Bugzilla – Attachment 3617 Details for
Bug 3111
Option AddKeysToAgent does not load certificates into ssh-agent
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for the ssh agent certificate fix
cert.patch (text/plain), 3.10 KB, created by
Finlay
on 2022-10-16 05:46:35 AEDT
(
hide
)
Description:
Patch for the ssh agent certificate fix
Filename:
MIME Type:
Creator:
Finlay
Created:
2022-10-16 05:46:35 AEDT
Size:
3.10 KB
patch
obsolete
>diff --git a/sshconnect2.c b/sshconnect2.c >index fea50fab..d7508e80 100644 >--- a/sshconnect2.c >+++ b/sshconnect2.c >@@ -1240,6 +1240,7 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp, > > /* The agent supports this key. */ > if (id->key != NULL && id->agent_fd != -1) { >+ id->key->type = sshkey_type_plain(id->key->type); > return ssh_agent_sign(id->agent_fd, id->key, sigp, lenp, > data, datalen, alg, compat); > } >@@ -1342,7 +1343,7 @@ sign_and_send_pubkey(struct ssh *ssh, Identity *id) > Identity *private_id, *sign_id = NULL; > u_char *signature = NULL; > size_t slen = 0, skip = 0; >- int r, fallback_sigtype, sent = 0; >+ int r, fallback_sigtype, sent = 0, old_type; > char *alg = NULL, *fp = NULL; > const char *loc = ""; > >@@ -1365,6 +1366,19 @@ sign_and_send_pubkey(struct ssh *ssh, Identity *id) > if (sshkey_equal_public(id->key, private_id->key) && > id->key->type != private_id->key->type) { > sign_id = private_id; >+ /* >+ * Try to add the certificate to the private key so the agent will keep it >+ */ >+ if ((r = sshkey_to_certified(sign_id->key)) != 0) { >+ error_fr(r, "sshkey_to_certified"); >+ sshkey_free(sign_id->key); >+ goto out; >+ } >+ if ((r = sshkey_cert_copy(id->key, sign_id->key)) != 0) { >+ error_fr(r, "sshkey_cert_copy"); >+ sshkey_free(sign_id->key); >+ goto out; >+ } > break; > } > } >@@ -1438,8 +1452,11 @@ sign_and_send_pubkey(struct ssh *ssh, Identity *id) > } > > /* generate signature */ >+ old_type = sign_id->key->type; >+ sign_id->key->type = id->key->type; > r = identity_sign(sign_id, &signature, &slen, > sshbuf_ptr(b), sshbuf_len(b), ssh->compat, alg); >+ sign_id->key->type = old_type; > if (r == 0) > break; > else if (r == SSH_ERR_KEY_NOT_FOUND) >@@ -1535,7 +1552,7 @@ load_identity_file(Identity *id) > { > struct sshkey *private = NULL; > char prompt[300], *passphrase, *comment; >- int r, quit = 0, i; >+ int r, quit = 0, i, old_type; > struct stat st; > > if (stat(id->filename, &st) == -1) { >@@ -1590,9 +1607,31 @@ load_identity_file(Identity *id) > quit = 1; > } > if (!quit && private != NULL && id->agent_fd == -1 && >- !(id->key && id->isprivate)) >+ !(id->key && id->isprivate)){ >+ /* >+ * Try to add the certificate to the private key so the agent will keep it >+ */ >+ if(sshkey_type_is_cert(id->key->type) > 0){ >+ if ((r = sshkey_to_certified(private)) != 0) { >+ error_fr(r, "sshkey_to_certified"); >+ sshkey_free(private); >+ goto out; >+ } >+ if ((r = sshkey_cert_copy(id->key, private)) != 0) { >+ error_fr(r, "sshkey_cert_copy"); >+ sshkey_free(private); >+ goto out; >+ } >+ >+ old_type = private->type; >+ private->type = id->key->type; >+ maybe_add_key_to_agent(id->filename, private, comment, >+ ""); >+ private->type = sshkey_type_plain(old_type); >+ } > maybe_add_key_to_agent(id->filename, private, comment, >- passphrase); >+ passphrase); >+ } > if (i > 0) > freezero(passphrase, strlen(passphrase)); > free(comment); >@@ -1600,6 +1639,8 @@ load_identity_file(Identity *id) > break; > } > return private; >+out: >+ return NULL; > } > > static int
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3617">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 3111
: 3617