diff options
Diffstat (limited to 'ssh-add.c')
-rw-r--r-- | ssh-add.c | 26 |
1 files changed, 20 insertions, 6 deletions
@@ -35,7 +35,7 @@ | |||
35 | */ | 35 | */ |
36 | 36 | ||
37 | #include "includes.h" | 37 | #include "includes.h" |
38 | RCSID("$OpenBSD: ssh-add.c,v 1.63 2002/09/19 15:51:23 markus Exp $"); | 38 | RCSID("$OpenBSD: ssh-add.c,v 1.66 2003/03/05 22:33:43 markus Exp $"); |
39 | 39 | ||
40 | #include <openssl/evp.h> | 40 | #include <openssl/evp.h> |
41 | 41 | ||
@@ -70,6 +70,9 @@ static char *default_files[] = { | |||
70 | /* Default lifetime (0 == forever) */ | 70 | /* Default lifetime (0 == forever) */ |
71 | static int lifetime = 0; | 71 | static int lifetime = 0; |
72 | 72 | ||
73 | /* User has to confirm key use */ | ||
74 | static int confirm = 0; | ||
75 | |||
73 | /* we keep a cache of one passphrases */ | 76 | /* we keep a cache of one passphrases */ |
74 | static char *pass = NULL; | 77 | static char *pass = NULL; |
75 | static void | 78 | static void |
@@ -165,12 +168,16 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
165 | } | 168 | } |
166 | } | 169 | } |
167 | 170 | ||
168 | if (ssh_add_identity_constrained(ac, private, comment, lifetime)) { | 171 | if (ssh_add_identity_constrained(ac, private, comment, lifetime, |
172 | confirm)) { | ||
169 | fprintf(stderr, "Identity added: %s (%s)\n", filename, comment); | 173 | fprintf(stderr, "Identity added: %s (%s)\n", filename, comment); |
170 | ret = 0; | 174 | ret = 0; |
171 | if (lifetime != 0) | 175 | if (lifetime != 0) |
172 | fprintf(stderr, | 176 | fprintf(stderr, |
173 | "Lifetime set to %d seconds\n", lifetime); | 177 | "Lifetime set to %d seconds\n", lifetime); |
178 | if (confirm != 0) | ||
179 | fprintf(stderr, | ||
180 | "The user has to confirm each use of the key\n"); | ||
174 | } else if (ssh_add_identity(ac, private, comment)) { | 181 | } else if (ssh_add_identity(ac, private, comment)) { |
175 | fprintf(stderr, "Identity added: %s (%s)\n", filename, comment); | 182 | fprintf(stderr, "Identity added: %s (%s)\n", filename, comment); |
176 | ret = 0; | 183 | ret = 0; |
@@ -188,6 +195,7 @@ static int | |||
188 | update_card(AuthenticationConnection *ac, int add, const char *id) | 195 | update_card(AuthenticationConnection *ac, int add, const char *id) |
189 | { | 196 | { |
190 | char *pin; | 197 | char *pin; |
198 | int ret = -1; | ||
191 | 199 | ||
192 | pin = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN); | 200 | pin = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN); |
193 | if (pin == NULL) | 201 | if (pin == NULL) |
@@ -196,12 +204,14 @@ update_card(AuthenticationConnection *ac, int add, const char *id) | |||
196 | if (ssh_update_card(ac, add, id, pin)) { | 204 | if (ssh_update_card(ac, add, id, pin)) { |
197 | fprintf(stderr, "Card %s: %s\n", | 205 | fprintf(stderr, "Card %s: %s\n", |
198 | add ? "added" : "removed", id); | 206 | add ? "added" : "removed", id); |
199 | return 0; | 207 | ret = 0; |
200 | } else { | 208 | } else { |
201 | fprintf(stderr, "Could not %s card: %s\n", | 209 | fprintf(stderr, "Could not %s card: %s\n", |
202 | add ? "add" : "remove", id); | 210 | add ? "add" : "remove", id); |
203 | return -1; | 211 | ret = -1; |
204 | } | 212 | } |
213 | xfree(pin); | ||
214 | return ret; | ||
205 | } | 215 | } |
206 | 216 | ||
207 | static int | 217 | static int |
@@ -292,6 +302,7 @@ usage(void) | |||
292 | fprintf(stderr, " -x Lock agent.\n"); | 302 | fprintf(stderr, " -x Lock agent.\n"); |
293 | fprintf(stderr, " -X Unlock agent.\n"); | 303 | fprintf(stderr, " -X Unlock agent.\n"); |
294 | fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n"); | 304 | fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n"); |
305 | fprintf(stderr, " -c Require confirmation to sign using identities\n"); | ||
295 | #ifdef SMARTCARD | 306 | #ifdef SMARTCARD |
296 | fprintf(stderr, " -s reader Add key in smartcard reader.\n"); | 307 | fprintf(stderr, " -s reader Add key in smartcard reader.\n"); |
297 | fprintf(stderr, " -e reader Remove key in smartcard reader.\n"); | 308 | fprintf(stderr, " -e reader Remove key in smartcard reader.\n"); |
@@ -319,7 +330,7 @@ main(int argc, char **argv) | |||
319 | fprintf(stderr, "Could not open a connection to your authentication agent.\n"); | 330 | fprintf(stderr, "Could not open a connection to your authentication agent.\n"); |
320 | exit(2); | 331 | exit(2); |
321 | } | 332 | } |
322 | while ((ch = getopt(argc, argv, "lLdDxXe:s:t:")) != -1) { | 333 | while ((ch = getopt(argc, argv, "lLcdDxXe:s:t:")) != -1) { |
323 | switch (ch) { | 334 | switch (ch) { |
324 | case 'l': | 335 | case 'l': |
325 | case 'L': | 336 | case 'L': |
@@ -333,6 +344,9 @@ main(int argc, char **argv) | |||
333 | ret = 1; | 344 | ret = 1; |
334 | goto done; | 345 | goto done; |
335 | break; | 346 | break; |
347 | case 'c': | ||
348 | confirm = 1; | ||
349 | break; | ||
336 | case 'd': | 350 | case 'd': |
337 | deleting = 1; | 351 | deleting = 1; |
338 | break; | 352 | break; |