diff options
Diffstat (limited to 'ssh-add.c')
| -rw-r--r-- | ssh-add.c | 51 |
1 files changed, 38 insertions, 13 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-add.c,v 1.90 2007/09/09 11:38:01 sobrado Exp $ */ | 1 | /* $OpenBSD: ssh-add.c,v 1.94 2010/03/01 11:07:06 otto Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -138,9 +138,9 @@ delete_all(AuthenticationConnection *ac) | |||
| 138 | static int | 138 | static int |
| 139 | add_file(AuthenticationConnection *ac, const char *filename) | 139 | add_file(AuthenticationConnection *ac, const char *filename) |
| 140 | { | 140 | { |
| 141 | Key *private; | 141 | Key *private, *cert; |
| 142 | char *comment = NULL, *fp; | 142 | char *comment = NULL, *fp; |
| 143 | char msg[1024]; | 143 | char msg[1024], *certpath; |
| 144 | int fd, perms_ok, ret = -1; | 144 | int fd, perms_ok, ret = -1; |
| 145 | 145 | ||
| 146 | if ((fd = open(filename, O_RDONLY)) < 0) { | 146 | if ((fd = open(filename, O_RDONLY)) < 0) { |
| @@ -207,6 +207,33 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
| 207 | fprintf(stderr, "Could not add identity: %s\n", filename); | 207 | fprintf(stderr, "Could not add identity: %s\n", filename); |
| 208 | } | 208 | } |
| 209 | 209 | ||
| 210 | |||
| 211 | /* Now try to add the certificate flavour too */ | ||
| 212 | xasprintf(&certpath, "%s-cert.pub", filename); | ||
| 213 | if ((cert = key_load_public(certpath, NULL)) != NULL) { | ||
| 214 | /* Graft with private bits */ | ||
| 215 | if (key_to_certified(private) != 0) | ||
| 216 | fatal("%s: key_to_certified failed", __func__); | ||
| 217 | key_cert_copy(cert, private); | ||
| 218 | key_free(cert); | ||
| 219 | |||
| 220 | if (ssh_add_identity_constrained(ac, private, comment, | ||
| 221 | lifetime, confirm)) { | ||
| 222 | fprintf(stderr, "Certificate added: %s (%s)\n", | ||
| 223 | certpath, private->cert->key_id); | ||
| 224 | if (lifetime != 0) | ||
| 225 | fprintf(stderr, "Lifetime set to %d seconds\n", | ||
| 226 | lifetime); | ||
| 227 | if (confirm != 0) | ||
| 228 | fprintf(stderr, "The user has to confirm each " | ||
| 229 | "use of the key\n"); | ||
| 230 | } else { | ||
| 231 | error("Certificate %s (%s) add failed", certpath, | ||
| 232 | private->cert->key_id); | ||
| 233 | } | ||
| 234 | } | ||
| 235 | |||
| 236 | xfree(certpath); | ||
| 210 | xfree(comment); | 237 | xfree(comment); |
| 211 | key_free(private); | 238 | key_free(private); |
| 212 | 239 | ||
| @@ -219,7 +246,7 @@ update_card(AuthenticationConnection *ac, int add, const char *id) | |||
| 219 | char *pin; | 246 | char *pin; |
| 220 | int ret = -1; | 247 | int ret = -1; |
| 221 | 248 | ||
| 222 | pin = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN); | 249 | pin = read_passphrase("Enter passphrase for PKCS#11: ", RP_ALLOW_STDIN); |
| 223 | if (pin == NULL) | 250 | if (pin == NULL) |
| 224 | return -1; | 251 | return -1; |
| 225 | 252 | ||
| @@ -325,10 +352,8 @@ usage(void) | |||
| 325 | fprintf(stderr, " -X Unlock agent.\n"); | 352 | fprintf(stderr, " -X Unlock agent.\n"); |
| 326 | fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n"); | 353 | fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n"); |
| 327 | fprintf(stderr, " -c Require confirmation to sign using identities\n"); | 354 | fprintf(stderr, " -c Require confirmation to sign using identities\n"); |
| 328 | #ifdef SMARTCARD | 355 | fprintf(stderr, " -s pkcs11 Add keys from PKCS#11 provider.\n"); |
| 329 | fprintf(stderr, " -s reader Add key in smartcard reader.\n"); | 356 | fprintf(stderr, " -e pkcs11 Remove keys provided by PKCS#11 provider.\n"); |
| 330 | fprintf(stderr, " -e reader Remove key in smartcard reader.\n"); | ||
| 331 | #endif | ||
| 332 | } | 357 | } |
| 333 | 358 | ||
| 334 | int | 359 | int |
| @@ -337,7 +362,7 @@ main(int argc, char **argv) | |||
| 337 | extern char *optarg; | 362 | extern char *optarg; |
| 338 | extern int optind; | 363 | extern int optind; |
| 339 | AuthenticationConnection *ac = NULL; | 364 | AuthenticationConnection *ac = NULL; |
| 340 | char *sc_reader_id = NULL; | 365 | char *pkcs11provider = NULL; |
| 341 | int i, ch, deleting = 0, ret = 0; | 366 | int i, ch, deleting = 0, ret = 0; |
| 342 | 367 | ||
| 343 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | 368 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
| @@ -379,11 +404,11 @@ main(int argc, char **argv) | |||
| 379 | ret = 1; | 404 | ret = 1; |
| 380 | goto done; | 405 | goto done; |
| 381 | case 's': | 406 | case 's': |
| 382 | sc_reader_id = optarg; | 407 | pkcs11provider = optarg; |
| 383 | break; | 408 | break; |
| 384 | case 'e': | 409 | case 'e': |
| 385 | deleting = 1; | 410 | deleting = 1; |
| 386 | sc_reader_id = optarg; | 411 | pkcs11provider = optarg; |
| 387 | break; | 412 | break; |
| 388 | case 't': | 413 | case 't': |
| 389 | if ((lifetime = convtime(optarg)) == -1) { | 414 | if ((lifetime = convtime(optarg)) == -1) { |
| @@ -400,8 +425,8 @@ main(int argc, char **argv) | |||
| 400 | } | 425 | } |
| 401 | argc -= optind; | 426 | argc -= optind; |
| 402 | argv += optind; | 427 | argv += optind; |
| 403 | if (sc_reader_id != NULL) { | 428 | if (pkcs11provider != NULL) { |
| 404 | if (update_card(ac, !deleting, sc_reader_id) == -1) | 429 | if (update_card(ac, !deleting, pkcs11provider) == -1) |
| 405 | ret = 1; | 430 | ret = 1; |
| 406 | goto done; | 431 | goto done; |
| 407 | } | 432 | } |