Bugzilla – Attachment 2396 Details for
Bug 2191
Feature Proposal: Add an identity to the agent automatically when loading the identity
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
IdentityPersist patch
identity-persist.patch (text/plain), 6.09 KB, created by
Tomohiro Matsuyama
on 2013-12-29 07:45:26 AEDT
(
hide
)
Description:
IdentityPersist patch
Filename:
MIME Type:
Creator:
Tomohiro Matsuyama
Created:
2013-12-29 07:45:26 AEDT
Size:
6.09 KB
patch
obsolete
>Index: openssh-6.4p1/readconf.c >=================================================================== >--- openssh-6.4p1.orig/readconf.c 2013-12-28 17:46:55.855921275 +0900 >+++ openssh-6.4p1/readconf.c 2013-12-28 17:46:55.851921275 +0900 >@@ -138,6 +138,7 @@ > oGssTrustDns, oGssKeyEx, oGssClientIdentity, oGssRenewalRekey, > oGssServerIdentity, > oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, >+ oIdentityPersist, oIdentityPersistConfirm, > oSendEnv, oControlPath, oControlMaster, oControlPersist, > oHashKnownHosts, > oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, >@@ -245,6 +246,8 @@ > { "addressfamily", oAddressFamily }, > { "serveraliveinterval", oServerAliveInterval }, > { "serveralivecountmax", oServerAliveCountMax }, >+ { "identitypersist", oIdentityPersist }, >+ { "identitypersistconfirm", oIdentityPersistConfirm }, > { "sendenv", oSendEnv }, > { "controlpath", oControlPath }, > { "controlmaster", oControlMaster }, >@@ -953,6 +956,33 @@ > intptr = &options->server_alive_count_max; > goto parse_int; > >+ case oIdentityPersist: >+ /* no/false/yes/true, or a time spec */ >+ intptr = &options->identity_persist; >+ arg = strdelim(&s); >+ if (!arg || *arg == '\0') >+ fatal("%.200s line %d: Missing IdentityPersist" >+ " argument.", filename, linenum); >+ value = 0; >+ value2 = 0; /* lifetime */ >+ if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0) >+ value = 0; >+ else if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0) >+ value = 1; >+ else if ((value2 = convtime(arg)) >= 0) >+ value = 1; >+ else >+ fatal("%.200s line %d: Bad IdentityPersist argument.", >+ filename, linenum); >+ if (*activep && *intptr == -1) { >+ *intptr = value; >+ options->identity_persist_lifetime = value2; >+ } >+ break; >+ case oIdentityPersistConfirm: >+ intptr = &options->identity_persist_confirm; >+ goto parse_flag; >+ > case oSendEnv: > while ((arg = strdelim(&s)) != NULL && *arg != '\0') { > if (strchr(arg, '=') != NULL) >@@ -1265,6 +1295,9 @@ > options->verify_host_key_dns = -1; > options->server_alive_interval = -1; > options->server_alive_count_max = -1; >+ options->identity_persist = -1; >+ options->identity_persist_lifetime = -1; >+ options->identity_persist_confirm = -1; > options->num_send_env = 0; > options->control_path = NULL; > options->control_master = -1; >@@ -1419,6 +1452,12 @@ > } > if (options->server_alive_count_max == -1) > options->server_alive_count_max = 3; >+ if (options->identity_persist == -1) >+ options->identity_persist = 0; >+ if (options->identity_persist_lifetime == -1) >+ options->identity_persist_lifetime = 0; >+ if (options->identity_persist_confirm == -1) >+ options->identity_persist_confirm = 0; > if (options->control_master == -1) > options->control_master = 0; > if (options->control_persist == -1) { >Index: openssh-6.4p1/readconf.h >=================================================================== >--- openssh-6.4p1.orig/readconf.h 2013-12-28 17:46:55.855921275 +0900 >+++ openssh-6.4p1/readconf.h 2013-12-28 17:46:55.851921275 +0900 >@@ -122,6 +122,10 @@ > int server_alive_interval; > int server_alive_count_max; > >+ int identity_persist; >+ int identity_persist_lifetime; >+ int identity_persist_confirm; >+ > int num_send_env; > char *send_env[MAX_SEND_ENV]; > >Index: openssh-6.4p1/sshconnect2.c >=================================================================== >--- openssh-6.4p1.orig/sshconnect2.c 2013-12-28 17:46:55.855921275 +0900 >+++ openssh-6.4p1/sshconnect2.c 2013-12-28 17:46:55.851921275 +0900 >@@ -371,7 +371,7 @@ > static int sign_and_send_pubkey(Authctxt *, Identity *); > static void pubkey_prepare(Authctxt *); > static void pubkey_cleanup(Authctxt *); >-static Key *load_identity_file(char *, int); >+static Key *load_identity_file(Authctxt *, char *, int); > > static Authmethod *authmethod_get(char *authlist); > static Authmethod *authmethod_lookup(const char *name); >@@ -1283,7 +1283,7 @@ > #endif /* JPAKE */ > > static int >-identity_sign(Identity *id, u_char **sigp, u_int *lenp, >+identity_sign(Authctxt *authctxt, Identity *id, u_char **sigp, u_int *lenp, > u_char *data, u_int datalen) > { > Key *prv; >@@ -1300,7 +1300,7 @@ > if (id->isprivate || (id->key->flags & KEY_FLAG_EXT)) > return (key_sign(id->key, sigp, lenp, data, datalen)); > /* load the private key from the file */ >- if ((prv = load_identity_file(id->filename, id->userprovided)) == NULL) >+ if ((prv = load_identity_file(authctxt, id->filename, id->userprovided)) == NULL) > return (-1); > ret = key_sign(prv, sigp, lenp, data, datalen); > key_free(prv); >@@ -1352,7 +1352,7 @@ > buffer_put_string(&b, blob, bloblen); > > /* generate signature */ >- ret = identity_sign(id, &signature, &slen, >+ ret = identity_sign(authctxt, id, &signature, &slen, > buffer_ptr(&b), buffer_len(&b)); > if (ret == -1) { > free(blob); >@@ -1425,10 +1425,11 @@ > } > > static Key * >-load_identity_file(char *filename, int userprovided) >+load_identity_file(Authctxt *authctxt, char *filename, int userprovided) > { > Key *private; > char prompt[300], *passphrase; >+ char *comment = NULL; > int perm_ok = 0, quit, i; > struct stat st; > >@@ -1452,7 +1453,20 @@ > passphrase = read_passphrase(prompt, 0); > if (strcmp(passphrase, "") != 0) { > private = key_load_private_type(KEY_UNSPEC, >- filename, passphrase, NULL, NULL); >+ filename, passphrase, &comment, NULL); >+ if (authctxt && authctxt->agent && >+ private && options.identity_persist) { >+ if (comment == NULL) >+ comment = xstrdup(filename); >+ if (ssh_add_identity_constrained(authctxt->agent, >+ private, comment, >+ options.identity_persist_lifetime, >+ options.identity_persist_confirm)) { >+ fprintf(stderr, "Identity added: %s (%s)\n", >+ filename, comment); >+ } >+ free(comment); >+ } > quit = 0; > } else { > debug2("no passphrase given, try next key"); >@@ -1612,7 +1626,7 @@ > sent = send_pubkey_test(authctxt, id); > } else if (id->key == NULL && id->filename) { > debug("Trying private key: %s", id->filename); >- id->key = load_identity_file(id->filename, >+ id->key = load_identity_file(authctxt, id->filename, > id->userprovided); > if (id->key != NULL) { > id->isprivate = 1;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2396">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2191
: 2396