security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00
Code Activity

agent: Write both ssh fingerprints to 'sshcontrol' file.

Browse Source 
* agent/command-ssh.c (add_control_entry): Hand in the key, write both
the MD5- and the SHA256-based fingerprint to the 'sshcontrol' file
when adding ssh keys.
(ssh_identity_register): Adapt callsite.

GnuPG-bug-id: 2106
Signed-off-by: Justus Winter <justus@g10code.com>
This commit is contained in:
Justus Winter 2017-05-24 17:29:31 +02:00
parent 3a07a69dfc
commit a5f046d99a
No known key found for this signature in database
GPG Key ID: DD1A52F9DA8C9020
1 changed files with 18 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
agent/command-ssh.c
View File

@ -1040,12 +1040,14 @@ search_control_file (ssh_control_file_t cf, const char *hexgrip,
We can assume that the user wants to allow ssh using this key. */ We can assume that the user wants to allow ssh using this key. */
static gpg_error_t static gpg_error_t
add_control_entry (ctrl_t ctrl, ssh_key_type_spec_t *spec, add_control_entry (ctrl_t ctrl, ssh_key_type_spec_t *spec,
const char *hexgrip, const char *fmtfpr, const char *hexgrip, gcry_sexp_t key,
int ttl, int confirm) int ttl, int confirm)
{ {
gpg_error_t err; gpg_error_t err;
ssh_control_file_t cf; ssh_control_file_t cf;
int disabled; int disabled;
char *fpr_md5 = NULL;
char *fpr_sha256 = NULL;
(void)ctrl; (void)ctrl;
@ -1059,19 +1061,31 @@ add_control_entry (ctrl_t ctrl, ssh_key_type_spec_t *spec,
struct tm *tp; struct tm *tp;
time_t atime = time (NULL); time_t atime = time (NULL);
err = ssh_get_fingerprint_string (key, GCRY_MD_MD5, &fpr_md5);
if (err)
goto out;
err = ssh_get_fingerprint_string (key, GCRY_MD_SHA256, &fpr_sha256);
if (err)
goto out;
/* Not yet in the file - add it. Because the file has been /* Not yet in the file - add it. Because the file has been
opened in append mode, we simply need to write to it. */ opened in append mode, we simply need to write to it. */
tp = localtime (&atime); tp = localtime (&atime);
fprintf (cf->fp, fprintf (cf->fp,
("# %s key added on: %04d-%02d-%02d %02d:%02d:%02d\n" ("# %s key added on: %04d-%02d-%02d %02d:%02d:%02d\n"
"# MD5 Fingerprint: %s\n" "# Fingerprints: %s\n"
"# %s\n"
"%s %d%s\n"), "%s %d%s\n"),
spec->name, spec->name,
1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday, 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday,
tp->tm_hour, tp->tm_min, tp->tm_sec, tp->tm_hour, tp->tm_min, tp->tm_sec,
fmtfpr, hexgrip, ttl, confirm? " confirm":""); fpr_md5, fpr_sha256, hexgrip, ttl, confirm? " confirm":"");
} }
out:
xfree (fpr_md5);
xfree (fpr_sha256);
close_control_file (cf); close_control_file (cf);
return 0; return 0;
} }
@ -3118,7 +3132,7 @@ ssh_identity_register (ctrl_t ctrl, ssh_key_type_spec_t *spec,
key_exists: key_exists:
/* And add an entry to the sshcontrol file. */ /* And add an entry to the sshcontrol file. */
err = add_control_entry (ctrl, spec, key_grip, key_fpr, ttl, confirm); err = add_control_entry (ctrl, spec, key_grip, key, ttl, confirm);
out: out: