diff options
author | Colin Watson <cjwatson@debian.org> | 2012-05-17 13:04:02 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2012-05-17 13:04:02 +0100 |
commit | dd5ed53e20d218607260916a6b04d1c8c5b3d88f (patch) | |
tree | c59b4dbcc610f10700945f885adf3bddc2542c26 /ssh-add.c | |
parent | 8241a65bf12ac53c1b7304bba7ce739aad80b8b8 (diff) | |
parent | b9bc38990c5eb5d99e28ca5af6d3491fd4a0060a (diff) |
merge 6.0p1
Diffstat (limited to 'ssh-add.c')
-rw-r--r-- | ssh-add.c | 32 |
1 files changed, 20 insertions, 12 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-add.c,v 1.101 2011/05/04 21:15:29 djm Exp $ */ | 1 | /* $OpenBSD: ssh-add.c,v 1.103 2011/10/18 23:37:42 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -139,11 +139,11 @@ delete_all(AuthenticationConnection *ac) | |||
139 | } | 139 | } |
140 | 140 | ||
141 | static int | 141 | static int |
142 | add_file(AuthenticationConnection *ac, const char *filename) | 142 | add_file(AuthenticationConnection *ac, const char *filename, int key_only) |
143 | { | 143 | { |
144 | Key *private, *cert; | 144 | Key *private, *cert; |
145 | char *comment = NULL; | 145 | char *comment = NULL; |
146 | char msg[1024], *certpath; | 146 | char msg[1024], *certpath = NULL; |
147 | int fd, perms_ok, ret = -1; | 147 | int fd, perms_ok, ret = -1; |
148 | Buffer keyblob; | 148 | Buffer keyblob; |
149 | 149 | ||
@@ -219,6 +219,9 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
219 | fprintf(stderr, "Could not add identity: %s\n", filename); | 219 | fprintf(stderr, "Could not add identity: %s\n", filename); |
220 | } | 220 | } |
221 | 221 | ||
222 | /* Skip trying to load the cert if requested */ | ||
223 | if (key_only) | ||
224 | goto out; | ||
222 | 225 | ||
223 | /* Now try to add the certificate flavour too */ | 226 | /* Now try to add the certificate flavour too */ |
224 | xasprintf(&certpath, "%s-cert.pub", filename); | 227 | xasprintf(&certpath, "%s-cert.pub", filename); |
@@ -253,7 +256,8 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
253 | if (confirm != 0) | 256 | if (confirm != 0) |
254 | fprintf(stderr, "The user must confirm each use of the key\n"); | 257 | fprintf(stderr, "The user must confirm each use of the key\n"); |
255 | out: | 258 | out: |
256 | xfree(certpath); | 259 | if (certpath != NULL) |
260 | xfree(certpath); | ||
257 | xfree(comment); | 261 | xfree(comment); |
258 | key_free(private); | 262 | key_free(private); |
259 | 263 | ||
@@ -347,13 +351,13 @@ lock_agent(AuthenticationConnection *ac, int lock) | |||
347 | } | 351 | } |
348 | 352 | ||
349 | static int | 353 | static int |
350 | do_file(AuthenticationConnection *ac, int deleting, char *file) | 354 | do_file(AuthenticationConnection *ac, int deleting, int key_only, char *file) |
351 | { | 355 | { |
352 | if (deleting) { | 356 | if (deleting) { |
353 | if (delete_file(ac, file) == -1) | 357 | if (delete_file(ac, file) == -1) |
354 | return -1; | 358 | return -1; |
355 | } else { | 359 | } else { |
356 | if (add_file(ac, file) == -1) | 360 | if (add_file(ac, file, key_only) == -1) |
357 | return -1; | 361 | return -1; |
358 | } | 362 | } |
359 | return 0; | 363 | return 0; |
@@ -366,12 +370,13 @@ usage(void) | |||
366 | fprintf(stderr, "Options:\n"); | 370 | fprintf(stderr, "Options:\n"); |
367 | fprintf(stderr, " -l List fingerprints of all identities.\n"); | 371 | fprintf(stderr, " -l List fingerprints of all identities.\n"); |
