summaryrefslogtreecommitdiff
path: root/ssh-add.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssh-add.c')
-rw-r--r--ssh-add.c34
1 files changed, 25 insertions, 9 deletions
diff --git a/ssh-add.c b/ssh-add.c
index 125d6645b..6d5e2a957 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-add.c,v 1.100 2010/08/31 12:33:38 djm Exp $ */ 1/* $OpenBSD: ssh-add.c,v 1.101 2011/05/04 21:15:29 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -145,8 +145,12 @@ add_file(AuthenticationConnection *ac, const char *filename)
145 char *comment = NULL; 145 char *comment = NULL;
146 char msg[1024], *certpath; 146 char msg[1024], *certpath;
147 int fd, perms_ok, ret = -1; 147 int fd, perms_ok, ret = -1;
148 Buffer keyblob;
148 149
149 if ((fd = open(filename, O_RDONLY)) < 0) { 150 if (strcmp(filename, "-") == 0) {
151 fd = STDIN_FILENO;
152 filename = "(stdin)";
153 } else if ((fd = open(filename, O_RDONLY)) < 0) {
150 perror(filename); 154 perror(filename);
151 return -1; 155 return -1;
152 } 156 }
@@ -155,18 +159,28 @@ add_file(AuthenticationConnection *ac, const char *filename)
155 * Since we'll try to load a keyfile multiple times, permission errors 159 * Since we'll try to load a keyfile multiple times, permission errors
156 * will occur multiple times, so check perms first and bail if wrong. 160 * will occur multiple times, so check perms first and bail if wrong.
157 */ 161 */
158 perms_ok = key_perm_ok(fd, filename); 162 if (fd != STDIN_FILENO) {
159 close(fd); 163 perms_ok = key_perm_ok(fd, filename);
160 if (!perms_ok) 164 if (!perms_ok) {
165 close(fd);
166 return -1;
167 }
168 }
169 buffer_init(&keyblob);
170 if (!key_load_file(fd, filename, &keyblob)) {
171 buffer_free(&keyblob);
172 close(fd);
161 return -1; 173 return -1;
174 }
175 close(fd);
162 176
163 /* At first, try empty passphrase */ 177 /* At first, try empty passphrase */
164 private = key_load_private(filename, "", &comment); 178 private = key_parse_private(&keyblob, filename, "", &comment);
165 if (comment == NULL) 179 if (comment == NULL)
166 comment = xstrdup(filename); 180 comment = xstrdup(filename);
167 /* try last */ 181 /* try last */
168 if (private == NULL && pass != NULL) 182 if (private == NULL && pass != NULL)
169 private = key_load_private(filename, pass, NULL); 183 private = key_parse_private(&keyblob, filename, pass, NULL);
170 if (private == NULL) { 184 if (private == NULL) {
171 /* clear passphrase since it did not work */ 185 /* clear passphrase since it did not work */
172 clear_pass(); 186 clear_pass();
@@ -177,9 +191,11 @@ add_file(AuthenticationConnection *ac, const char *filename)
177 if (strcmp(pass, "") == 0) { 191 if (strcmp(pass, "") == 0) {
178 clear_pass(); 192 clear_pass();
179 xfree(comment); 193 xfree(comment);
194 buffer_free(&keyblob);
180 return -1; 195 return -1;
181 } 196 }
182 private = key_load_private(filename, pass, &comment); 197 private = key_parse_private(&keyblob, filename, pass,
198 &comment);
183 if (private != NULL) 199 if (private != NULL)
184 break; 200 break;
185 clear_pass(); 201 clear_pass();
@@ -187,6 +203,7 @@ add_file(AuthenticationConnection *ac, const char *filename)
187 "Bad passphrase, try again for %.200s: ", comment); 203 "Bad passphrase, try again for %.200s: ", comment);
188 } 204 }
189 } 205 }
206 buffer_free(&keyblob);
190 207
191 if (ssh_add_identity_constrained(ac, private, comment, lifetime, 208 if (ssh_add_identity_constrained(ac, private, comment, lifetime,
192 confirm)) { 209 confirm)) {
@@ -372,7 +389,6 @@ main(int argc, char **argv)
372 sanitise_stdfd(); 389 sanitise_stdfd();
373 390
374 __progname = ssh_get_progname(argv[0]); 391 __progname = ssh_get_progname(argv[0]);
375 init_rng();
376 seed_rng(); 392 seed_rng();
377 393
378 OpenSSL_add_all_algorithms(); 394 OpenSSL_add_all_algorithms();