security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Activity

agent: Add known keys to sshcontrol. 

* agent/command-ssh.c (ssh_identity_register): Add a key to sshcontrol
even if it is already in the private key store.
* tests/openpgp/ssh.scm: Test this.

GnuPG-bug-id: 2316
Signed-off-by: Justus Winter <justus@g10code.com>
This commit is contained in:
Justus Winter 2016-07-19 16:48:38 +02:00
parent d7a405de83
commit 270f7f7b8b
2 changed files with 21 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
agent/command-ssh.c
View File

@ -3152,8 +3152,8 @@ reenter_compare_cb (struct pin_entry_info_s *pi)
/* Store the ssh KEY into our local key storage and protect it after /* Store the ssh KEY into our local key storage and protect it after
asking for a passphrase. Cache that passphrase. TTL is the asking for a passphrase. Cache that passphrase. TTL is the
maximum caching time for that key. If the key already exists in maximum caching time for that key. If the key already exists in
our key storage, don't do anything. When entering a new key also our key storage, don't do anything. When entering a key also add
add an entry to the sshcontrol file. */ an entry to the sshcontrol file. */
static gpg_error_t static gpg_error_t
ssh_identity_register (ctrl_t ctrl, ssh_key_type_spec_t *spec, ssh_identity_register (ctrl_t ctrl, ssh_key_type_spec_t *spec,
gcry_sexp_t key, int ttl, int confirm) gcry_sexp_t key, int ttl, int confirm)
@ -3175,15 +3175,17 @@ ssh_identity_register (ctrl_t ctrl, ssh_key_type_spec_t *spec,
if (err) if (err)
goto out; goto out;
/* Check whether the key is already in our key storage. Don't do bin2hex (key_grip_raw, 20, key_grip);
anything then. */
if ( !agent_key_available (key_grip_raw) )
goto out; /* Yes, key is available. */
err = ssh_get_fingerprint_string (key, &key_fpr); err = ssh_get_fingerprint_string (key, &key_fpr);
if (err) if (err)
goto out; goto out;
/* Check whether the key is already in our key storage. Don't do
anything then besides (re-)adding it to sshcontrol. */
if ( !agent_key_available (key_grip_raw) )
goto key_exists; /* Yes, key is available. */
err = ssh_key_extract_comment (key, &comment); err = ssh_key_extract_comment (key, &comment);
if (err) if (err)
goto out; goto out;
@ -3249,11 +3251,11 @@ ssh_identity_register (ctrl_t ctrl, ssh_key_type_spec_t *spec,
goto out; goto out;
/* Cache this passphrase. */ /* Cache this passphrase. */
bin2hex (key_grip_raw, 20, key_grip);
err = agent_put_cache (key_grip, CACHE_MODE_SSH, pi->pin, ttl); err = agent_put_cache (key_grip, CACHE_MODE_SSH, pi->pin, ttl);
if (err) if (err)
goto out; goto out;
key_exists:
/* And add an entry to the sshcontrol file. */ /* And add an entry to the sshcontrol file. */
err = add_control_entry (ctrl, spec, key_grip, key_fpr, ttl, confirm); err = add_control_entry (ctrl, spec, key_grip, key_fpr, ttl, confirm);

12
tests/openpgp/ssh.scm
View File

@ -50,3 +50,15 @@
(unless (string-contains? (call-popen `(,SSH-ADD -l "-E" md5) "") hash) (unless (string-contains? (call-popen `(,SSH-ADD -l "-E" md5) "") hash)
(error "key not added")))) (error "key not added"))))
car keys) car keys)
(info "Checking for issue2316...")
(unlink (string-append GNUPGHOME "/sshcontrol"))
(pipe:do
(pipe:open (path-join (in-srcdir "samplekeys")
(string-append "ssh-rsa.key"))
(logior O_RDONLY O_BINARY))
(pipe:spawn `(,SSH-ADD -)))
(unless
(string-contains? (call-popen `(,SSH-ADD -l "-E" md5) "")
"MD5:c9:85:b5:55:00:84:a9:82:5a:df:d6:62:1b:5a:28:22")
(error "known private key not (re-)added to sshcontrol"))