diff options
Diffstat (limited to 'ssh-add.c')
| -rw-r--r-- | ssh-add.c | 50 |
1 files changed, 29 insertions, 21 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-add.c,v 1.94 2010/03/01 11:07:06 otto Exp $ */ | 1 | /* $OpenBSD: ssh-add.c,v 1.96 2010/05/14 00:47:22 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -194,7 +194,7 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
| 194 | "Lifetime set to %d seconds\n", lifetime); | 194 | "Lifetime set to %d seconds\n", lifetime); |
| 195 | if (confirm != 0) | 195 | if (confirm != 0) |
| 196 | fprintf(stderr, | 196 | fprintf(stderr, |
| 197 | "The user has to confirm each use of the key\n"); | 197 | "The user must confirm each use of the key\n"); |
| 198 | } else { | 198 | } else { |
| 199 | fprintf(stderr, "Could not add identity: %s\n", filename); | 199 | fprintf(stderr, "Could not add identity: %s\n", filename); |
| 200 | } | 200 | } |
| @@ -202,29 +202,37 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
| 202 | 202 | ||
| 203 | /* Now try to add the certificate flavour too */ | 203 | /* Now try to add the certificate flavour too */ |
| 204 | xasprintf(&certpath, "%s-cert.pub", filename); | 204 | xasprintf(&certpath, "%s-cert.pub", filename); |
| 205 | if ((cert = key_load_public(certpath, NULL)) != NULL) { | 205 | if ((cert = key_load_public(certpath, NULL)) == NULL) |
| 206 | /* Graft with private bits */ | 206 | goto out; |
| 207 | if (key_to_certified(private) != 0) | 207 | |
| 208 | fatal("%s: key_to_certified failed", __func__); | 208 | if (!key_equal_public(cert, private)) { |
| 209 | key_cert_copy(cert, private); | 209 | error("Certificate %s does not match private key %s", |
| 210 | certpath, filename); | ||
| 210 | key_free(cert); | 211 | key_free(cert); |
| 212 | goto out; | ||
| 213 | } | ||
| 211 | 214 | ||
| 212 | if (ssh_add_identity_constrained(ac, private, comment, | 215 | /* Graft with private bits */ |
| 213 | lifetime, confirm)) { | 216 | if (key_to_certified(private, key_cert_is_legacy(cert)) != 0) { |
| 214 | fprintf(stderr, "Certificate added: %s (%s)\n", | 217 | error("%s: key_to_certified failed", __func__); |
| 215 | certpath, private->cert->key_id); | 218 | key_free(cert); |
| 216 | if (lifetime != 0) | 219 | goto out; |
| 217 | fprintf(stderr, "Lifetime set to %d seconds\n", | ||
| 218 | lifetime); | ||
| 219 | if (confirm != 0) | ||
| 220 | fprintf(stderr, "The user has to confirm each " | ||
| 221 | "use of the key\n"); | ||
| 222 | } else { | ||
| 223 | error("Certificate %s (%s) add failed", certpath, | ||
| 224 | private->cert->key_id); | ||
| 225 | } | ||
| 226 | } | 220 | } |
| 221 | key_cert_copy(cert, private); | ||
| 222 | key_free(cert); | ||
| 227 | 223 | ||
| 224 | if (!ssh_add_identity_constrained(ac, private, comment, | ||
| 225 | lifetime, confirm)) { | ||
| 226 | error("Certificate %s (%s) add failed", certpath, | ||
| 227 | private->cert->key_id); | ||
| 228 | } | ||
| 229 | fprintf(stderr, "Certificate added: %s (%s)\n", certpath, | ||
| 230 | private->cert->key_id); | ||
| 231 | if (lifetime != 0) | ||
| 232 | fprintf(stderr, "Lifetime set to %d seconds\n", lifetime); | ||
| 233 | if (confirm != 0) | ||
| 234 | fprintf(stderr, "The user must confirm each use of the key\n"); | ||
| 235 | out: | ||
| 228 | xfree(certpath); | 236 | xfree(certpath); |
| 229 | xfree(comment); | 237 | xfree(comment); |
| 230 | key_free(private); | 238 | key_free(private); |