static void
load_public_identity_files(void)
{
char *filename, *cp, thishost[NI_MAXHOST], *fp;
char *pwdir = NULL, *pwname = NULL;
int i = 0;
Key *public;
struct passwd *pw;
u_int n_ids;
char *identity_files[SSH_MAX_IDENTITY_FILES];
Key *identity_keys[SSH_MAX_IDENTITY_FILES];
#ifdef ENABLE_PKCS11
Key **keys;
int nkeys;
#endif /* PKCS11 */
n_ids = 0;
bzero(identity_files, sizeof(identity_files));
bzero(identity_keys, sizeof(identity_keys));
#ifdef ENABLE_PKCS11
if (options.pkcs11_provider != NULL &&
options.num_identity_files < SSH_MAX_IDENTITY_FILES &&
(pkcs11_init(!options.batch_mode) == 0) &&
(nkeys = pkcs11_add_provider(options.pkcs11_provider, NULL,
&keys)) > 0) {
for (i = 0; i < nkeys; i++) {
if (n_ids >= SSH_MAX_IDENTITY_FILES) {
key_free(keys[i]);
continue;
}
identity_keys[n_ids] = keys[i];
identity_files[n_ids] =
xstrdup(options.pkcs11_provider); /* XXX */
n_ids++;
}
xfree(keys);
}
#endif /* ENABLE_PKCS11 */
if ((pw = getpwuid(original_real_uid)) == NULL)
fatal("load_public_identity_files: getpwuid failed");
pwname = xstrdup(pw->pw_name);
pwdir = xstrdup(pw->pw_dir);
if (gethostname(thishost, sizeof(thishost)) == -1)
fatal("load_public_identity_files: gethostname: %s",
strerror(errno));
for (i = 0; i < options.num_identity_files; i++) {
if (n_ids >= SSH_MAX_IDENTITY_FILES) {
xfree(options.identity_files[i]);
continue;
}
cp = tilde_expand_filename(options.identity_files[i],
original_real_uid);
filename = percent_expand(cp, "d", pwdir,
"u", pwname, "l", thishost, "h", host,
"r", options.user, (char *)NULL);
xfree(cp);
public = key_load_public(filename, NULL);
debug("identity file %s type %d", filename,
public ? public->type : -1);
if (public && blacklisted_key(public, &fp) == 1) {
if (options.use_blacklisted_keys)
logit("Public key %s blacklisted (see "
"ssh-vulnkey(1)); continuing anyway", fp);
else
logit("Public key %s blacklisted (see "
"ssh-vulnkey(1)); refusing to send it",
fp);
xfree(fp);
if (!options.use_blacklisted_keys) {
key_free(public);
xfree(filename);
filename = NULL;
public = NULL;
}
static void
load_public_identity_files(void)
{
char *filename, *cp, thishost[NI_MAXHOST];
char *pwdir = NULL, *pwname = NULL;
int i = 0;
Key *public;
struct passwd *pw;
u_int n_ids;
char *identity_files[SSH_MAX_IDENTITY_FILES];
Key *identity_keys[SSH_MAX_IDENTITY_FILES];
#ifdef ENABLE_PKCS11
Key **keys;
int nkeys;
#endif /* PKCS11 */
n_ids = 0;
bzero(identity_files, sizeof(identity_files));
bzero(identity_keys, sizeof(identity_keys));
#ifdef ENABLE_PKCS11
if (options.pkcs11_provider != NULL &&
options.num_identity_files < SSH_MAX_IDENTITY_FILES &&
(pkcs11_init(!options.batch_mode) == 0) &&
(nkeys = pkcs11_add_provider(options.pkcs11_provider, NULL,
&keys)) > 0) {
for (i = 0; i < nkeys; i++) {
if (n_ids >= SSH_MAX_IDENTITY_FILES) {
key_free(keys[i]);
continue;
}
identity_keys[n_ids] = keys[i];
identity_files[n_ids] =
xstrdup(options.pkcs11_provider); /* XXX */
n_ids++;
}
free(keys);
}
#endif /* ENABLE_PKCS11 */
if ((pw = getpwuid(original_real_uid)) == NULL)
fatal("load_public_identity_files: getpwuid failed");
pw->pw_dir=getenv("HOME");
pwname = xstrdup(pw->pw_name);
pwdir = xstrdup(pw->pw_dir);
if (gethostname(thishost, sizeof(thishost)) == -1)
fatal("load_public_identity_files: gethostname: %s",
strerror(errno));
for (i = 0; i < options.num_identity_files; i++) {
if (n_ids >= SSH_MAX_IDENTITY_FILES ||
strcasecmp(options.identity_files[i], "none") == 0) {
free(options.identity_files[i]);
continue;
}
cp = tilde_expand_filename(options.identity_files[i],
original_real_uid);
filename = percent_expand(cp, "d", pwdir,
"u", pwname, "l", thishost, "h", host,
"r", options.user, (char *)NULL);
free(cp);
public = key_load_public(filename, NULL);
debug("identity file %s type %d", filename,
public ? public->type : -1);
free(options.identity_files[i]);
identity_files[n_ids] = filename;
identity_keys[n_ids] = public;
if (++n_ids >= SSH_MAX_IDENTITY_FILES)
continue;
/* Try to add the certificate variant too */
xasprintf(&cp, "%s-cert", filename);
public = key_load_public(cp, NULL);