| version 1.392, 2020/01/25 00:03:36 |
version 1.393, 2020/01/25 23:02:13 |
|
|
| load_krl(const char *path, struct ssh_krl **krlp) |
load_krl(const char *path, struct ssh_krl **krlp) |
| { |
{ |
| struct sshbuf *krlbuf; |
struct sshbuf *krlbuf; |
| int r, fd; |
int r; |
| |
|
| if ((krlbuf = sshbuf_new()) == NULL) |
if ((r = sshbuf_load_file(path, &krlbuf)) != 0) |
| fatal("sshbuf_new failed"); |
|
| if ((fd = open(path, O_RDONLY)) == -1) |
|
| fatal("open %s: %s", path, strerror(errno)); |
|
| if ((r = sshkey_load_file(fd, krlbuf)) != 0) |
|
| fatal("Unable to load KRL: %s", ssh_err(r)); |
fatal("Unable to load KRL: %s", ssh_err(r)); |
| close(fd); |
|
| /* XXX check sigs */ |
/* XXX check sigs */ |
| if ((r = ssh_krl_from_blob(krlbuf, krlp, NULL, 0)) != 0 || |
if ((r = ssh_krl_from_blob(krlbuf, krlp, NULL, 0)) != 0 || |
| *krlp == NULL) |
*krlp == NULL) |
|
|
| struct ssh_krl *krl; |
struct ssh_krl *krl; |
| struct stat sb; |
struct stat sb; |
| struct sshkey *ca = NULL; |
struct sshkey *ca = NULL; |
| int fd, i, r, wild_ca = 0; |
int i, r, wild_ca = 0; |
| char *tmp; |
char *tmp; |
| struct sshbuf *kbuf; |
struct sshbuf *kbuf; |
| |
|
|
|
| fatal("sshbuf_new failed"); |
fatal("sshbuf_new failed"); |
| if (ssh_krl_to_blob(krl, kbuf, NULL, 0) != 0) |
if (ssh_krl_to_blob(krl, kbuf, NULL, 0) != 0) |
| fatal("Couldn't generate KRL"); |
fatal("Couldn't generate KRL"); |
| if ((fd = open(identity_file, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1) |
if ((r = sshbuf_write_file(identity_file, kbuf)) != 0) |
| fatal("open %s: %s", identity_file, strerror(errno)); |
|
| if (atomicio(vwrite, fd, sshbuf_mutable_ptr(kbuf), sshbuf_len(kbuf)) != |
|
| sshbuf_len(kbuf)) |
|
| fatal("write %s: %s", identity_file, strerror(errno)); |
fatal("write %s: %s", identity_file, strerror(errno)); |
| close(fd); |
|
| sshbuf_free(kbuf); |
sshbuf_free(kbuf); |
| ssh_krl_free(krl); |
ssh_krl_free(krl); |
| sshkey_free(ca); |
sshkey_free(ca); |
|
|
| sig_verify(const char *signature, const char *sig_namespace, |
sig_verify(const char *signature, const char *sig_namespace, |
| const char *principal, const char *allowed_keys, const char *revoked_keys) |
const char *principal, const char *allowed_keys, const char *revoked_keys) |
| { |
{ |
| int r, ret = -1, sigfd = -1; |
int r, ret = -1; |
| struct sshbuf *sigbuf = NULL, *abuf = NULL; |
struct sshbuf *sigbuf = NULL, *abuf = NULL; |
| struct sshkey *sign_key = NULL; |
struct sshkey *sign_key = NULL; |
| char *fp = NULL; |
char *fp = NULL; |
| struct sshkey_sig_details *sig_details = NULL; |
struct sshkey_sig_details *sig_details = NULL; |
| |
|
| memset(&sig_details, 0, sizeof(sig_details)); |
memset(&sig_details, 0, sizeof(sig_details)); |
| if ((abuf = sshbuf_new()) == NULL) |
if ((r = sshbuf_load_file(signature, &abuf)) != 0) { |
| fatal("%s: sshbuf_new() failed", __func__); |
|
| |
|
| if ((sigfd = open(signature, O_RDONLY)) < 0) { |
|
| error("Couldn't open signature file %s", signature); |
|
| goto done; |
|
| } |
|
| |
|
| if ((r = sshkey_load_file(sigfd, abuf)) != 0) { |
|
| error("Couldn't read signature file: %s", ssh_err(r)); |
error("Couldn't read signature file: %s", ssh_err(r)); |
| goto done; |
goto done; |
| } |
} |
| |
|
| if ((r = sshsig_dearmor(abuf, &sigbuf)) != 0) { |
if ((r = sshsig_dearmor(abuf, &sigbuf)) != 0) { |
| error("%s: sshsig_armor: %s", __func__, ssh_err(r)); |
error("%s: sshsig_armor: %s", __func__, ssh_err(r)); |
| goto done; |
goto done; |
|
|
| printf("Could not verify signature.\n"); |
printf("Could not verify signature.\n"); |
| } |
} |
| } |
} |
| if (sigfd != -1) |
|
| close(sigfd); |
|
| sshbuf_free(sigbuf); |
sshbuf_free(sigbuf); |
| sshbuf_free(abuf); |
sshbuf_free(abuf); |
| sshkey_free(sign_key); |
sshkey_free(sign_key); |
|
|
| |
|
| static int |
static int |
| sig_find_principals(const char *signature, const char *allowed_keys) { |
sig_find_principals(const char *signature, const char *allowed_keys) { |
| int r, ret = -1, sigfd = -1; |
int r, ret = -1; |
| struct sshbuf *sigbuf = NULL, *abuf = NULL; |
struct sshbuf *sigbuf = NULL, *abuf = NULL; |
| struct sshkey *sign_key = NULL; |
struct sshkey *sign_key = NULL; |
| char *principals = NULL, *cp, *tmp; |
char *principals = NULL, *cp, *tmp; |
| |
|
| if ((abuf = sshbuf_new()) == NULL) |
if ((r = sshbuf_load_file(signature, &abuf)) != 0) { |
| fatal("%s: sshbuf_new() failed", __func__); |
|
| |
|
| if ((sigfd = open(signature, O_RDONLY)) < 0) { |
|
| error("Couldn't open signature file %s", signature); |
|
| goto done; |
|
| } |
|
| |
|
| if ((r = sshkey_load_file(sigfd, abuf)) != 0) { |
|
| error("Couldn't read signature file: %s", ssh_err(r)); |
error("Couldn't read signature file: %s", ssh_err(r)); |
| goto done; |
goto done; |
| } |
} |
|
|
| } else { |
} else { |
| fprintf(stderr, "No principal matched.\n"); |
fprintf(stderr, "No principal matched.\n"); |
| } |
} |
| if (sigfd != -1) |
|
| close(sigfd); |
|
| sshbuf_free(sigbuf); |
sshbuf_free(sigbuf); |
| sshbuf_free(abuf); |
sshbuf_free(abuf); |
| sshkey_free(sign_key); |
sshkey_free(sign_key); |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-keygen.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh