diff options
Diffstat (limited to 'ssh-add.c')
-rw-r--r-- | ssh-add.c | 34 |
1 files changed, 31 insertions, 3 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-add.c,v 1.92 2010/02/08 10:50:20 markus Exp $ */ | 1 | /* $OpenBSD: ssh-add.c,v 1.93 2010/02/26 20:29:54 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -138,9 +138,9 @@ delete_all(AuthenticationConnection *ac) | |||
138 | static int | 138 | static int |
139 | add_file(AuthenticationConnection *ac, const char *filename) | 139 | add_file(AuthenticationConnection *ac, const char *filename) |
140 | { | 140 | { |
141 | Key *private; | 141 | Key *private, *cert; |
142 | char *comment = NULL; | 142 | char *comment = NULL; |
143 | char msg[1024]; | 143 | char msg[1024], *certpath; |
144 | int fd, perms_ok, ret = -1; | 144 | int fd, perms_ok, ret = -1; |
145 | 145 | ||
146 | if ((fd = open(filename, O_RDONLY)) < 0) { | 146 | if ((fd = open(filename, O_RDONLY)) < 0) { |
@@ -199,6 +199,34 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
199 | fprintf(stderr, "Could not add identity: %s\n", filename); | 199 | fprintf(stderr, "Could not add identity: %s\n", filename); |
200 | } | 200 | } |
201 | 201 | ||
202 | |||
203 | /* Now try to add the certificate flavour too */ | ||
204 | xasprintf(&certpath, "%s-cert.pub", filename); | ||
205 | if ((cert = key_load_public(certpath, NULL)) != NULL) { | ||
206 | /* Graft with private bits */ | ||
207 | if (key_to_certified(private) != 0) | ||
208 | fatal("%s: key_to_certified failed", __func__); | ||
209 | key_cert_copy(cert, private); | ||
210 | key_free(cert); | ||
211 | |||
212 | if (ssh_add_identity_constrained(ac, private, comment, | ||
213 | lifetime, confirm)) { | ||
214 | fprintf(stderr, "Certificate added: %s (%s)\n", | ||
215 | certpath, private->cert->key_id); | ||
216 | if (lifetime != 0) | ||
217 | fprintf(stderr, "Lifetime set to %d seconds\n", | ||
218 | lifetime); | ||
219 | if (confirm != 0) | ||
220 | fprintf(stderr, "The user has to confirm each " | ||
221 | "use of the key\n"); | ||
222 | } else { | ||
223 | error("Certificate %s (%s) add failed", certpath, | ||
224 | private->cert->key_id); | ||
225 | } | ||
226 | } else | ||
227 | fprintf(stderr, "Unable to load certificate %s", certpath); | ||
228 | |||
229 | xfree(certpath); | ||
202 | xfree(comment); | 230 | xfree(comment); |
203 | key_free(private); | 231 | key_free(private); |
204 | 232 | ||