version 1.390, 2020/01/24 00:27:04 |
version 1.391, 2020/01/24 05:33:01 |
|
|
int r, ret = -1, sigfd = -1; |
int r, ret = -1, sigfd = -1; |
struct sshbuf *sigbuf = NULL, *abuf = NULL; |
struct sshbuf *sigbuf = NULL, *abuf = NULL; |
struct sshkey *sign_key = NULL; |
struct sshkey *sign_key = NULL; |
char *principals = NULL; |
char *principals = NULL, *cp, *tmp; |
|
|
if ((abuf = sshbuf_new()) == NULL) |
if ((abuf = sshbuf_new()) == NULL) |
fatal("%s: sshbuf_new() failed", __func__); |
fatal("%s: sshbuf_new() failed", __func__); |
|
|
ret = 0; |
ret = 0; |
done: |
done: |
if (ret == 0 ) { |
if (ret == 0 ) { |
printf("Found matching principal: %s\n", principals); |
/* Emit matching principals one per line */ |
|
tmp = principals; |
|
while ((cp = strsep(&tmp, ",")) != NULL && *cp != '\0') |
|
puts(cp); |
} else { |
} else { |
printf("Could not find matching principal.\n"); |
fprintf(stderr, "No principal matched.\n"); |
} |
} |
if (sigfd != -1) |
if (sigfd != -1) |
close(sigfd); |
close(sigfd); |
|
|
exit(1); |
exit(1); |
} |
} |
return sig_find_principals(ca_key_path, identity_file); |
return sig_find_principals(ca_key_path, identity_file); |
} |
} else if (strncmp(sign_op, "sign", 4) == 0) { |
if (cert_principals == NULL || *cert_principals == '\0') { |
if (cert_principals == NULL || |
error("Too few arguments for sign/verify: " |
*cert_principals == '\0') { |
"missing namespace"); |
error("Too few arguments for sign: " |
exit(1); |
"missing namespace"); |
} |
exit(1); |
if (strncmp(sign_op, "sign", 4) == 0) { |
} |
if (!have_identity) { |
if (!have_identity) { |
error("Too few arguments for sign: " |
error("Too few arguments for sign: " |
"missing key"); |
"missing key"); |
|
|
return sig_verify(ca_key_path, cert_principals, |
return sig_verify(ca_key_path, cert_principals, |
NULL, NULL, NULL); |
NULL, NULL, NULL); |
} else if (strncmp(sign_op, "verify", 6) == 0) { |
} else if (strncmp(sign_op, "verify", 6) == 0) { |
|
if (cert_principals == NULL || |
|
*cert_principals == '\0') { |
|
error("Too few arguments for verify: " |
|
"missing namespace"); |
|
exit(1); |
|
} |
if (ca_key_path == NULL) { |
if (ca_key_path == NULL) { |
error("Too few arguments for verify: " |
error("Too few arguments for verify: " |
"missing signature file"); |
"missing signature file"); |
|
|
return sig_verify(ca_key_path, cert_principals, |
return sig_verify(ca_key_path, cert_principals, |
cert_key_id, identity_file, rr_hostname); |
cert_key_id, identity_file, rr_hostname); |
} |
} |
|
error("Unsupported operation for -Y: \"%s\"", sign_op); |
usage(); |
usage(); |
/* NOTREACHED */ |
/* NOTREACHED */ |
} |
} |