- djm@cvs.openbsd.org 2011/05/04 21:15:29

     [authfile.c authfile.h ssh-add.c]
     allow "ssh-add - < key"; feedback and ok markus@

1 files changed, 25 insertions, 8 deletions

diff --git a/ssh-add.c b/ssh-add.c
index 94b68ac18..6d5e2a957 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.100 2010/08/31 12:33:38 djm Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.101 2011/05/04 21:15:29 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -145,8 +145,12 @@ add_file(AuthenticationConnection *ac, const char *filename)
         char *comment = NULL;
         char msg[1024], *certpath;
         int fd, perms_ok, ret = -1;
+        Buffer keyblob;
 
-        if ((fd = open(filename, O_RDONLY)) < 0) {
+        if (strcmp(filename, "-") == 0) {
+                fd = STDIN_FILENO;
+                filename = "(stdin)";
+        } else if ((fd = open(filename, O_RDONLY)) < 0) {
                 perror(filename);
                 return -1;
         }
@@ -155,18 +159,28 @@ add_file(AuthenticationConnection *ac, const char *filename)
          * Since we'll try to load a keyfile multiple times, permission errors
          * will occur multiple times, so check perms first and bail if wrong.
          */
-        perms_ok = key_perm_ok(fd, filename);
-        close(fd);
-        if (!perms_ok)
+        if (fd != STDIN_FILENO) {
+                perms_ok = key_perm_ok(fd, filename);
+                if (!perms_ok) {
+                        close(fd);
+                        return -1;
+                }
+        }
+        buffer_init(&keyblob);
+        if (!key_load_file(fd, filename, &keyblob)) {
+                buffer_free(&keyblob);
+                close(fd);
                 return -1;
+        }
+        close(fd);
 
         /* At first, try empty passphrase */
-        private = key_load_private(filename, "", &comment);
+        private = key_parse_private(&keyblob, filename, "", &comment);
         if (comment == NULL)
                 comment = xstrdup(filename);
         /* try last */
         if (private == NULL && pass != NULL)
-                private = key_load_private(filename, pass, NULL);
+                private = key_parse_private(&keyblob, filename, pass, NULL);
         if (private == NULL) {
                 /* clear passphrase since it did not work */
                 clear_pass();
@@ -177,9 +191,11 @@ add_file(AuthenticationConnection *ac, const char *filename)
                         if (strcmp(pass, "") == 0) {
                                 clear_pass();
                                 xfree(comment);
+                                buffer_free(&keyblob);
                                 return -1;
                         }
-                        private = key_load_private(filename, pass, &comment);
+                        private = key_parse_private(&keyblob, filename, pass,
+                            &comment);
                         if (private != NULL)
                                 break;
                         clear_pass();
@@ -187,6 +203,7 @@ add_file(AuthenticationConnection *ac, const char *filename)
                             "Bad passphrase, try again for %.200s: ", comment);
                 }
         }
+        buffer_free(&keyblob);
 
         if (ssh_add_identity_constrained(ac, private, comment, lifetime,
             confirm)) {