RepoMirrors
/
openssh
mirror of git://anongit.mindrot.org/openssh.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream: Allow existing -U (use agent) flag to work with "-Y sign" 

operations, where it will be interpreted to require that the private keys is
hosted in an agent; bz3429, suggested by Adam Szkoda; ok dtucker@

OpenBSD-Commit-ID: a7bc69873b99c32c42c7628ed9ea91565ba08c2f
This commit is contained in:
djm@openbsd.org 2022-05-09 03:09:53 +00:00 committed by Damien Miller
parent cb010744cc
commit 0086a286ea
2 changed files with 17 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ssh-keygen.1
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-keygen.1,v 1.221 2022/05/03 07:42:27 florian Exp $ .\" $OpenBSD: ssh-keygen.1,v 1.222 2022/05/09 03:09:53 djm Exp $
.\" .\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi> .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -35,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.Dd $Mdocdate: May 3 2022 $ .Dd $Mdocdate: May 9 2022 $
.Dt SSH-KEYGEN 1 .Dt SSH-KEYGEN 1
.Os .Os
.Sh NAME .Sh NAME
@ -583,7 +583,9 @@ and
(the default). (the default).
.It Fl U .It Fl U
When used in combination with When used in combination with
.Fl s , .Fl s
or
.Fl Y Ar sign ,
this option indicates that a CA key resides in a this option indicates that a CA key resides in a
.Xr ssh-agent 1 . .Xr ssh-agent 1 .
See the See the

19
ssh-keygen.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-keygen.c,v 1.451 2022/05/08 22:58:35 djm Exp $ */ /* $OpenBSD: ssh-keygen.c,v 1.452 2022/05/09 03:09:53 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -2654,8 +2654,8 @@ sig_process_opts(char * const *opts, size_t nopts, char **hashalgp,
static int static int
sig_sign(const char *keypath, const char *sig_namespace, int argc, char **argv, sig_sign(const char *keypath, const char *sig_namespace, int require_agent,
char * const *opts, size_t nopts) int argc, char **argv, char * const *opts, size_t nopts)
{ {
int i, fd = -1, r, ret = -1; int i, fd = -1, r, ret = -1;
int agent_fd = -1; int agent_fd = -1;
@ -2679,13 +2679,18 @@ sig_sign(const char *keypath, const char *sig_namespace, int argc, char **argv,
goto done; goto done;
} }
if ((r = ssh_get_authentication_socket(&agent_fd)) != 0) if ((r = ssh_get_authentication_socket(&agent_fd)) != 0) {
if (require_agent)
fatal("Couldn't get agent socket");
debug_r(r, "Couldn't get agent socket"); debug_r(r, "Couldn't get agent socket");
else { } else {
if ((r = ssh_agent_has_key(agent_fd, pubkey)) == 0) if ((r = ssh_agent_has_key(agent_fd, pubkey)) == 0)
signer = agent_signer; signer = agent_signer;
else else {
if (require_agent)
fatal("Couldn't find key in agent");
debug_r(r, "Couldn't find key in agent"); debug_r(r, "Couldn't find key in agent");
}
} }
if (signer == NULL) { if (signer == NULL) {
@ -3543,7 +3548,7 @@ main(int argc, char **argv)
exit(1); exit(1);
} }
return sig_sign(identity_file, cert_principals, return sig_sign(identity_file, cert_principals,
argc, argv, opts, nopts); prefer_agent, argc, argv, opts, nopts);
} else if (strncmp(sign_op, "check-novalidate", 16) == 0) { } else if (strncmp(sign_op, "check-novalidate", 16) == 0) {
/* NB. cert_principals is actually namespace, via -n */ /* NB. cert_principals is actually namespace, via -n */
if (cert_principals == NULL || if (cert_principals == NULL ||