diff options
| author | Damien Miller <djm@mindrot.org> | 2012-12-03 09:50:24 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2012-12-03 09:50:24 +1100 |
| commit | 33a813613a9f48acba0e88f4c51a6a25259bbebc (patch) | |
| tree | 0b987e5c011da04c14870e54435bbf7442fcfbbf /ssh-add.c | |
| parent | cb6b68b209d8868a94a30b1a634beb1a65cb5265 (diff) | |
- djm@cvs.openbsd.org 2012/12/02 20:42:15
[ssh-add.1 ssh-add.c]
make deleting explicit keys "ssh-add -d" symmetric with adding keys -
try to delete the corresponding certificate too and respect the -k option
to allow deleting of the key only; feedback and ok markus@
Diffstat (limited to 'ssh-add.c')
| -rw-r--r-- | ssh-add.c | 38 |
1 files changed, 31 insertions, 7 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-add.c,v 1.103 2011/10/18 23:37:42 djm Exp $ */ | 1 | /* $OpenBSD: ssh-add.c,v 1.104 2012/12/02 20:42:15 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -96,10 +96,10 @@ clear_pass(void) | |||
| 96 | } | 96 | } |
| 97 | 97 | ||
| 98 | static int | 98 | static int |
| 99 | delete_file(AuthenticationConnection *ac, const char *filename) | 99 | delete_file(AuthenticationConnection *ac, const char *filename, int key_only) |
| 100 | { | 100 | { |
| 101 | Key *public; | 101 | Key *public = NULL, *cert = NULL; |
| 102 | char *comment = NULL; | 102 | char *certpath = NULL, *comment = NULL; |
| 103 | int ret = -1; | 103 | int ret = -1; |
| 104 | 104 | ||
| 105 | public = key_load_public(filename, &comment); | 105 | public = key_load_public(filename, &comment); |
| @@ -113,8 +113,32 @@ delete_file(AuthenticationConnection *ac, const char *filename) | |||
| 113 | } else | 113 | } else |
| 114 | fprintf(stderr, "Could not remove identity: %s\n", filename); | 114 | fprintf(stderr, "Could not remove identity: %s\n", filename); |
| 115 | 115 | ||
| 116 | key_free(public); | 116 | if (key_only) |
| 117 | xfree(comment); | 117 | goto out; |
| 118 | |||
| 119 | /* Now try to delete the corresponding certificate too */ | ||
| 120 | free(comment); | ||
| 121 | xasprintf(&certpath, "%s-cert.pub", filename); | ||
| 122 | if ((cert = key_load_public(certpath, &comment)) == NULL) | ||
| 123 | goto out; | ||
| 124 | if (!key_equal_public(cert, public)) | ||
| 125 | fatal("Certificate %s does not match private key %s", | ||
| 126 | certpath, filename); | ||
| 127 | |||
| 128 | if (ssh_remove_identity(ac, cert)) { | ||
| 129 | fprintf(stderr, "Identity removed: %s (%s)\n", certpath, | ||
| 130 | comment); | ||
| 131 | ret = 0; | ||
| 132 | } else | ||
| 133 | fprintf(stderr, "Could not remove identity: %s\n", certpath); | ||
| 134 | |||
| 135 | out: | ||
| 136 | if (cert != NULL) | ||
| 137 | key_free(cert); | ||
| 138 | if (public != NULL) | ||
| 139 | key_free(public); | ||
| 140 | free(certpath); | ||
| 141 | free(comment); | ||
| 118 | 142 | ||
| 119 | return ret; | 143 | return ret; |
| 120 | } | 144 | } |
| @@ -354,7 +378,7 @@ static int | |||
| 354 | do_file(AuthenticationConnection *ac, int deleting, int key_only, char *file) | 378 | do_file(AuthenticationConnection *ac, int deleting, int key_only, char *file) |
| 355 | { | 379 | { |
| 356 | if (deleting) { | 380 | if (deleting) { |
| 357 | if (delete_file(ac, file) == -1) | 381 | if (delete_file(ac, file, key_only) == -1) |
| 358 | return -1; | 382 | return -1; |
| 359 | } else { | 383 | } else { |
| 360 | if (add_file(ac, file, key_only) == -1) | 384 | if (add_file(ac, file, key_only) == -1) |