version 1.440, 2021/10/29 03:20:46 |
version 1.441, 2021/11/27 07:14:46 |
|
|
return ret; |
return ret; |
} |
} |
|
|
|
static int |
|
sig_match_principals(const char *allowed_keys, char *principal, |
|
char * const *opts, size_t nopts) |
|
{ |
|
int r; |
|
char **principals = NULL; |
|
size_t i, nprincipals = 0; |
|
|
|
if ((r = sig_process_opts(opts, nopts, NULL, NULL)) != 0) |
|
return r; /* error already logged */ |
|
|
|
if ((r = sshsig_match_principals(allowed_keys, principal, |
|
&principals, &nprincipals)) != 0) { |
|
debug_f("match: %s", ssh_err(r)); |
|
fprintf(stderr, "No principal matched.\n"); |
|
return r; |
|
} |
|
for (i = 0; i < nprincipals; i++) { |
|
printf("%s\n", principals[i]); |
|
free(principals[i]); |
|
} |
|
free(principals); |
|
|
|
return 0; |
|
} |
|
|
static void |
static void |
do_moduli_gen(const char *out_file, char **opts, size_t nopts) |
do_moduli_gen(const char *out_file, char **opts, size_t nopts) |
{ |
{ |
|
|
" file ...\n" |
" file ...\n" |
" ssh-keygen -Q [-l] -f krl_file [file ...]\n" |
" ssh-keygen -Q [-l] -f krl_file [file ...]\n" |
" ssh-keygen -Y find-principals -s signature_file -f allowed_signers_file\n" |
" ssh-keygen -Y find-principals -s signature_file -f allowed_signers_file\n" |
|
" ssh-keygen -Y match-principals -I signer_identity -f allowed_signers_file\n" |
" ssh-keygen -Y check-novalidate -n namespace -s signature_file\n" |
" ssh-keygen -Y check-novalidate -n namespace -s signature_file\n" |
" ssh-keygen -Y sign -f key_file -n namespace file ...\n" |
" ssh-keygen -Y sign -f key_file -n namespace file ...\n" |
" ssh-keygen -Y verify -f allowed_signers_file -I signer_identity\n" |
" ssh-keygen -Y verify -f allowed_signers_file -I signer_identity\n" |
|
|
exit(1); |
exit(1); |
} |
} |
return sig_find_principals(ca_key_path, identity_file, |
return sig_find_principals(ca_key_path, identity_file, |
|
opts, nopts); |
|
} else if (strncmp(sign_op, "match-principals", 16) == 0) { |
|
if (!have_identity) { |
|
error("Too few arguments for match-principals:" |
|
"missing allowed keys file"); |
|
exit(1); |
|
} |
|
if (cert_key_id == NULL) { |
|
error("Too few arguments for match-principals: " |
|
"missing principal ID"); |
|
exit(1); |
|
} |
|
return sig_match_principals(identity_file, cert_key_id, |
opts, nopts); |
opts, nopts); |
} else if (strncmp(sign_op, "sign", 4) == 0) { |
} else if (strncmp(sign_op, "sign", 4) == 0) { |
if (cert_principals == NULL || |
if (cert_principals == NULL || |