tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream commit 

prefer agent-hosted keys to keys from PKCS#11; ok markus

Upstream-ID: 7417f7653d58d6306d9f8c08d0263d050e2fd8f4
This commit is contained in:
djm@openbsd.org 2016-05-23 23:30:50 +00:00 committed by Darren Tucker
parent a0cb7778fb
commit 82f24c3ddc
1 changed files with 24 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
sshconnect2.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshconnect2.c,v 1.243 2016/05/02 10:26:04 djm Exp $ */ /* $OpenBSD: sshconnect2.c,v 1.244 2016/05/23 23:30:50 djm Exp $ */
/* /*
* Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved.
@ -1299,29 +1299,6 @@ pubkey_prepare(Authctxt *authctxt)
id->userprovided = options.identity_file_userprovided[i]; id->userprovided = options.identity_file_userprovided[i];
TAILQ_INSERT_TAIL(&files, id, next); TAILQ_INSERT_TAIL(&files, id, next);
} }
/* Prefer PKCS11 keys that are explicitly listed */
TAILQ_FOREACH_SAFE(id, &files, next, tmp) {
if (id->key == NULL || (id->key->flags & SSHKEY_FLAG_EXT) == 0)
continue;
found = 0;
TAILQ_FOREACH(id2, &files, next) {
if (id2->key == NULL ||
(id2->key->flags & SSHKEY_FLAG_EXT) == 0)
continue;
if (sshkey_equal(id->key, id2->key)) {
TAILQ_REMOVE(&files, id, next);
TAILQ_INSERT_TAIL(preferred, id, next);
found = 1;
break;
}
}
/* If IdentitiesOnly set and key not found then don't use it */
if (!found && options.identities_only) {
TAILQ_REMOVE(&files, id, next);
explicit_bzero(id, sizeof(*id));
free(id);
}
}
/* list of certificates specified by user */ /* list of certificates specified by user */
for (i = 0; i < options.num_certificate_files; i++) { for (i = 0; i < options.num_certificate_files; i++) {
key = options.certificates[i]; key = options.certificates[i];
@ -1380,6 +1357,29 @@ pubkey_prepare(Authctxt *authctxt)
} }
authctxt->agent_fd = agent_fd; authctxt->agent_fd = agent_fd;
} }
/* Prefer PKCS11 keys that are explicitly listed */
TAILQ_FOREACH_SAFE(id, &files, next, tmp) {
if (id->key == NULL || (id->key->flags & SSHKEY_FLAG_EXT) == 0)
continue;
found = 0;
TAILQ_FOREACH(id2, &files, next) {
if (id2->key == NULL ||
(id2->key->flags & SSHKEY_FLAG_EXT) == 0)
continue;
if (sshkey_equal(id->key, id2->key)) {
TAILQ_REMOVE(&files, id, next);
TAILQ_INSERT_TAIL(preferred, id, next);
found = 1;
break;
}
}
/* If IdentitiesOnly set and key not found then don't use it */
if (!found && options.identities_only) {
TAILQ_REMOVE(&files, id, next);
explicit_bzero(id, sizeof(*id));
free(id);
}
}
/* append remaining keys from the config file */ /* append remaining keys from the config file */
for (id = TAILQ_FIRST(&files); id; id = TAILQ_FIRST(&files)) { for (id = TAILQ_FIRST(&files); id; id = TAILQ_FIRST(&files)) {
TAILQ_REMOVE(&files, id, next); TAILQ_REMOVE(&files, id, next);