diff options
Diffstat (limited to 'ssh-add.c')
| -rw-r--r-- | ssh-add.c | 50 |
1 files changed, 29 insertions, 21 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-add.c,v 1.94 2010/03/01 11:07:06 otto Exp $ */ | 1 | /* $OpenBSD: ssh-add.c,v 1.96 2010/05/14 00:47:22 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -202,7 +202,7 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
| 202 | "Lifetime set to %d seconds\n", lifetime); | 202 | "Lifetime set to %d seconds\n", lifetime); |
| 203 | if (confirm != 0) | 203 | if (confirm != 0) |
| 204 | fprintf(stderr, | 204 | fprintf(stderr, |
| 205 | "The user has to confirm each use of the key\n"); | 205 | "The user must confirm each use of the key\n"); |
| 206 | } else { | 206 | } else { |
| 207 | fprintf(stderr, "Could not add identity: %s\n", filename); | 207 | fprintf(stderr, "Could not add identity: %s\n", filename); |
| 208 | } | 208 | } |
| @@ -210,29 +210,37 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
| 210 | 210 | ||
| 211 | /* Now try to add the certificate flavour too */ | 211 | /* Now try to add the certificate flavour too */ |
| 212 | xasprintf(&certpath, "%s-cert.pub", filename); | 212 | xasprintf(&certpath, "%s-cert.pub", filename); |
| 213 | if ((cert = key_load_public(certpath, NULL)) != NULL) { | 213 | if ((cert = key_load_public(certpath, NULL)) == NULL) |
| 214 | /* Graft with private bits */ | 214 | goto out; |
| 215 | if (key_to_certified(private) != 0) | 215 | |
| 216 | fatal("%s: key_to_certified failed", __func__); | 216 | if (!key_equal_public(cert, private)) { |
| 217 | key_cert_copy(cert, private); | 217 | error("Certificate %s does not match private key %s", |
| 218 | certpath, filename); | ||
| 218 | key_free(cert); | 219 | key_free(cert); |
| 220 | goto out; | ||
| 221 | } | ||
| 219 | 222 | ||
| 220 | if (ssh_add_identity_constrained(ac, private, comment, | 223 | /* Graft with private bits */ |
| 221 | lifetime, confirm)) { | 224 | if (key_to_certified(private, key_cert_is_legacy(cert)) != 0) { |
| 222 | fprintf(stderr, "Certificate added: %s (%s)\n", | 225 | error("%s: key_to_certified failed", __func__); |
| 223 | certpath, private->cert->key_id); | 226 | key_free(cert); |
| 224 | if (lifetime != 0) | 227 | goto out; |
| 225 | fprintf(stderr, "Lifetime set to %d seconds\n", | ||
| 226 | lifetime); | ||
| 227 | if (confirm != 0) | ||
| 228 | fprintf(stderr, "The user has to confirm each " | ||
| 229 | "use of the key\n"); | ||
| 230 | } else { | ||
| 231 | error("Certificate %s (%s) add failed", certpath, | ||
| 232 | private->cert->key_id); | ||
| 233 | } | ||
| 234 | } | 228 | } |
| 229 | key_cert_copy(cert, private); | ||
| 230 | key_free(cert); | ||
| 235 | 231 | ||
| 232 | if (!ssh_add_identity_constrained(ac, private, comment, | ||
| 233 | lifetime, confirm)) { | ||
| 234 | error("Certificate %s (%s) add failed", certpath, | ||
| 235 | private->cert->key_id); | ||
| 236 | } | ||
| 237 | fprintf(stderr, "Certificate added: %s (%s)\n", certpath, | ||
| 238 | private->cert->key_id); | ||
| 239 | if (lifetime != 0) | ||
| 240 | fprintf(stderr, "Lifetime set to %d seconds\n", lifetime); | ||
| 241 | if (confirm != 0) | ||
| 242 | fprintf(stderr, "The user must confirm each use of the key\n"); | ||
| 243 | out: | ||
| 236 | xfree(certpath); | 244 | xfree(certpath); |
| 237 | xfree(comment); | 245 | xfree(comment); |
| 238 | key_free(private); | 246 | key_free(private); |