ssh: Allow to define the order in which keys are returned.

* agent/findkey.c (public_key_from_file): Add arg r_sshorder.
(agent_ssh_key_from_file): Ditto.
* agent/command-ssh.c (struct key_collection_item_s): New.
(struct key_collection_s): New.
(search_control_file): Add art r_lnr.
(add_to_key_array): New.
(free_key_array): New.
(compare_key_collection_items): New.
(ssh_send_available_keys): Rewrite to return the keys in the user
given order.
--

GnuPG-bug-id: 6212

We now first return the keys from active cards, followed by keys
listed in sshcontrol, finally from those with the "Use-for-ssh" key
attribute.  Keys from active cards are returned sorted by their S/N.
Keys from sshcontrol are returned in the order they are given in that
file.  Use-for-ssh keys are ordered by the value assigned to that key
attribute.  The values for the latter are clamped at 99999.

1 files changed, 3 insertions, 1 deletions

diff --git a/agent/keyformat.txt b/agent/keyformat.txt
index 42e6d215e..bbcaa7e2c 100644
--- a/agent/keyformat.txt
+++ b/agent/keyformat.txt
@@ -122,7 +122,9 @@ similar to the "shadow" parameter:
 If given and the value is "yes" or "1" the key is allowed for use by
 gpg-agent's ssh-agent implementation.  This is thus the same as
 putting the keygrip into the 'sshcontrol' file.  Only one such item
-should exist.
+should exist.  If another non-zero value between 1 and 99999 is used,
+this is taken to establish the order in which the keys are returned to
+ssh; lower numbers are returned first.
 
 *** Use-for-p11
 If given and the value is "yes" or "1" the key is allowed for use by