diff options
Diffstat (limited to 'ssh-add.c')
-rw-r--r-- | ssh-add.c | 50 |
1 files changed, 29 insertions, 21 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-add.c,v 1.95 2010/04/16 01:47:26 djm Exp $ */ | 1 | /* $OpenBSD: ssh-add.c,v 1.96 2010/05/14 00:47:22 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -194,7 +194,7 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
194 | "Lifetime set to %d seconds\n", lifetime); | 194 | "Lifetime set to %d seconds\n", lifetime); |
195 | if (confirm != 0) | 195 | if (confirm != 0) |
196 | fprintf(stderr, | 196 | fprintf(stderr, |
197 | "The user has to confirm each use of the key\n"); | 197 | "The user must confirm each use of the key\n"); |
198 | } else { | 198 | } else { |
199 | fprintf(stderr, "Could not add identity: %s\n", filename); | 199 | fprintf(stderr, "Could not add identity: %s\n", filename); |
200 | } | 200 | } |
@@ -202,29 +202,37 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
202 | 202 | ||
203 | /* Now try to add the certificate flavour too */ | 203 | /* Now try to add the certificate flavour too */ |
204 | xasprintf(&certpath, "%s-cert.pub", filename); | 204 | xasprintf(&certpath, "%s-cert.pub", filename); |
205 | if ((cert = key_load_public(certpath, NULL)) != NULL) { | 205 | if ((cert = key_load_public(certpath, NULL)) == NULL) |
206 | /* Graft with private bits */ | 206 | goto out; |
207 | if (key_to_certified(private, key_cert_is_legacy(cert)) != 0) | 207 | |
208 | fatal("%s: key_to_certified failed", __func__); | 208 | if (!key_equal_public(cert, private)) { |
209 | key_cert_copy(cert, private); | 209 | error("Certificate %s does not match private key %s", |
210 | certpath, filename); | ||
210 | key_free(cert); | 211 | key_free(cert); |
212 | goto out; | ||
213 | } | ||
211 | 214 | ||
212 | if (ssh_add_identity_constrained(ac, private, comment, | 215 | /* Graft with private bits */ |
213 | lifetime, confirm)) { | 216 | if (key_to_certified(private, key_cert_is_legacy(cert)) != 0) { |
214 | fprintf(stderr, "Certificate added: %s (%s)\n", | 217 | error("%s: key_to_certified failed", __func__); |
215 | certpath, private->cert->key_id); | 218 | key_free(cert); |
216 | if (lifetime != 0) | 219 | goto out; |
217 | fprintf(stderr, "Lifetime set to %d seconds\n", | ||
218 | lifetime); | ||
219 | if (confirm != 0) | ||
220 | fprintf(stderr, "The user has to confirm each " | ||
221 | "use of the key\n"); | ||
222 | } else { | ||
223 | error("Certificate %s (%s) add failed", certpath, | ||
224 | private->cert->key_id); | ||
225 | } | ||
226 | } | 220 | } |
221 | key_cert_copy(cert, private); | ||
222 | key_free(cert); | ||
227 | 223 | ||
224 | if (!ssh_add_identity_constrained(ac, private, comment, | ||
225 | lifetime, confirm)) { | ||
226 | error("Certificate %s (%s) add failed", certpath, | ||
227 | private->cert->key_id); | ||
228 | } | ||
229 | fprintf(stderr, "Certificate added: %s (%s)\n", certpath, | ||
230 | private->cert->key_id); | ||
231 | if (lifetime != 0) | ||
232 | fprintf(stderr, "Lifetime set to %d seconds\n", lifetime); | ||
233 | if (confirm != 0) | ||
234 | fprintf(stderr, "The user must confirm each use of the key\n"); | ||
235 | out: | ||
228 | xfree(certpath); | 236 | xfree(certpath); |
229 | xfree(comment); | 237 | xfree(comment); |
230 | key_free(private); | 238 | key_free(private); |