summaryrefslogtreecommitdiff
path: root/ssh-add.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssh-add.c')
-rw-r--r--ssh-add.c32
1 files changed, 20 insertions, 12 deletions
diff --git a/ssh-add.c b/ssh-add.c
index 3e2f9f6ce..0111b7793 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-add.c,v 1.101 2011/05/04 21:15:29 djm Exp $ */ 1/* $OpenBSD: ssh-add.c,v 1.103 2011/10/18 23:37:42 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -139,11 +139,11 @@ delete_all(AuthenticationConnection *ac)
139} 139}
140 140
141static int 141static int
142add_file(AuthenticationConnection *ac, const char *filename) 142add_file(AuthenticationConnection *ac, const char *filename, int key_only)
143{ 143{
144 Key *private, *cert; 144 Key *private, *cert;
145 char *comment = NULL, *fp; 145 char *comment = NULL, *fp;
146 char msg[1024], *certpath; 146 char msg[1024], *certpath = NULL;
147 int fd, perms_ok, ret = -1; 147 int fd, perms_ok, ret = -1;
148 Buffer keyblob; 148 Buffer keyblob;
149 149
@@ -227,6 +227,9 @@ add_file(AuthenticationConnection *ac, const char *filename)
227 return -1; 227 return -1;
228 } 228 }
229 229
230 /* Skip trying to load the cert if requested */
231 if (key_only)
232 goto out;
230 233
231 /* Now try to add the certificate flavour too */ 234 /* Now try to add the certificate flavour too */
232 xasprintf(&certpath, "%s-cert.pub", filename); 235 xasprintf(&certpath, "%s-cert.pub", filename);
@@ -261,7 +264,8 @@ add_file(AuthenticationConnection *ac, const char *filename)
261 if (confirm != 0) 264 if (confirm != 0)
262 fprintf(stderr, "The user must confirm each use of the key\n"); 265 fprintf(stderr, "The user must confirm each use of the key\n");
263 out: 266 out:
264 xfree(certpath); 267 if (certpath != NULL)
268 xfree(certpath);
265 xfree(comment); 269 xfree(comment);
266 key_free(private); 270 key_free(private);
267 271
@@ -355,13 +359,13 @@ lock_agent(AuthenticationConnection *ac, int lock)
355} 359}
356 360
357static int 361static int
358do_file(AuthenticationConnection *ac, int deleting, char *file) 362do_file(AuthenticationConnection *ac, int deleting, int key_only, char *file)
359{ 363{
360 if (deleting) { 364 if (deleting) {
361 if (delete_file(ac, file) == -1) 365 if (delete_file(ac, file) == -1)
362 return -1; 366 return -1;
363 } else { 367 } else {
364 if (add_file(ac, file) == -1) 368 if (add_file(ac, file, key_only) == -1)
365 return -1; 369 return -1;
366 } 370 }
367 return 0; 371 return 0;
@@ -374,12 +378,13 @@ usage(void)
374 fprintf(stderr, "Options:\n"); 378 fprintf(stderr, "Options:\n");
375 fprintf(stderr, " -l List fingerprints of all identities.\n"); 379 fprintf(stderr, " -l List fingerprints of all identities.\n");
376 fprintf(stderr, " -L List public key parameters of all identities.\n"); 380 fprintf(stderr, " -L List public key parameters of all identities.\n");
381 fprintf(stderr, " -k Load only keys and not certificates.\n");
382 fprintf(stderr, " -c Require confirmation to sign using identities\n");
383 fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n");
377 fprintf(stderr, " -d Delete identity.\n"); 384 fprintf(stderr, " -d Delete identity.\n");
378 fprintf(stderr, " -D Delete all identities.\n"); 385 fprintf(stderr, " -D Delete all identities.\n");
379 fprintf(stderr, " -x Lock agent.\n"); 386 fprintf(stderr, " -x Lock agent.\n");
380 fprintf(stderr, " -X Unlock agent.\n"); 387 fprintf(stderr, " -X Unlock agent.\n");
381 fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n");
382 fprintf(stderr, " -c Require confirmation to sign using identities\n");
383 fprintf(stderr, " -s pkcs11 Add keys from PKCS#11 provider.\n"); 388 fprintf(stderr, " -s pkcs11 Add keys from PKCS#11 provider.\n");
384 fprintf(stderr, " -e pkcs11 Remove keys provided by PKCS#11 provider.\n"); 389 fprintf(stderr, " -e pkcs11 Remove keys provided by PKCS#11 provider.\n");
385} 390}
@@ -391,7 +396,7 @@ main(int argc, char **argv)
391 extern int optind; 396 extern int optind;
392 AuthenticationConnection *ac = NULL; 397 AuthenticationConnection *ac = NULL;
393 char *pkcs11provider = NULL; 398 char *pkcs11provider = NULL;
394 int i, ch, deleting = 0, ret = 0; 399 int i, ch, deleting = 0, ret = 0, key_only = 0;
395 400
396 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ 401 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
397 sanitise_stdfd(); 402 sanitise_stdfd();
@@ -408,8 +413,11 @@ main(int argc, char **argv)
408 "Could not open a connection to your authentication agent.\n"); 413 "Could not open a connection to your authentication agent.\n");
409 exit(2); 414 exit(2);
410 } 415 }
411 while ((ch = getopt(argc, argv, "lLcdDxXe:s:t:")) != -1) { 416 while ((ch = getopt(argc, argv, "klLcdDxXe:s:t:")) != -1) {
412 switch (ch) { 417 switch (ch) {
418 case 'k':
419 key_only = 1;
420 break;
413 case 'l': 421 case 'l':
414 case 'L': 422 case 'L':
415 if (list_identities(ac, ch == 'l' ? 1 : 0) == -1) 423 if (list_identities(ac, ch == 'l' ? 1 : 0) == -1)
@@ -475,7 +483,7 @@ main(int argc, char **argv)
475 default_files[i]); 483 default_files[i]);
476 if (stat(buf, &st) < 0) 484 if (stat(buf, &st) < 0)
477 continue; 485 continue;
478 if (do_file(ac, deleting, buf) == -1) 486 if (do_file(ac, deleting, key_only, buf) == -1)
479 ret = 1; 487 ret = 1;
480 else 488 else
481 count++; 489 count++;
@@ -484,7 +492,7 @@ main(int argc, char **argv)
484 ret = 1; 492 ret = 1;
485 } else { 493 } else {
486 for (i = 0; i < argc; i++) { 494 for (i = 0; i < argc; i++) {
487 if (do_file(ac, deleting, argv[i]) == -1) 495 if (do_file(ac, deleting, key_only, argv[i]) == -1)
488 ret = 1; 496 ret = 1;
489 } 497 }
490 } 498 }
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-28 23:40:16 +0000