summaryrefslogtreecommitdiff
path: root/ssh-add.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssh-add.c')
-rw-r--r--ssh-add.c32
1 files changed, 20 insertions, 12 deletions
diff --git a/ssh-add.c b/ssh-add.c
index 6d5e2a957..738644d27 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-add.c,v 1.101 2011/05/04 21:15:29 djm Exp $ */ 1/* $OpenBSD: ssh-add.c,v 1.103 2011/10/18 23:37:42 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -139,11 +139,11 @@ delete_all(AuthenticationConnection *ac)
139} 139}
140 140
141static int 141static int
142add_file(AuthenticationConnection *ac, const char *filename) 142add_file(AuthenticationConnection *ac, const char *filename, int key_only)
143{ 143{
144 Key *private, *cert; 144 Key *private, *cert;
145 char *comment = NULL; 145 char *comment = NULL;
146 char msg[1024], *certpath; 146 char msg[1024], *certpath = NULL;
147 int fd, perms_ok, ret = -1; 147 int fd, perms_ok, ret = -1;
148 Buffer keyblob; 148 Buffer keyblob;
149 149
@@ -219,6 +219,9 @@ add_file(AuthenticationConnection *ac, const char *filename)
219 fprintf(stderr, "Could not add identity: %s\n", filename); 219 fprintf(stderr, "Could not add identity: %s\n", filename);
220 } 220 }
221 221
222 /* Skip trying to load the cert if requested */
223 if (key_only)
224 goto out;
222 225
223 /* Now try to add the certificate flavour too */ 226 /* Now try to add the certificate flavour too */
224 xasprintf(&certpath, "%s-cert.pub", filename); 227 xasprintf(&certpath, "%s-cert.pub", filename);
@@ -253,7 +256,8 @@ add_file(AuthenticationConnection *ac, const char *filename)
253 if (confirm != 0) 256 if (confirm != 0)
254 fprintf(stderr, "The user must confirm each use of the key\n"); 257 fprintf(stderr, "The user must confirm each use of the key\n");
255 out: 258 out:
256 xfree(certpath); 259 if (certpath != NULL)
260 xfree(certpath);
257 xfree(comment); 261 xfree(comment);
258 key_free(private); 262 key_free(private);
259 263
@@ -347,13 +351,13 @@ lock_agent(AuthenticationConnection *ac, int lock)
347} 351}
348 352
349static int 353static int
350do_file(AuthenticationConnection *ac, int deleting, char *file) 354do_file(AuthenticationConnection *ac, int deleting, int key_only, char *file)
351{ 355{
352 if (deleting) { 356 if (deleting) {
353 if (delete_file(ac, file) == -1) 357 if (delete_file(ac, file) == -1)
354 return -1; 358 return -1;
355 } else { 359 } else {
356 if (add_file(ac, file) == -1) 360 if (add_file(ac, file, key_only) == -1)
357 return -1; 361 return -1;
358 } 362 }
359 return 0; 363 return 0;
@@ -366,12 +370,13 @@ usage(void)
366 fprintf(stderr, "Options:\n"); 370 fprintf(stderr, "Options:\n");
367 fprintf(stderr, " -l List fingerprints of all identities.\n"); 371 fprintf(stderr, " -l List fingerprints of all identities.\n");
368 fprintf(stderr, " -L List public key parameters of all identities.\n"); 372 fprintf(stderr, " -L List public key parameters of all identities.\n");
373 fprintf(stderr, " -k Load only keys and not certificates.\n");
374 fprintf(stderr, " -c Require confirmation to sign using identities\n");
375 fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n");
369 fprintf(stderr, " -d Delete identity.\n"); 376 fprintf(stderr, " -d Delete identity.\n");
370 fprintf(stderr, " -D Delete all identities.\n"); 377 fprintf(stderr, " -D Delete all identities.\n");
371 fprintf(stderr, " -x Lock agent.\n"); 378 fprintf(stderr, " -x Lock agent.\n");
372 fprintf(stderr, " -X Unlock agent.\n"); 379 fprintf(stderr, " -X Unlock agent.\n");
373 fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n");
374 fprintf(stderr, " -c Require confirmation to sign using identities\n");
375 fprintf(stderr, " -s pkcs11 Add keys from PKCS#11 provider.\n"); 380 fprintf(stderr, " -s pkcs11 Add keys from PKCS#11 provider.\n");
376 fprintf(stderr, " -e pkcs11 Remove keys provided by PKCS#11 provider.\n"); 381 fprintf(stderr, " -e pkcs11 Remove keys provided by PKCS#11 provider.\n");
377} 382}
@@ -383,7 +388,7 @@ main(int argc, char **argv)
383 extern int optind; 388 extern int optind;
384 AuthenticationConnection *ac = NULL; 389 AuthenticationConnection *ac = NULL;
385 char *pkcs11provider = NULL; 390 char *pkcs11provider = NULL;
386 int i, ch, deleting = 0, ret = 0; 391 int i, ch, deleting = 0, ret = 0, key_only = 0;
387 392
388 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ 393 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
389 sanitise_stdfd(); 394 sanitise_stdfd();
@@ -400,8 +405,11 @@ main(int argc, char **argv)
400 "Could not open a connection to your authentication agent.\n"); 405 "Could not open a connection to your authentication agent.\n");
401 exit(2); 406 exit(2);
402 } 407 }
403 while ((ch = getopt(argc, argv, "lLcdDxXe:s:t:")) != -1) { 408 while ((ch = getopt(argc, argv, "klLcdDxXe:s:t:")) != -1) {
404 switch (ch) { 409 switch (ch) {
410 case 'k':
411 key_only = 1;
412 break;
405 case 'l': 413 case 'l':
406 case 'L': 414 case 'L':
407 if (list_identities(ac, ch == 'l' ? 1 : 0) == -1) 415 if (list_identities(ac, ch == 'l' ? 1 : 0) == -1)
@@ -467,7 +475,7 @@ main(int argc, char **argv)
467 default_files[i]); 475 default_files[i]);
468 if (stat(buf, &st) < 0) 476 if (stat(buf, &st) < 0)
469 continue; 477 continue;
470 if (do_file(ac, deleting, buf) == -1) 478 if (do_file(ac, deleting, key_only, buf) == -1)
471 ret = 1; 479 ret = 1;
472 else 480 else
473 count++; 481 count++;
@@ -476,7 +484,7 @@ main(int argc, char **argv)
476 ret = 1; 484 ret = 1;
477 } else { 485 } else {
478 for (i = 0; i < argc; i++) { 486 for (i = 0; i < argc; i++) {
479 if (do_file(ac, deleting, argv[i]) == -1) 487 if (do_file(ac, deleting, key_only, argv[i]) == -1)
480 ret = 1; 488 ret = 1;
481 } 489 }
482 } 490 }
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-31 10:17:37 +0000