diff options
Diffstat (limited to 'ssh-add.c')
-rw-r--r-- | ssh-add.c | 34 |
1 files changed, 25 insertions, 9 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-add.c,v 1.100 2010/08/31 12:33:38 djm Exp $ */ | 1 | /* $OpenBSD: ssh-add.c,v 1.101 2011/05/04 21:15:29 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -145,8 +145,12 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
145 | char *comment = NULL; | 145 | char *comment = NULL; |
146 | char msg[1024], *certpath; | 146 | char msg[1024], *certpath; |
147 | int fd, perms_ok, ret = -1; | 147 | int fd, perms_ok, ret = -1; |
148 | Buffer keyblob; | ||
148 | 149 | ||
149 | if ((fd = open(filename, O_RDONLY)) < 0) { | 150 | if (strcmp(filename, "-") == 0) { |
151 | fd = STDIN_FILENO; | ||
152 | filename = "(stdin)"; | ||
153 | } else if ((fd = open(filename, O_RDONLY)) < 0) { | ||
150 | perror(filename); | 154 | perror(filename); |
151 | return -1; | 155 | return -1; |
152 | } | 156 | } |
@@ -155,18 +159,28 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
155 | * Since we'll try to load a keyfile multiple times, permission errors | 159 | * Since we'll try to load a keyfile multiple times, permission errors |
156 | * will occur multiple times, so check perms first and bail if wrong. | 160 | * will occur multiple times, so check perms first and bail if wrong. |
157 | */ | 161 | */ |
158 | perms_ok = key_perm_ok(fd, filename); | 162 | if (fd != STDIN_FILENO) { |
159 | close(fd); | 163 | perms_ok = key_perm_ok(fd, filename); |
160 | if (!perms_ok) | 164 | if (!perms_ok) { |
165 | close(fd); | ||
166 | return -1; | ||
167 | } | ||
168 | } | ||
169 | buffer_init(&keyblob); | ||
170 | if (!key_load_file(fd, filename, &keyblob)) { | ||
171 | buffer_free(&keyblob); | ||
172 | close(fd); | ||
161 | return -1; | 173 | return -1; |
174 | } | ||
175 | close(fd); | ||
162 | 176 | ||
163 | /* At first, try empty passphrase */ | 177 | /* At first, try empty passphrase */ |
164 | private = key_load_private(filename, "", &comment); | 178 | private = key_parse_private(&keyblob, filename, "", &comment); |
165 | if (comment == NULL) | 179 | if (comment == NULL) |
166 | comment = xstrdup(filename); | 180 | comment = xstrdup(filename); |
167 | /* try last */ | 181 | /* try last */ |
168 | if (private == NULL && pass != NULL) | 182 | if (private == NULL && pass != NULL) |
169 | private = key_load_private(filename, pass, NULL); | 183 | private = key_parse_private(&keyblob, filename, pass, NULL); |
170 | if (private == NULL) { | 184 | if (private == NULL) { |
171 | /* clear passphrase since it did not work */ | 185 | /* clear passphrase since it did not work */ |
172 | clear_pass(); | 186 | clear_pass(); |
@@ -177,9 +191,11 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
177 | if (strcmp(pass, "") == 0) { | 191 | if (strcmp(pass, "") == 0) { |
178 | clear_pass(); | 192 | clear_pass(); |
179 | xfree(comment); | 193 | xfree(comment); |
194 | buffer_free(&keyblob); | ||
180 | return -1; | 195 | return -1; |
181 | } | 196 | } |
182 | private = key_load_private(filename, pass, &comment); | 197 | private = key_parse_private(&keyblob, filename, pass, |
198 | &comment); | ||
183 | if (private != NULL) | 199 | if (private != NULL) |
184 | break; | 200 | break; |
185 | clear_pass(); | 201 | clear_pass(); |
@@ -187,6 +203,7 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
187 | "Bad passphrase, try again for %.200s: ", comment); | 203 | "Bad passphrase, try again for %.200s: ", comment); |
188 | } | 204 | } |
189 | } | 205 | } |
206 | buffer_free(&keyblob); | ||
190 | 207 | ||
191 | if (ssh_add_identity_constrained(ac, private, comment, lifetime, | 208 | if (ssh_add_identity_constrained(ac, private, comment, lifetime, |
192 | confirm)) { | 209 | confirm)) { |
@@ -372,7 +389,6 @@ main(int argc, char **argv) | |||
372 | sanitise_stdfd(); | 389 | sanitise_stdfd(); |
373 | 390 | ||
374 | __progname = ssh_get_progname(argv[0]); | 391 | __progname = ssh_get_progname(argv[0]); |
375 | init_rng(); | ||
376 | seed_rng(); | 392 | seed_rng(); |
377 | 393 | ||
378 | OpenSSL_add_all_algorithms(); | 394 | OpenSSL_add_all_algorithms(); |