368 | fprintf(stderr, " -L List public key parameters of all identities.\n"); | 372 | fprintf(stderr, " -L List public key parameters of all identities.\n"); |
373 | fprintf(stderr, " -k Load only keys and not certificates.\n"); | ||
374 | fprintf(stderr, " -c Require confirmation to sign using identities\n"); | ||
375 | fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n"); | ||
369 | fprintf(stderr, " -d Delete identity.\n"); | 376 | fprintf(stderr, " -d Delete identity.\n"); |
370 | fprintf(stderr, " -D Delete all identities.\n"); | 377 | fprintf(stderr, " -D Delete all identities.\n"); |
371 | fprintf(stderr, " -x Lock agent.\n"); | 378 | fprintf(stderr, " -x Lock agent.\n"); |
372 | fprintf(stderr, " -X Unlock agent.\n"); | 379 | fprintf(stderr, " -X Unlock agent.\n"); |
373 | fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n"); | ||
374 | fprintf(stderr, " -c Require confirmation to sign using identities\n"); | ||
375 | fprintf(stderr, " -s pkcs11 Add keys from PKCS#11 provider.\n"); | 380 | fprintf(stderr, " -s pkcs11 Add keys from PKCS#11 provider.\n"); |
376 | fprintf(stderr, " -e pkcs11 Remove keys provided by PKCS#11 provider.\n"); | 381 | fprintf(stderr, " -e pkcs11 Remove keys provided by PKCS#11 provider.\n"); |
377 | } | 382 | } |
@@ -383,7 +388,7 @@ main(int argc, char **argv) | |||
383 | extern int optind; | 388 | extern int optind; |
384 | AuthenticationConnection *ac = NULL; | 389 | AuthenticationConnection *ac = NULL; |
385 | char *pkcs11provider = NULL; | 390 | char *pkcs11provider = NULL; |
386 | int i, ch, deleting = 0, ret = 0; | 391 | int i, ch, deleting = 0, ret = 0, key_only = 0; |
387 | 392 | ||
388 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | 393 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
389 | sanitise_stdfd(); | 394 | sanitise_stdfd(); |
@@ -400,8 +405,11 @@ main(int argc, char **argv) | |||
400 | "Could not open a connection to your authentication agent.\n"); | 405 | "Could not open a connection to your authentication agent.\n"); |
401 | exit(2); | 406 | exit(2); |
402 | } | 407 | } |
403 | while ((ch = getopt(argc, argv, "lLcdDxXe:s:t:")) != -1) { | 408 | while ((ch = getopt(argc, argv, "klLcdDxXe:s:t:")) != -1) { |
404 | switch (ch) { | 409 | switch (ch) { |
410 | case 'k': | ||
411 | key_only = 1; | ||
412 | break; | ||
405 | case 'l': | 413 | case 'l': |
406 | case 'L': | 414 | case 'L': |
407 | if (list_identities(ac, ch == 'l' ? 1 : 0) == -1) | 415 | if (list_identities(ac, ch == 'l' ? 1 : 0) == -1) |
@@ -467,7 +475,7 @@ main(int argc, char **argv) | |||
467 | default_files[i]); | 475 | default_files[i]); |
468 | if (stat(buf, &st) < 0) | 476 | if (stat(buf, &st) < 0) |
469 | continue; | 477 | continue; |
470 | if (do_file(ac, deleting, buf) == -1) | 478 | if (do_file(ac, deleting, key_only, buf) == -1) |
471 | ret = 1; | 479 | ret = 1; |
472 | else | 480 | else |
473 | count++; | 481 | count++; |
@@ -476,7 +484,7 @@ main(int argc, char **argv) | |||
476 | ret = 1; | 484 | ret = 1; |
477 | } else { | 485 | } else { |
478 | for (i = 0; i < argc; i++) { | 486 | for (i = 0; i < argc; i++) { |
479 | if (do_file(ac, deleting, argv[i]) == -1) | 487 | if (do_file(ac, deleting, key_only, argv[i]) == -1) |
480 | ret = 1; | 488 | ret = 1; |
481 | } | 489 | } |
482 | } | 490 | } |