diff options
Diffstat (limited to 'ssh-add.c')
-rw-r--r-- | ssh-add.c | 51 |
1 files changed, 38 insertions, 13 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-add.c,v 1.90 2007/09/09 11:38:01 sobrado Exp $ */ | 1 | /* $OpenBSD: ssh-add.c,v 1.94 2010/03/01 11:07:06 otto Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -138,9 +138,9 @@ delete_all(AuthenticationConnection *ac) | |||
138 | static int | 138 | static int |
139 | add_file(AuthenticationConnection *ac, const char *filename) | 139 | add_file(AuthenticationConnection *ac, const char *filename) |
140 | { | 140 | { |
141 | Key *private; | 141 | Key *private, *cert; |
142 | char *comment = NULL, *fp; | 142 | char *comment = NULL, *fp; |
143 | char msg[1024]; | 143 | char msg[1024], *certpath; |
144 | int fd, perms_ok, ret = -1; | 144 | int fd, perms_ok, ret = -1; |
145 | 145 | ||
146 | if ((fd = open(filename, O_RDONLY)) < 0) { | 146 | if ((fd = open(filename, O_RDONLY)) < 0) { |
@@ -207,6 +207,33 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
207 | fprintf(stderr, "Could not add identity: %s\n", filename); | 207 | fprintf(stderr, "Could not add identity: %s\n", filename); |
208 | } | 208 | } |
209 | 209 | ||
210 | |||
211 | /* Now try to add the certificate flavour too */ | ||
212 | xasprintf(&certpath, "%s-cert.pub", filename); | ||
213 | if ((cert = key_load_public(certpath, NULL)) != NULL) { | ||
214 | /* Graft with private bits */ | ||
215 | if (key_to_certified(private) != 0) | ||
216 | fatal("%s: key_to_certified failed", __func__); | ||
217 | key_cert_copy(cert, private); | ||
218 | key_free(cert); | ||
219 | |||
220 | if (ssh_add_identity_constrained(ac, private, comment, | ||
221 | lifetime, confirm)) { | ||
222 | fprintf(stderr, "Certificate added: %s (%s)\n", | ||
223 | certpath, private->cert->key_id); | ||
224 | if (lifetime != 0) | ||
225 | fprintf(stderr, "Lifetime set to %d seconds\n", | ||
226 | lifetime); | ||
227 | if (confirm != 0) | ||
228 | fprintf(stderr, "The user has to confirm each " | ||
229 | "use of the key\n"); | ||
230 | } else { | ||
231 | error("Certificate %s (%s) add failed", certpath, | ||
232 | private->cert->key_id); | ||
233 | } | ||
234 | } | ||
235 | |||
236 | xfree(certpath); | ||
210 | xfree(comment); | 237 | xfree(comment); |
211 | key_free(private); | 238 | key_free(private); |
212 | 239 | ||
@@ -219,7 +246,7 @@ update_card(AuthenticationConnection *ac, int add, const char *id) | |||
219 | char *pin; | 246 | char *pin; |
220 | int ret = -1; | 247 | int ret = -1; |
221 | 248 | ||
222 | pin = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN); | 249 | pin = read_passphrase("Enter passphrase for PKCS#11: ", RP_ALLOW_STDIN); |
223 | if (pin == NULL) | 250 | if (pin == NULL) |
224 | return -1; | 251 | return -1; |
225 | 252 | ||
@@ -325,10 +352,8 @@ usage(void) | |||
325 | fprintf(stderr, " -X Unlock agent.\n"); | 352 | fprintf(stderr, " -X Unlock agent.\n"); |
326 | fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n"); | 353 | fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n"); |
327 | fprintf(stderr, " -c Require confirmation to sign using identities\n"); | 354 | fprintf(stderr, " -c Require confirmation to sign using identities\n"); |
328 | #ifdef SMARTCARD | 355 | fprintf(stderr, " -s pkcs11 Add keys from PKCS#11 provider.\n"); |
329 | fprintf(stderr, " -s reader Add key in smartcard reader.\n"); | 356 | fprintf(stderr, " -e pkcs11 Remove keys provided by PKCS#11 provider.\n"); |
330 | fprintf(stderr, " -e reader Remove key in smartcard reader.\n"); | ||
331 | #endif | ||
332 | } | 357 | } |
333 | 358 | ||
334 | int | 359 | int |
@@ -337,7 +362,7 @@ main(int argc, char **argv) | |||
337 | extern char *optarg; | 362 | extern char *optarg; |
338 | extern int optind; | 363 | extern int optind; |
339 | AuthenticationConnection *ac = NULL; | 364 | AuthenticationConnection *ac = NULL; |
340 | char *sc_reader_id = NULL; | 365 | char *pkcs11provider = NULL; |
341 | int i, ch, deleting = 0, ret = 0; | 366 | int i, ch, deleting = 0, ret = 0; |
342 | 367 | ||
343 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | 368 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
@@ -379,11 +404,11 @@ main(int argc, char **argv) | |||
379 | ret = 1; | 404 | ret = 1; |
380 | goto done; | 405 | goto done; |
381 | case 's': | 406 | case 's': |
382 | sc_reader_id = optarg; | 407 | pkcs11provider = optarg; |
383 | break; | 408 | break; |
384 | case 'e': | 409 | case 'e': |
385 | deleting = 1; | 410 | deleting = 1; |
386 | sc_reader_id = optarg; | 411 | pkcs11provider = optarg; |
387 | break; | 412 | break; |
388 | case 't': | 413 | case 't': |
389 | if ((lifetime = convtime(optarg)) == -1) { | 414 | if ((lifetime = convtime(optarg)) == -1) { |
@@ -400,8 +425,8 @@ main(int argc, char **argv) | |||
400 | } | 425 | } |
401 | argc -= optind; | 426 | argc -= optind; |
402 | argv += optind; | 427 | argv += optind; |
403 | if (sc_reader_id != NULL) { | 428 | if (pkcs11provider != NULL) { |
404 | if (update_card(ac, !deleting, sc_reader_id) == -1) | 429 | if (update_card(ac, !deleting, pkcs11provider) == -1) |
405 | ret = 1; | 430 | ret = 1; |
406 | goto done; | 431 | goto done; |
407 | } | 432 | } |