security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

ssh: Allow to define the order in which keys are returned.

Browse source 
* agent/findkey.c (public_key_from_file): Add arg r_sshorder.
(agent_ssh_key_from_file): Ditto.
* agent/command-ssh.c (struct key_collection_item_s): New.
(struct key_collection_s): New.
(search_control_file): Add art r_lnr.
(add_to_key_array): New.
(free_key_array): New.
(compare_key_collection_items): New.
(ssh_send_available_keys): Rewrite to return the keys in the user
given order.
--

GnuPG-bug-id: 6212

We now first return the keys from active cards, followed by keys
listed in sshcontrol, finally from those with the "Use-for-ssh" key
attribute.  Keys from active cards are returned sorted by their S/N.
Keys from sshcontrol are returned in the order they are given in that
file.  Use-for-ssh keys are ordered by the value assigned to that key
attribute.  The values for the latter are clamped at 99999.
This commit is contained in:
Werner Koch 2023-02-01 09:27:28 +01:00
parent f9bcec6f8a
commit 8b8a8b246c
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
4 changed files with 190 additions and 68 deletions
Download patch file Download diff file Expand all files Collapse all files

15
agent/findkey.c
View file

@ -1422,10 +1422,11 @@ agent_raw_key_from_file (ctrl_t ctrl, const unsigned char *grip,
/* Return the public key for the keygrip GRIP. The result is stored
at RESULT. This function extracts the public key from the private
key database. On failure an error code is returned and NULL stored
at RESULT. */
at RESULT. If R_SSHORDER is not NULL the ordinal from the
Use-for-ssh attribute is stored at that address. */
static gpg_error_t
public_key_from_file (ctrl_t ctrl, const unsigned char *grip,
gcry_sexp_t *result, int for_ssh)
gcry_sexp_t *result, int for_ssh, int *r_sshorder)
{
gpg_error_t err;
int i, idx;
@ -1451,6 +1452,8 @@ public_key_from_file (ctrl_t ctrl, const unsigned char *grip,
(void)ctrl;
*result = NULL;
if (r_sshorder)
*r_sshorder = 0;
err = read_key_file (grip, &s_skey, for_ssh? &keymeta : NULL);
if (err)
@ -1470,6 +1473,8 @@ public_key_from_file (ctrl_t ctrl, const unsigned char *grip,
if (!is_ssh)
return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
if (r_sshorder)
*r_sshorder = is_ssh;
}
for (i=0; i < DIM (array); i++)
@ -1565,15 +1570,15 @@ agent_public_key_from_file (ctrl_t ctrl,
const unsigned char *grip,
gcry_sexp_t *result)
{
return public_key_from_file (ctrl, grip, result, 0);
return public_key_from_file (ctrl, grip, result, 0, NULL);
}
gpg_error_t
agent_ssh_key_from_file (ctrl_t ctrl,
const unsigned char *grip,
gcry_sexp_t *result)
gcry_sexp_t *result, int *r_order)
{
return public_key_from_file (ctrl, grip, result, 1);
return public_key_from_file (ctrl, grip, result, 1, r_order);
}