summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog5
-rw-r--r--ssh-add.114
-rw-r--r--ssh-add.c38
3 files changed, 43 insertions, 14 deletions
diff --git a/ChangeLog b/ChangeLog
index 199bca169..7cea00cb5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,11 @@
7 Make IdentitiesOnly apply to keys obtained from a PKCS11Provider. 7 Make IdentitiesOnly apply to keys obtained from a PKCS11Provider.
8 This allows control of which keys are offered from tokens using 8 This allows control of which keys are offered from tokens using
9 IdentityFile. ok markus@ 9 IdentityFile. ok markus@
10 - djm@cvs.openbsd.org 2012/12/02 20:42:15
11 [ssh-add.1 ssh-add.c]
12 make deleting explicit keys "ssh-add -d" symmetric with adding keys -
13 try to delete the corresponding certificate too and respect the -k option
14 to allow deleting of the key only; feedback and ok markus@
10 15
1120121114 1620121114
12 - (djm) OpenBSD CVS Sync 17 - (djm) OpenBSD CVS Sync
diff --git a/ssh-add.1 b/ssh-add.1
index aec620dea..af93762ae 100644
--- a/ssh-add.1
+++ b/ssh-add.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-add.1,v 1.56 2011/10/18 05:00:48 djm Exp $ 1.\" $OpenBSD: ssh-add.1,v 1.57 2012/12/02 20:42:15 djm Exp $
2.\" 2.\"
3.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
37.\" 37.\"
38.Dd $Mdocdate: October 18 2011 $ 38.Dd $Mdocdate: December 2 2012 $
39.Dt SSH-ADD 1 39.Dt SSH-ADD 1
40.Os 40.Os
41.Sh NAME 41.Sh NAME
@@ -98,10 +98,10 @@ Deletes all identities from the agent.
98Instead of adding identities, removes identities from the agent. 98Instead of adding identities, removes identities from the agent.
99If 99If
100.Nm 100.Nm
101has been run without arguments, the keys for the default identities will 101has been run without arguments, the keys for the default identities and
102be removed. 102their corresponding certificateswill be removed.
103Otherwise, the argument list will be interpreted as a list of paths to 103Otherwise, the argument list will be interpreted as a list of paths to
104public key files and matching keys will be removed from the agent. 104public key files to specify keys and certificates to be removed from the agent.
105If no public key is found at a given path, 105If no public key is found at a given path,
106.Nm 106.Nm
107will append 107will append
@@ -111,8 +111,8 @@ and retry.
111Remove keys provided by the PKCS#11 shared library 111Remove keys provided by the PKCS#11 shared library
112.Ar pkcs11 . 112.Ar pkcs11 .
113.It Fl k 113.It Fl k
114When loading keys into the agent, load plain private keys only and skip 114When loading keys into or deleting keys from the agent, process plain private
115certificates. 115keys only and skip certificates.
116.It Fl L 116.It Fl L
117Lists public key parameters of all identities currently represented 117Lists public key parameters of all identities currently represented
118by the agent. 118by the agent.
diff --git a/ssh-add.c b/ssh-add.c
index 738644d27..c8936e5ae 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-add.c,v 1.103 2011/10/18 23:37:42 djm Exp $ */ 1/* $OpenBSD: ssh-add.c,v 1.104 2012/12/02 20:42:15 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -96,10 +96,10 @@ clear_pass(void)
96} 96}
97 97
98static int 98static int
99delete_file(AuthenticationConnection *ac, const char *filename) 99delete_file(AuthenticationConnection *ac, const char *filename, int key_only)
100{ 100{
101 Key *public; 101 Key *public = NULL, *cert = NULL;
102 char *comment = NULL; 102 char *certpath = NULL, *comment = NULL;
103 int ret = -1; 103 int ret = -1;
104 104
105 public = key_load_public(filename, &comment); 105 public = key_load_public(filename, &comment);
@@ -113,8 +113,32 @@ delete_file(AuthenticationConnection *ac, const char *filename)
113 } else 113 } else
114 fprintf(stderr, "Could not remove identity: %s\n", filename); 114 fprintf(stderr, "Could not remove identity: %s\n", filename);
115 115
116 key_free(public); 116 if (key_only)
117 xfree(comment); 117 goto out;
118
119 /* Now try to delete the corresponding certificate too */
120 free(comment);
121 xasprintf(&certpath, "%s-cert.pub", filename);
122 if ((cert = key_load_public(certpath, &comment)) == NULL)
123 goto out;
124 if (!key_equal_public(cert, public))
125 fatal("Certificate %s does not match private key %s",
126 certpath, filename);
127
128 if (ssh_remove_identity(ac, cert)) {
129 fprintf(stderr, "Identity removed: %s (%s)\n", certpath,
130 comment);
131 ret = 0;
132 } else
133 fprintf(stderr, "Could not remove identity: %s\n", certpath);
134
135 out:
136 if (cert != NULL)
137 key_free(cert);
138 if (public != NULL)
139 key_free(public);
140 free(certpath);
141 free(comment);
118 142
119 return ret; 143 return ret;
120} 144}
@@ -354,7 +378,7 @@ static int
354do_file(AuthenticationConnection *ac, int deleting, int key_only, char *file) 378do_file(AuthenticationConnection *ac, int deleting, int key_only, char *file)
355{ 379{
356 if (deleting) { 380 if (deleting) {
357 if (delete_file(ac, file) == -1) 381 if (delete_file(ac, file, key_only) == -1)
358 return -1; 382 return -1;
359 } else { 383 } else {
360 if (add_file(ac, file, key_only) == -1) 384 if (add_file(ac, file, key_only) == -1)