diff options
Diffstat (limited to 'ssh-add.c')
-rw-r--r-- | ssh-add.c | 50 |
1 files changed, 29 insertions, 21 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-add.c,v 1.94 2010/03/01 11:07:06 otto Exp $ */ | 1 | /* $OpenBSD: ssh-add.c,v 1.96 2010/05/14 00:47:22 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -202,7 +202,7 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
202 | "Lifetime set to %d seconds\n", lifetime); | 202 | "Lifetime set to %d seconds\n", lifetime); |
203 | if (confirm != 0) | 203 | if (confirm != 0) |
204 | fprintf(stderr, | 204 | fprintf(stderr, |
205 | "The user has to confirm each use of the key\n"); | 205 | "The user must confirm each use of the key\n"); |
206 | } else { | 206 | } else { |
207 | fprintf(stderr, "Could not add identity: %s\n", filename); | 207 | fprintf(stderr, "Could not add identity: %s\n", filename); |
208 | } | 208 | } |
@@ -210,29 +210,37 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
210 | 210 | ||
211 | /* Now try to add the certificate flavour too */ | 211 | /* Now try to add the certificate flavour too */ |
212 | xasprintf(&certpath, "%s-cert.pub", filename); | 212 | xasprintf(&certpath, "%s-cert.pub", filename); |
213 | if ((cert = key_load_public(certpath, NULL)) != NULL) { | 213 | if ((cert = key_load_public(certpath, NULL)) == NULL) |
214 | /* Graft with private bits */ | 214 | goto out; |
215 | if (key_to_certified(private) != 0) | 215 | |
216 | fatal("%s: key_to_certified failed", __func__); | 216 | if (!key_equal_public(cert, private)) { |
217 | key_cert_copy(cert, private); | 217 | error("Certificate %s does not match private key %s", |
218 | certpath, filename); | ||
218 | key_free(cert); | 219 | key_free(cert); |
220 | goto out; | ||
221 | } | ||
219 | 222 | ||
220 | if (ssh_add_identity_constrained(ac, private, comment, | 223 | /* Graft with private bits */ |
221 | lifetime, confirm)) { | 224 | if (key_to_certified(private, key_cert_is_legacy(cert)) != 0) { |
222 | fprintf(stderr, "Certificate added: %s (%s)\n", | 225 | error("%s: key_to_certified failed", __func__); |
223 | certpath, private->cert->key_id); | 226 | key_free(cert); |
224 | if (lifetime != 0) | 227 | goto out; |
225 | fprintf(stderr, "Lifetime set to %d seconds\n", | ||
226 | lifetime); | ||
227 | if (confirm != 0) | ||
228 | fprintf(stderr, "The user has to confirm each " | ||
229 | "use of the key\n"); | ||
230 | } else { | ||
231 | error("Certificate %s (%s) add failed", certpath, | ||
232 | private->cert->key_id); | ||
233 | } | ||
234 | } | 228 | } |
229 | key_cert_copy(cert, private); | ||
230 | key_free(cert); | ||
235 | 231 | ||
232 | if (!ssh_add_identity_constrained(ac, private, comment, | ||
233 | lifetime, confirm)) { | ||
234 | error("Certificate %s (%s) add failed", certpath, | ||
235 | private->cert->key_id); | ||
236 | } | ||
237 | fprintf(stderr, "Certificate added: %s (%s)\n", certpath, | ||
238 | private->cert->key_id); | ||
239 | if (lifetime != 0) | ||
240 | fprintf(stderr, "Lifetime set to %d seconds\n", lifetime); | ||
241 | if (confirm != 0) | ||
242 | fprintf(stderr, "The user must confirm each use of the key\n"); | ||
243 | out: | ||
236 | xfree(certpath); | 244 | xfree(certpath); |
237 | xfree(comment); | 245 | xfree(comment); |
238 | key_free(private); | 246 | key_free(private); |