Attachment #2899 for bug #2617




}

static int
id_filename_matches(Identity *id, Identity *private_id)
{
	const char *suffixes[] = { ".pub", "-cert.pub", NULL };
	size_t len = strlen(id->filename), plen = strlen(private_id->filename);
	size_t i, slen;

	if (strcmp(id->filename, private_id->filename) == 0)
		return 1;
	for (i = 0; suffixes[i]; i++) {
		slen = strlen(suffixes[i]);
		if (len > slen && plen == len - slen &&
		    strcmp(id->filename + (len - slen), suffixes[i]) == 0 &&
		    memcmp(id->filename, private_id->filename, plen) == 0)
			return 1;
	}
	return 0;
}

static int
sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
{
	Buffer b;

				break;
			}
		}
		/*
		 * Exact key matches are preferred, but also allow
		 * filename matches for non-PKCS#11/agent keys that
		 * didn't load public keys. This supports the case
		 * of keeping just a private key file and public
		 * certificate on disk.
		 */
		if (!matched && !id->isprivate && id->agent_fd == -1 &&
		    (id->key->flags & SSHKEY_FLAG_EXT) == 0) {
			TAILQ_FOREACH(private_id, &authctxt->keys, next) {
				if (private_id->key == NULL &&
				    id_filename_matches(id, private_id)) {
					id = private_id;
					matched = 1;
					break;
				}
			}
		}
		if (matched) {
			debug2("%s: using private key \"%s\"%s for "
			    "certificate", __func__, id->filename,

Return to bug 2617

Lines 1042-1047 identity_sign(struct identity id, u_char sigp, size_t lenp, Link Here

(-)a/sshconnect2.c (+37 lines)
1042	}	1042	}
1043		1043
1044	static int	1044	static int
		1045	id_filename_matches(Identity id, Identity private_id)
		1046	{
		1047	const char *suffixes[] = { ".pub", "-cert.pub", NULL };
		1048	size_t len = strlen(id->filename), plen = strlen(private_id->filename);
		1049	size_t i, slen;
		1050
		1051	if (strcmp(id->filename, private_id->filename) == 0)
		1052	return 1;
		1053	for (i = 0; suffixes[i]; i++) {
		1054	slen = strlen(suffixes[i]);
		1055	if (len > slen && plen == len - slen &&
		1056	strcmp(id->filename + (len - slen), suffixes[i]) == 0 &&
		1057	memcmp(id->filename, private_id->filename, plen) == 0)
		1058	return 1;
		1059	}
		1060	return 0;
		1061	}
		1062
		1063	static int
1045	sign_and_send_pubkey(Authctxt authctxt, Identity id)	1064	sign_and_send_pubkey(Authctxt authctxt, Identity id)
1046	{	1065	{
1047	Buffer b;	1066	Buffer b;
Lines 1103-1108 sign_and_send_pubkey(Authctxt authctxt, Identity id) Link Here
1103	break;	1122	break;
1104	}	1123	}
1105	}	1124	}
		1125	/*
		1126	* Exact key matches are preferred, but also allow
		1127	* filename matches for non-PKCS#11/agent keys that
		1128	* didn't load public keys. This supports the case
		1129	* of keeping just a private key file and public
		1130	* certificate on disk.
		1131	*/
		1132	if (!matched && !id->isprivate && id->agent_fd == -1 &&
		1133	(id->key->flags & SSHKEY_FLAG_EXT) == 0) {
		1134	TAILQ_FOREACH(private_id, &authctxt->keys, next) {
		1135	if (private_id->key == NULL &&
		1136	id_filename_matches(id, private_id)) {
		1137	id = private_id;
		1138	matched = 1;
		1139	break;
		1140	}
		1141	}
		1142	}
1106	if (matched) {	1143	if (matched) {
1107	debug2("%s: using private key \"%s\"%s for "	1144	debug2("%s: using private key \"%s\"%s for "
1108	"certificate", __func__, id->filename,	1145	"certificate", __func__, id->filename,