ssh_err(r)); |
| if (!sshkey_is_cert(key)) |
if (!sshkey_is_cert(key)) |
| fatal("%s is not a certificate", identity_file); |
fatal("%s is not a certificate", identity_file); |
| v00 = key->type == KEY_RSA_CERT_V00 || key->type == KEY_DSA_CERT_V00; |
|
| |
|
| key_fp = sshkey_fingerprint(key, fingerprint_hash, SSH_FP_DEFAULT); |
key_fp = sshkey_fingerprint(key, fingerprint_hash, SSH_FP_DEFAULT); |
| ca_fp = sshkey_fingerprint(key->cert->signature_key, |
ca_fp = sshkey_fingerprint(key->cert->signature_key, |
|
|
| printf(" Signing CA: %s %s\n", |
printf(" Signing CA: %s %s\n", |
| sshkey_type(key->cert->signature_key), ca_fp); |
sshkey_type(key->cert->signature_key), ca_fp); |
| printf(" Key ID: \"%s\"\n", key->cert->key_id); |
printf(" Key ID: \"%s\"\n", key->cert->key_id); |
| if (!v00) { |
printf(" Serial: %llu\n", (unsigned long long)key->cert->serial); |
| printf(" Serial: %llu\n", |
|
| (unsigned long long)key->cert->serial); |
|
| } |
|
| printf(" Valid: %s\n", |
printf(" Valid: %s\n", |
| fmt_validity(key->cert->valid_after, key->cert->valid_before)); |
fmt_validity(key->cert->valid_after, key->cert->valid_before)); |
| printf(" Principals: "); |
printf(" Principals: "); |
|
|
| printf("(none)\n"); |
printf("(none)\n"); |
| else { |
else { |
| printf("\n"); |
printf("\n"); |
| show_options(key->cert->critical, v00, 1); |
show_options(key->cert->critical, 1); |
| } |
} |
| if (!v00) { |
printf(" Extensions: "); |
| printf(" Extensions: "); |
if (sshbuf_len(key->cert->extensions) == 0) |
| if (sshbuf_len(key->cert->extensions) == 0) |
printf("(none)\n"); |
| printf("(none)\n"); |
else { |
| else { |
printf("\n"); |
| printf("\n"); |
show_options(key->cert->extensions, 0); |
| show_options(key->cert->extensions, v00, 0); |
|
| } |
|
| } |
} |
| exit(0); |
exit(0); |
| } |
} |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-keygen.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh