version 1.334, 2010/02/08 22:03:05 |
version 1.335, 2010/02/26 20:29:54 |
|
|
int i = 0; |
int i = 0; |
Key *public; |
Key *public; |
struct passwd *pw; |
struct passwd *pw; |
|
u_int n_ids; |
|
char *identity_files[SSH_MAX_IDENTITY_FILES]; |
|
Key *identity_keys[SSH_MAX_IDENTITY_FILES]; |
#ifdef ENABLE_PKCS11 |
#ifdef ENABLE_PKCS11 |
Key **keys; |
Key **keys; |
int nkeys; |
int nkeys; |
|
#endif /* PKCS11 */ |
|
|
|
n_ids = 0; |
|
bzero(identity_files, sizeof(identity_files)); |
|
bzero(identity_keys, sizeof(identity_keys)); |
|
|
|
#ifdef ENABLE_PKCS11 |
if (options.pkcs11_provider != NULL && |
if (options.pkcs11_provider != NULL && |
options.num_identity_files < SSH_MAX_IDENTITY_FILES && |
options.num_identity_files < SSH_MAX_IDENTITY_FILES && |
(pkcs11_init(!options.batch_mode) == 0) && |
(pkcs11_init(!options.batch_mode) == 0) && |
(nkeys = pkcs11_add_provider(options.pkcs11_provider, NULL, |
(nkeys = pkcs11_add_provider(options.pkcs11_provider, NULL, |
&keys)) > 0) { |
&keys)) > 0) { |
int count = 0; |
|
for (i = 0; i < nkeys; i++) { |
for (i = 0; i < nkeys; i++) { |
count++; |
if (n_ids >= SSH_MAX_IDENTITY_FILES) { |
memmove(&options.identity_files[1], |
key_free(keys[i]); |
&options.identity_files[0], |
continue; |
sizeof(char *) * (SSH_MAX_IDENTITY_FILES - 1)); |
} |
memmove(&options.identity_keys[1], |
identity_keys[n_ids] = keys[i]; |
&options.identity_keys[0], |
identity_files[n_ids] = |
sizeof(Key *) * (SSH_MAX_IDENTITY_FILES - 1)); |
|
options.num_identity_files++; |
|
options.identity_keys[0] = keys[i]; |
|
options.identity_files[0] = |
|
xstrdup(options.pkcs11_provider); /* XXX */ |
xstrdup(options.pkcs11_provider); /* XXX */ |
|
n_ids++; |
} |
} |
if (options.num_identity_files > SSH_MAX_IDENTITY_FILES) |
|
options.num_identity_files = SSH_MAX_IDENTITY_FILES; |
|
i = count; |
|
xfree(keys); |
xfree(keys); |
/* XXX leaks some keys */ |
|
} |
} |
#endif /* ENABLE_PKCS11 */ |
#endif /* ENABLE_PKCS11 */ |
if ((pw = getpwuid(original_real_uid)) == NULL) |
if ((pw = getpwuid(original_real_uid)) == NULL) |
|
|
if (gethostname(thishost, sizeof(thishost)) == -1) |
if (gethostname(thishost, sizeof(thishost)) == -1) |
fatal("load_public_identity_files: gethostname: %s", |
fatal("load_public_identity_files: gethostname: %s", |
strerror(errno)); |
strerror(errno)); |
for (; i < options.num_identity_files; i++) { |
for (i = 0; i < options.num_identity_files; i++) { |
|
if (n_ids >= SSH_MAX_IDENTITY_FILES) { |
|
xfree(options.identity_files[i]); |
|
continue; |
|
} |
cp = tilde_expand_filename(options.identity_files[i], |
cp = tilde_expand_filename(options.identity_files[i], |
original_real_uid); |
original_real_uid); |
filename = percent_expand(cp, "d", pwdir, |
filename = percent_expand(cp, "d", pwdir, |
|
|
debug("identity file %s type %d", filename, |
debug("identity file %s type %d", filename, |
public ? public->type : -1); |
public ? public->type : -1); |
xfree(options.identity_files[i]); |
xfree(options.identity_files[i]); |
options.identity_files[i] = filename; |
identity_files[n_ids] = filename; |
options.identity_keys[i] = public; |
identity_keys[n_ids] = public; |
|
|
|
if (++n_ids >= SSH_MAX_IDENTITY_FILES) |
|
continue; |
|
|
|
/* Try to add the certificate variant too */ |
|
xasprintf(&cp, "%s-cert", filename); |
|
public = key_load_public(cp, NULL); |
|
debug("identity file %s type %d", cp, |
|
public ? public->type : -1); |
|
if (public == NULL) { |
|
xfree(cp); |
|
continue; |
|
} |
|
if (!key_is_cert(public)) { |
|
debug("%s: key %s type %s is not a certificate", |
|
__func__, cp, key_type(public)); |
|
key_free(public); |
|
xfree(cp); |
|
continue; |
|
} |
|
identity_keys[n_ids] = public; |
|
/* point to the original path, most likely the private key */ |
|
identity_files[n_ids] = xstrdup(filename); |
|
n_ids++; |
} |
} |
|
options.num_identity_files = n_ids; |
|
memcpy(options.identity_files, identity_files, sizeof(identity_files)); |
|
memcpy(options.identity_keys, identity_keys, sizeof(identity_keys)); |
|
|
bzero(pwname, strlen(pwname)); |
bzero(pwname, strlen(pwname)); |
xfree(pwname); |
xfree(pwname); |
bzero(pwdir, strlen(pwdir)); |
bzero(pwdir, strlen(pwdir)); |