| version 1.387, 2020/01/23 07:54:04 |
version 1.388, 2020/01/23 23:31:52 |
|
|
| } |
} |
| |
|
| static int |
static int |
| sig_find_principal(const char *signature, const char *allowed_keys) { |
sig_find_principals(const char *signature, const char *allowed_keys) { |
| int r, ret = -1, sigfd = -1; |
int r, ret = -1, sigfd = -1; |
| struct sshbuf *sigbuf = NULL, *abuf = NULL; |
struct sshbuf *sigbuf = NULL, *abuf = NULL; |
| struct sshkey *sign_key = NULL; |
struct sshkey *sign_key = NULL; |
| char *principal = NULL; |
char *principals = NULL; |
| |
|
| if ((abuf = sshbuf_new()) == NULL) |
if ((abuf = sshbuf_new()) == NULL) |
| fatal("%s: sshbuf_new() failed", __func__); |
fatal("%s: sshbuf_new() failed", __func__); |
|
|
| } |
} |
| if ((r = sshsig_get_pubkey(sigbuf, &sign_key)) != 0) { |
if ((r = sshsig_get_pubkey(sigbuf, &sign_key)) != 0) { |
| error("%s: sshsig_get_pubkey: %s", |
error("%s: sshsig_get_pubkey: %s", |
| __func__, ssh_err(r)); |
__func__, ssh_err(r)); |
| goto done; |
goto done; |
| } |
} |
| |
if ((r = sshsig_find_principals(allowed_keys, sign_key, |
| if ((r = sshsig_find_principal(allowed_keys, sign_key, |
&principals)) != 0) { |
| &principal)) != 0) { |
|
| error("%s: sshsig_get_principal: %s", |
error("%s: sshsig_get_principal: %s", |
| __func__, ssh_err(r)); |
__func__, ssh_err(r)); |
| goto done; |
goto done; |
|
|
| ret = 0; |
ret = 0; |
| done: |
done: |
| if (ret == 0 ) { |
if (ret == 0 ) { |
| printf("Found matching principal: %s\n", principal); |
printf("Found matching principal: %s\n", principals); |
| } else { |
} else { |
| printf("Could not find matching principal.\n"); |
printf("Could not find matching principal.\n"); |
| } |
} |
|
|
| sshbuf_free(sigbuf); |
sshbuf_free(sigbuf); |
| sshbuf_free(abuf); |
sshbuf_free(abuf); |
| sshkey_free(sign_key); |
sshkey_free(sign_key); |
| free(principal); |
free(principals); |
| return ret; |
return ret; |
| } |
} |
| |
|
|
|
| " ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]\n" |
" ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]\n" |
| " file ...\n" |
" file ...\n" |
| " ssh-keygen -Q -f krl_file file ...\n" |
" ssh-keygen -Q -f krl_file file ...\n" |
| " ssh-keygen -Y find-principal -s signature_file -f allowed_signers_file\n" |
" ssh-keygen -Y find-principals -s signature_file -f allowed_signers_file\n" |
| " ssh-keygen -Y check-novalidate -n namespace -s signature_file\n" |
" ssh-keygen -Y check-novalidate -n namespace -s signature_file\n" |
| " ssh-keygen -Y sign -f key_file -n namespace file ...\n" |
" ssh-keygen -Y sign -f key_file -n namespace file ...\n" |
| " ssh-keygen -Y verify -f allowed_signers_file -I signer_identity\n" |
" ssh-keygen -Y verify -f allowed_signers_file -I signer_identity\n" |
|
|
| argc -= optind; |
argc -= optind; |
| |
|
| if (sign_op != NULL) { |
if (sign_op != NULL) { |
| if (strncmp(sign_op, "find-principal", 14) == 0) { |
if (strncmp(sign_op, "find-principals", 15) == 0) { |
| if (ca_key_path == NULL) { |
if (ca_key_path == NULL) { |
| error("Too few arguments for find-principal:" |
error("Too few arguments for find-principals:" |
| "missing signature file"); |
"missing signature file"); |
| exit(1); |
exit(1); |
| } |
} |
| if (!have_identity) { |
if (!have_identity) { |
| error("Too few arguments for find-principal:" |
error("Too few arguments for find-principals:" |
| "missing allowed keys file"); |
"missing allowed keys file"); |
| exit(1); |
exit(1); |
| } |
} |
| return sig_find_principal(ca_key_path, identity_file); |
return sig_find_principals(ca_key_path, identity_file); |
| } |
} |
| if (cert_principals == NULL || *cert_principals == '\0') { |
if (cert_principals == NULL || *cert_principals == '\0') { |
| error("Too few arguments for sign/verify: " |
error("Too few arguments for sign/verify: " |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-keygen.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh