summaryrefslogtreecommitdiff
path: root/ssh-add.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssh-add.c')
-rw-r--r--ssh-add.c37
1 files changed, 28 insertions, 9 deletions
diff --git a/ssh-add.c b/ssh-add.c
index 2b01e6f13..4dc46f6db 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,3 +1,4 @@
1/* $OpenBSD: ssh-add.c,v 1.89 2006/08/03 03:34:42 deraadt Exp $ */
1/* 2/*
2 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,15 +36,27 @@
35 */ 36 */
36 37
37#include "includes.h" 38#include "includes.h"
38RCSID("$OpenBSD: ssh-add.c,v 1.74 2005/11/12 18:37:59 deraadt Exp $"); 39
40#include <sys/types.h>
41#include <sys/stat.h>
42#include <sys/param.h>
39 43
40#include <openssl/evp.h> 44#include <openssl/evp.h>
41 45
46#include <fcntl.h>
47#include <pwd.h>
48#include <stdarg.h>
49#include <stdio.h>
50#include <stdlib.h>
51#include <string.h>
52#include <unistd.h>
53
54#include "xmalloc.h"
42#include "ssh.h" 55#include "ssh.h"
43#include "rsa.h" 56#include "rsa.h"
44#include "log.h" 57#include "log.h"
45#include "xmalloc.h"
46#include "key.h" 58#include "key.h"
59#include "buffer.h"
47#include "authfd.h" 60#include "authfd.h"
48#include "authfile.h" 61#include "authfile.h"
49#include "pathnames.h" 62#include "pathnames.h"
@@ -124,16 +137,25 @@ delete_all(AuthenticationConnection *ac)
124static int 137static int
125add_file(AuthenticationConnection *ac, const char *filename) 138add_file(AuthenticationConnection *ac, const char *filename)
126{ 139{
127 struct stat st;
128 Key *private; 140 Key *private;
129 char *comment = NULL; 141 char *comment = NULL;
130 char msg[1024]; 142 char msg[1024];
131 int ret = -1; 143 int fd, perms_ok, ret = -1;
132 144
133 if (stat(filename, &st) < 0) { 145 if ((fd = open(filename, O_RDONLY)) < 0) {
134 perror(filename); 146 perror(filename);
135 return -1; 147 return -1;
136 } 148 }
149
150 /*
151 * Since we'll try to load a keyfile multiple times, permission errors
152 * will occur multiple times, so check perms first and bail if wrong.
153 */
154 perms_ok = key_perm_ok(fd, filename);
155 close(fd);
156 if (!perms_ok)
157 return -1;
158
137 /* At first, try empty passphrase */ 159 /* At first, try empty passphrase */
138 private = key_load_private(filename, "", &comment); 160 private = key_load_private(filename, "", &comment);
139 if (comment == NULL) 161 if (comment == NULL)
@@ -287,7 +309,7 @@ do_file(AuthenticationConnection *ac, int deleting, char *file)
287static void 309static void
288usage(void) 310usage(void)
289{ 311{
290 fprintf(stderr, "Usage: %s [options]\n", __progname); 312 fprintf(stderr, "Usage: %s [options] [file ...]\n", __progname);
291 fprintf(stderr, "Options:\n"); 313 fprintf(stderr, "Options:\n");
292 fprintf(stderr, " -l List fingerprints of all identities.\n"); 314 fprintf(stderr, " -l List fingerprints of all identities.\n");
293 fprintf(stderr, " -L List public key parameters of all identities.\n"); 315 fprintf(stderr, " -L List public key parameters of all identities.\n");
@@ -335,13 +357,11 @@ main(int argc, char **argv)
335 if (list_identities(ac, ch == 'l' ? 1 : 0) == -1) 357 if (list_identities(ac, ch == 'l' ? 1 : 0) == -1)
336 ret = 1; 358 ret = 1;
337 goto done; 359 goto done;
338 break;
339 case 'x': 360 case 'x':
340 case 'X': 361 case 'X':
341 if (lock_agent(ac, ch == 'x' ? 1 : 0) == -1) 362 if (lock_agent(ac, ch == 'x' ? 1 : 0) == -1)
342 ret = 1; 363 ret = 1;
343 goto done; 364 goto done;
344 break;
345 case 'c': 365 case 'c':
346 confirm = 1; 366 confirm = 1;
347 break; 367 break;
@@ -352,7 +372,6 @@ main(int argc, char **argv)
352 if (delete_all(ac) == -1) 372 if (delete_all(ac) == -1)
353 ret = 1; 373 ret = 1;
354 goto done; 374 goto done;
355 break;
356 case 's': 375 case 's':
357 sc_reader_id = optarg; 376 sc_reader_id = optarg;
358 break; 377 break;