version 1.325, 2019/01/23 04:16:22 |
version 1.326, 2019/01/23 04:51:02 |
|
|
|
|
static void |
static void |
do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent, |
do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent, |
unsigned long long cert_serial, int argc, char **argv) |
unsigned long long cert_serial, int cert_serial_autoinc, |
|
int argc, char **argv) |
{ |
{ |
int r, i, fd, found, agent_fd = -1; |
int r, i, fd, found, agent_fd = -1; |
u_int n; |
u_int n; |
|
|
|
|
sshkey_free(public); |
sshkey_free(public); |
free(out); |
free(out); |
|
if (cert_serial_autoinc) |
|
cert_serial++; |
} |
} |
#ifdef ENABLE_PKCS11 |
#ifdef ENABLE_PKCS11 |
pkcs11_terminate(); |
pkcs11_terminate(); |
|
|
int find_host = 0, delete_host = 0, hash_hosts = 0; |
int find_host = 0, delete_host = 0, hash_hosts = 0; |
int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0; |
int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0; |
int prefer_agent = 0, convert_to = 0, convert_from = 0; |
int prefer_agent = 0, convert_to = 0, convert_from = 0; |
int print_public = 0, print_generic = 0; |
int print_public = 0, print_generic = 0, cert_serial_autoinc = 0; |
unsigned long long cert_serial = 0; |
unsigned long long cert_serial = 0; |
char *identity_comment = NULL, *ca_key_path = NULL; |
char *identity_comment = NULL, *ca_key_path = NULL; |
u_int bits = 0; |
u_int bits = 0; |
|
|
break; |
break; |
case 'z': |
case 'z': |
errno = 0; |
errno = 0; |
|
if (*optarg == '+') { |
|
cert_serial_autoinc = 1; |
|
optarg++; |
|
} |
cert_serial = strtoull(optarg, &ep, 10); |
cert_serial = strtoull(optarg, &ep, 10); |
if (*optarg < '0' || *optarg > '9' || *ep != '\0' || |
if (*optarg < '0' || *optarg > '9' || *ep != '\0' || |
(errno == ERANGE && cert_serial == ULLONG_MAX)) |
(errno == ERANGE && cert_serial == ULLONG_MAX)) |
|
|
if (ca_key_path != NULL) { |
if (ca_key_path != NULL) { |
if (cert_key_id == NULL) |
if (cert_key_id == NULL) |
fatal("Must specify key id (-I) when certifying"); |
fatal("Must specify key id (-I) when certifying"); |
do_ca_sign(pw, ca_key_path, prefer_agent, cert_serial, |
do_ca_sign(pw, ca_key_path, prefer_agent, |
argc, argv); |
cert_serial, cert_serial_autoinc, argc, argv); |
} |
} |
if (show_cert) |
if (show_cert) |
do_show_cert(pw); |
do_show_cert(pw); |