diff options
author | Damien Miller <djm@mindrot.org> | 2003-01-24 11:36:23 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2003-01-24 11:36:23 +1100 |
commit | 6c71179f6839ab49e4e8a91209eef85dc190d5f1 (patch) | |
tree | 199fd690f2933dc18a687d5b86be467a2250f2d1 /ssh-add.c | |
parent | 5a93add673a68d9ef67504b17913254498f4deb9 (diff) |
- markus@cvs.openbsd.org 2003/01/23 13:50:27
[authfd.c authfd.h readpass.c ssh-add.1 ssh-add.c ssh-agent.c]
ssh-add -c, prompt user for confirmation (using ssh-askpass) when
private agent key is used; with djm@; test by dugsong@, djm@;
ok deraadt@
Diffstat (limited to 'ssh-add.c')
-rw-r--r-- | ssh-add.c | 17 |
1 files changed, 14 insertions, 3 deletions
@@ -35,7 +35,7 @@ | |||
35 | */ | 35 | */ |
36 | 36 | ||
37 | #include "includes.h" | 37 | #include "includes.h" |
38 | RCSID("$OpenBSD: ssh-add.c,v 1.64 2002/11/21 23:03:51 deraadt Exp $"); | 38 | RCSID("$OpenBSD: ssh-add.c,v 1.65 2003/01/23 13:50:27 markus Exp $"); |
39 | 39 | ||
40 | #include <openssl/evp.h> | 40 | #include <openssl/evp.h> |
41 | 41 | ||
@@ -70,6 +70,9 @@ static char *default_files[] = { | |||
70 | /* Default lifetime (0 == forever) */ | 70 | /* Default lifetime (0 == forever) */ |
71 | static int lifetime = 0; | 71 | static int lifetime = 0; |
72 | 72 | ||
73 | /* User has to confirm key use */ | ||
74 | static int confirm = 0; | ||
75 | |||
73 | /* we keep a cache of one passphrases */ | 76 | /* we keep a cache of one passphrases */ |
74 | static char *pass = NULL; | 77 | static char *pass = NULL; |
75 | static void | 78 | static void |
@@ -165,12 +168,16 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
165 | } | 168 | } |
166 | } | 169 | } |
167 | 170 | ||
168 | if (ssh_add_identity_constrained(ac, private, comment, lifetime)) { | 171 | if (ssh_add_identity_constrained(ac, private, comment, lifetime, |
172 | confirm)) { | ||
169 | fprintf(stderr, "Identity added: %s (%s)\n", filename, comment); | 173 | fprintf(stderr, "Identity added: %s (%s)\n", filename, comment); |
170 | ret = 0; | 174 | ret = 0; |
171 | if (lifetime != 0) | 175 | if (lifetime != 0) |
172 | fprintf(stderr, | 176 | fprintf(stderr, |
173 | "Lifetime set to %d seconds\n", lifetime); | 177 | "Lifetime set to %d seconds\n", lifetime); |
178 | if (confirm != 0) | ||
179 | fprintf(stderr, | ||
180 | "The user has to confirm each use of the key\n"); | ||
174 | } else if (ssh_add_identity(ac, private, comment)) { | 181 | } else if (ssh_add_identity(ac, private, comment)) { |
175 | fprintf(stderr, "Identity added: %s (%s)\n", filename, comment); | 182 | fprintf(stderr, "Identity added: %s (%s)\n", filename, comment); |
176 | ret = 0; | 183 | ret = 0; |
@@ -292,6 +299,7 @@ usage(void) | |||
292 | fprintf(stderr, " -x Lock agent.\n"); | 299 | fprintf(stderr, " -x Lock agent.\n"); |
293 | fprintf(stderr, " -X Unlock agent.\n"); | 300 | fprintf(stderr, " -X Unlock agent.\n"); |
294 | fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n"); | 301 | fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n"); |
302 | fprintf(stderr, " -c Require confirmation to sign using identities\n"); | ||
295 | #ifdef SMARTCARD | 303 | #ifdef SMARTCARD |
296 | fprintf(stderr, " -s reader Add key in smartcard reader.\n"); | 304 | fprintf(stderr, " -s reader Add key in smartcard reader.\n"); |
297 | fprintf(stderr, " -e reader Remove key in smartcard reader.\n"); | 305 | fprintf(stderr, " -e reader Remove key in smartcard reader.\n"); |
@@ -319,7 +327,7 @@ main(int argc, char **argv) | |||
319 | fprintf(stderr, "Could not open a connection to your authentication agent.\n"); | 327 | fprintf(stderr, "Could not open a connection to your authentication agent.\n"); |
320 | exit(2); | 328 | exit(2); |
321 | } | 329 | } |
322 | while ((ch = getopt(argc, argv, "lLdDxXe:s:t:")) != -1) { | 330 | while ((ch = getopt(argc, argv, "lLcdDxXe:s:t:")) != -1) { |
323 | switch (ch) { | 331 | switch (ch) { |
324 | case 'l': | 332 | case 'l': |
325 | case 'L': | 333 | case 'L': |
@@ -333,6 +341,9 @@ main(int argc, char **argv) | |||
333 | ret = 1; | 341 | ret = 1; |
334 | goto done; | 342 | goto done; |
335 | break; | 343 | break; |
344 | case 'c': | ||
345 | confirm = 1; | ||
346 | break; | ||
336 | case 'd': | 347 | case 'd': |
337 | deleting = 1; | 348 | deleting = 1; |
338 | break; | 349 | break; |