diff options
| author |   djm <djm@openbsd.org> | 2020-01-24 05:33:01 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2020-01-24 05:33:01 +0000 |
| commit | fa400f4962323f6b54ad24a9b49e7fd86cb6ac68 (patch) | |
| tree | c377efca30efb7d41a096d468a0e942c604a47a1 /usr.bin/ssh/ssh-keygen.c | |
| parent | Machines have started to appear that have the framebuffer at an address > 4GB. (diff) | |
| download | wireguard-openbsd-fa400f4962323f6b54ad24a9b49e7fd86cb6ac68.tar.xz wireguard-openbsd-fa400f4962323f6b54ad24a9b49e7fd86cb6ac68.zip | |
minor tweaks to ssh-keygen -Y find-principals:
emit matched principals one per line to stdout rather than as comma-
separated and with a free-text preamble (easy confusion opportunity)
emit "not found" error to stderr
fix up argument testing for -Y operations and improve error message for
unsupported operations
Diffstat (limited to 'usr.bin/ssh/ssh-keygen.c')
| -rw-r--r-- | usr.bin/ssh/ssh-keygen.c | 32 |
1 files changed, 21 insertions, 11 deletions
diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c index 1401b0598ca..5987a72889c 100644 --- a/usr.bin/ssh/ssh-keygen.c +++ b/usr.bin/ssh/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.390 2020/01/24 00:27:04 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.391 2020/01/24 05:33:01 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -2754,7 +2754,7 @@ sig_find_principals(const char *signature, const char *allowed_keys) { int r, ret = -1, sigfd = -1; struct sshbuf *sigbuf = NULL, *abuf = NULL; struct sshkey *sign_key = NULL; - char *principals = NULL; + char *principals = NULL, *cp, *tmp; if ((abuf = sshbuf_new()) == NULL) fatal("%s: sshbuf_new() failed", __func__); @@ -2786,9 +2786,12 @@ sig_find_principals(const char *signature, const char *allowed_keys) { ret = 0; done: if (ret == 0 ) { - printf("Found matching principal: %s\n", principals); + /* Emit matching principals one per line */ + tmp = principals; + while ((cp = strsep(&tmp, ",")) != NULL && *cp != '\0') + puts(cp); } else { - printf("Could not find matching principal.\n"); + fprintf(stderr, "No principal matched.\n"); } if (sigfd != -1) close(sigfd); @@ -3357,13 +3360,13 @@ main(int argc, char **argv) exit(1); } return sig_find_principals(ca_key_path, identity_file); - } - if (cert_principals == NULL || *cert_principals == '\0') { - error("Too few arguments for sign/verify: " - "missing namespace"); - exit(1); - } - if (strncmp(sign_op, "sign", 4) == 0) { + } else if (strncmp(sign_op, "sign", 4) == 0) { + if (cert_principals == NULL || + *cert_principals == '\0') { + error("Too few arguments for sign: " + "missing namespace"); + exit(1); + } if (!have_identity) { error("Too few arguments for sign: " "missing key"); @@ -3380,6 +3383,12 @@ main(int argc, char **argv) return sig_verify(ca_key_path, cert_principals, NULL, NULL, NULL); } else if (strncmp(sign_op, "verify", 6) == 0) { + if (cert_principals == NULL || + *cert_principals == '\0') { + error("Too few arguments for verify: " + "missing namespace"); + exit(1); + } if (ca_key_path == NULL) { error("Too few arguments for verify: " "missing signature file"); @@ -3398,6 +3407,7 @@ main(int argc, char **argv) return sig_verify(ca_key_path, cert_principals, cert_key_id, identity_file, rr_hostname); } + error("Unsupported operation for -Y: \"%s\"", sign_op); usage(); /* NOTREACHED */ } |