diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2016-05-23 23:30:51 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2016-05-23 23:30:51 +0000 |
| commit | 72ecf58bd5ec451924c3ad70985fd0ea8a27aa33 (patch) | |
| tree | c87814cdc5c28a9d58b2af60991b8a434713795b /usr.bin/ssh | |
| parent | 1d8c886d851e281886f07f628e4c27f1d95494fb (diff) | |
prefer agent-hosted keys to keys from PKCS#11; ok markus
Diffstat (limited to 'usr.bin/ssh')
| -rw-r--r-- | usr.bin/ssh/sshconnect2.c | 48 |
1 files changed, 24 insertions, 24 deletions
diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index 690e97a265b..0365ee8a8e1 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.243 2016/05/02 10:26:04 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.244 2016/05/23 23:30:50 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -1291,29 +1291,6 @@ pubkey_prepare(Authctxt *authctxt) id->userprovided = options.identity_file_userprovided[i]; TAILQ_INSERT_TAIL(&files, id, next); } - /* Prefer PKCS11 keys that are explicitly listed */ - TAILQ_FOREACH_SAFE(id, &files, next, tmp) { - if (id->key == NULL || (id->key->flags & SSHKEY_FLAG_EXT) == 0) - continue; - found = 0; - TAILQ_FOREACH(id2, &files, next) { - if (id2->key == NULL || - (id2->key->flags & SSHKEY_FLAG_EXT) == 0) - continue; - if (sshkey_equal(id->key, id2->key)) { - TAILQ_REMOVE(&files, id, next); - TAILQ_INSERT_TAIL(preferred, id, next); - found = 1; - break; - } - } - /* If IdentitiesOnly set and key not found then don't use it */ - if (!found && options.identities_only) { - TAILQ_REMOVE(&files, id, next); - explicit_bzero(id, sizeof(*id)); - free(id); - } - } /* list of certificates specified by user */ for (i = 0; i < options.num_certificate_files; i++) { key = options.certificates[i]; @@ -1372,6 +1349,29 @@ pubkey_prepare(Authctxt *authctxt) } authctxt->agent_fd = agent_fd; } + /* Prefer PKCS11 keys that are explicitly listed */ + TAILQ_FOREACH_SAFE(id, &files, next, tmp) { + if (id->key == NULL || (id->key->flags & SSHKEY_FLAG_EXT) == 0) + continue; + found = 0; + TAILQ_FOREACH(id2, &files, next) { + if (id2->key == NULL || + (id2->key->flags & SSHKEY_FLAG_EXT) == 0) + continue; + if (sshkey_equal(id->key, id2->key)) { + TAILQ_REMOVE(&files, id, next); + TAILQ_INSERT_TAIL(preferred, id, next); + found = 1; + break; + } + } + /* If IdentitiesOnly set and key not found then don't use it */ + if (!found && options.identities_only) { + TAILQ_REMOVE(&files, id, next); + explicit_bzero(id, sizeof(*id)); + free(id); + } + } /* append remaining keys from the config file */ for (id = TAILQ_FIRST(&files); id; id = TAILQ_FIRST(&files)) { TAILQ_REMOVE(&files, id, next); |