diff options
author | djm@openbsd.org <djm@openbsd.org> | 2020-01-24 05:33:01 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2020-01-25 11:27:29 +1100 |
commit | d15c8adf2c6f1a6b4845131074383eb9c3d05c3d (patch) | |
tree | f0fb0cf0596c8a15bc90056127f7e4b976ff1285 | |
parent | c3368a5d5ec368ef6bdf9971d6330ca0e3bdca06 (diff) |
upstream: minor tweaks to ssh-keygen -Y find-principals:
emit matched principals one per line to stdout rather than as comma-
separated and with a free-text preamble (easy confusion opportunity)
emit "not found" error to stderr
fix up argument testing for -Y operations and improve error message for
unsupported operations
OpenBSD-Commit-ID: 3d9c9a671ab07fc04a48f543edfa85eae77da69c
-rw-r--r-- | ssh-keygen.c | 32 |
1 files changed, 21 insertions, 11 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index f2192edb..2c9f6786 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.390 2020/01/24 00:27:04 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.391 2020/01/24 05:33:01 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -2774,7 +2774,7 @@ sig_find_principals(const char *signature, const char *allowed_keys) { int r, ret = -1, sigfd = -1; struct sshbuf *sigbuf = NULL, *abuf = NULL; struct sshkey *sign_key = NULL; - char *principals = NULL; + char *principals = NULL, *cp, *tmp; if ((abuf = sshbuf_new()) == NULL) fatal("%s: sshbuf_new() failed", __func__); @@ -2806,9 +2806,12 @@ sig_find_principals(const char *signature, const char *allowed_keys) { ret = 0; done: if (ret == 0 ) { - printf("Found matching principal: %s\n", principals); + /* Emit matching principals one per line */ + tmp = principals; + while ((cp = strsep(&tmp, ",")) != NULL && *cp != '\0') + puts(cp); } else { - printf("Could not find matching principal.\n"); + fprintf(stderr, "No principal matched.\n"); } if (sigfd != -1) close(sigfd); @@ -3380,13 +3383,13 @@ main(int argc, char **argv) exit(1); } return sig_find_principals(ca_key_path, identity_file); - } - if (cert_principals == NULL || *cert_principals == '\0') { - error("Too few arguments for sign/verify: " - "missing namespace"); - exit(1); - } - if (strncmp(sign_op, "sign", 4) == 0) { + } else if (strncmp(sign_op, "sign", 4) == 0) { + if (cert_principals == NULL || + *cert_principals == '\0') { + error("Too few arguments for sign: " + "missing namespace"); + exit(1); + } if (!have_identity) { error("Too few arguments for sign: " "missing key"); @@ -3403,6 +3406,12 @@ main(int argc, char **argv) return sig_verify(ca_key_path, cert_principals, NULL, NULL, NULL); } else if (strncmp(sign_op, "verify", 6) == 0) { + if (cert_principals == NULL || + *cert_principals == '\0') { + error("Too few arguments for verify: " + "missing namespace"); + exit(1); + } if (ca_key_path == NULL) { error("Too few arguments for verify: " "missing signature file"); @@ -3421,6 +3430,7 @@ main(int argc, char **argv) return sig_verify(ca_key_path, cert_principals, cert_key_id, identity_file, rr_hostname); } + error("Unsupported operation for -Y: \"%s\"", sign_op); usage(); /* NOTREACHED */ } |