1 files changed, 31 insertions, 3 deletions
diff --git a/ssh-add.c b/ssh-add.c
index 90e5be20b..a7963223a 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.92 2010/02/08 10:50:20 markus Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.93 2010/02/26 20:29:54 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -138,9 +138,9 @@ delete_all(AuthenticationConnection *ac)
 static int
 add_file(AuthenticationConnection *ac, const char *filename)
 {
-        Key *private;
+        Key *private, *cert;
        char *comment = NULL;
-        char msg[1024];
+        char msg[1024], *certpath;
        int fd, perms_ok, ret = -1;
        if ((fd = open(filename, O_RDONLY)) < 0) {
@@ -199,6 +199,34 @@ add_file(AuthenticationConnection *ac, const char *filename)
                fprintf(stderr, "Could not add identity: %s\n", filename);
        }
+        /* Now try to add the certificate flavour too */
+        xasprintf(&certpath, "%s-cert.pub", filename);
+        if ((cert = key_load_public(certpath, NULL)) != NULL) {
+                /* Graft with private bits */
+                if (key_to_certified(private) != 0)
+                        fatal("%s: key_to_certified failed", __func__);
+                key_cert_copy(cert, private);
+                key_free(cert);
+                if (ssh_add_identity_constrained(ac, private, comment,
+                    lifetime, confirm)) {
+                        fprintf(stderr, "Certificate added: %s (%s)\n",
+                            certpath, private->cert->key_id);
+                        if (lifetime != 0)
+                                fprintf(stderr, "Lifetime set to %d seconds\n",
+                                    lifetime);
+                        if (confirm != 0)
+                                fprintf(stderr, "The user has to confirm each "
+                                    "use of the key\n");
+                } else {
+                        error("Certificate %s (%s) add failed", certpath,
+                            private->cert->key_id);
+                }
+        } else
+                fprintf(stderr, "Unable to load certificate %s", certpath);
+        xfree(certpath);
        xfree(comment);
        key_free(private);

diff --git a/ssh-add.c b/ssh-add.c index 90e5be20b..a7963223a 100644 --- a/ssh-add.c +++ b/ssh-add.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssh-add.c,v 1.92 2010/02/08 10:50:20 markus Exp $ */	1	/* $OpenBSD: ssh-add.c,v 1.93 2010/02/26 20:29:54 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -138,9 +138,9 @@ delete_all(AuthenticationConnection *ac)
138	static int	138	static int
139	add_file(AuthenticationConnection ac, const char filename)	139	add_file(AuthenticationConnection ac, const char filename)
140	{	140	{
141	Key *private;	141	Key private, cert;
142	char *comment = NULL;	142	char *comment = NULL;
143	char msg[1024];	143	char msg[1024], *certpath;
144	int fd, perms_ok, ret = -1;	144	int fd, perms_ok, ret = -1;
145		145
146	if ((fd = open(filename, O_RDONLY)) < 0) {	146	if ((fd = open(filename, O_RDONLY)) < 0) {
@@ -199,6 +199,34 @@ add_file(AuthenticationConnection ac, const char filename)
199	fprintf(stderr, "Could not add identity: %s\n", filename);	199	fprintf(stderr, "Could not add identity: %s\n", filename);
200	}	200	}
201		201
		202
		203	/* Now try to add the certificate flavour too */
		204	xasprintf(&certpath, "%s-cert.pub", filename);
		205	if ((cert = key_load_public(certpath, NULL)) != NULL) {
		206	/* Graft with private bits */
		207	if (key_to_certified(private) != 0)
		208	fatal("%s: key_to_certified failed", __func__);
		209	key_cert_copy(cert, private);
		210	key_free(cert);
		211
		212	if (ssh_add_identity_constrained(ac, private, comment,
		213	lifetime, confirm)) {
		214	fprintf(stderr, "Certificate added: %s (%s)\n",
		215	certpath, private->cert->key_id);
		216	if (lifetime != 0)
		217	fprintf(stderr, "Lifetime set to %d seconds\n",
		218	lifetime);
		219	if (confirm != 0)
		220	fprintf(stderr, "The user has to confirm each "
		221	"use of the key\n");
		222	} else {
		223	error("Certificate %s (%s) add failed", certpath,
		224	private->cert->key_id);
		225	}
		226	} else
		227	fprintf(stderr, "Unable to load certificate %s", certpath);
		228
		229	xfree(certpath);
202	xfree(comment);	230	xfree(comment);
203	key_free(private);	231	key_free(private);
204		232