diff options
Diffstat (limited to 'ssh-add.c')
| -rw-r--r-- | ssh-add.c | 26 |
1 files changed, 20 insertions, 6 deletions
| @@ -35,7 +35,7 @@ | |||
| 35 | */ | 35 | */ |
| 36 | 36 | ||
| 37 | #include "includes.h" | 37 | #include "includes.h" |
| 38 | RCSID("$OpenBSD: ssh-add.c,v 1.63 2002/09/19 15:51:23 markus Exp $"); | 38 | RCSID("$OpenBSD: ssh-add.c,v 1.66 2003/03/05 22:33:43 markus Exp $"); |
| 39 | 39 | ||
| 40 | #include <openssl/evp.h> | 40 | #include <openssl/evp.h> |
| 41 | 41 | ||
| @@ -70,6 +70,9 @@ static char *default_files[] = { | |||
| 70 | /* Default lifetime (0 == forever) */ | 70 | /* Default lifetime (0 == forever) */ |
| 71 | static int lifetime = 0; | 71 | static int lifetime = 0; |
| 72 | 72 | ||
| 73 | /* User has to confirm key use */ | ||
| 74 | static int confirm = 0; | ||
| 75 | |||
| 73 | /* we keep a cache of one passphrases */ | 76 | /* we keep a cache of one passphrases */ |
| 74 | static char *pass = NULL; | 77 | static char *pass = NULL; |
| 75 | static void | 78 | static void |
| @@ -165,12 +168,16 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
| 165 | } | 168 | } |
| 166 | } | 169 | } |
| 167 | 170 | ||
| 168 | if (ssh_add_identity_constrained(ac, private, comment, lifetime)) { | 171 | if (ssh_add_identity_constrained(ac, private, comment, lifetime, |
| 172 | confirm)) { | ||
| 169 | fprintf(stderr, "Identity added: %s (%s)\n", filename, comment); | 173 | fprintf(stderr, "Identity added: %s (%s)\n", filename, comment); |
| 170 | ret = 0; | 174 | ret = 0; |
| 171 | if (lifetime != 0) | 175 | if (lifetime != 0) |
| 172 | fprintf(stderr, | 176 | fprintf(stderr, |
| 173 | "Lifetime set to %d seconds\n", lifetime); | 177 | "Lifetime set to %d seconds\n", lifetime); |
| 178 | if (confirm != 0) | ||
| 179 | fprintf(stderr, | ||
| 180 | "The user has to confirm each use of the key\n"); | ||
| 174 | } else if (ssh_add_identity(ac, private, comment)) { | 181 | } else if (ssh_add_identity(ac, private, comment)) { |
| 175 | fprintf(stderr, "Identity added: %s (%s)\n", filename, comment); | 182 | fprintf(stderr, "Identity added: %s (%s)\n", filename, comment); |
| 176 | ret = 0; | 183 | ret = 0; |
| @@ -188,6 +195,7 @@ static int | |||
| 188 | update_card(AuthenticationConnection *ac, int add, const char *id) | 195 | update_card(AuthenticationConnection *ac, int add, const char *id) |
| 189 | { | 196 | { |
| 190 | char *pin; | 197 | char *pin; |
| 198 | int ret = -1; | ||
| 191 | 199 | ||
| 192 | pin = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN); | 200 | pin = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN); |
| 193 | if (pin == NULL) | 201 | if (pin == NULL) |
| @@ -196,12 +204,14 @@ update_card(AuthenticationConnection *ac, int add, const char *id) | |||
| 196 | if (ssh_update_card(ac, add, id, pin)) { | 204 | if (ssh_update_card(ac, add, id, pin)) { |
| 197 | fprintf(stderr, "Card %s: %s\n", | 205 | fprintf(stderr, "Card %s: %s\n", |
| 198 | add ? "added" : "removed", id); | 206 | add ? "added" : "removed", id); |
| 199 | return 0; | 207 | ret = 0; |
| 200 | } else { | 208 | } else { |
| 201 | fprintf(stderr, "Could not %s card: %s\n", | 209 | fprintf(stderr, "Could not %s card: %s\n", |
| 202 | add ? "add" : "remove", id); | 210 | add ? "add" : "remove", id); |
| 203 | return -1; | 211 | ret = -1; |
| 204 | } | 212 | } |
| 213 | xfree(pin); | ||
| 214 | return ret; | ||
| 205 | } | 215 | } |
| 206 | 216 | ||
| 207 | static int | 217 | static int |
| @@ -292,6 +302,7 @@ usage(void) | |||
| 292 | fprintf(stderr, " -x Lock agent.\n"); | 302 | fprintf(stderr, " -x Lock agent.\n"); |
| 293 | fprintf(stderr, " -X Unlock agent.\n"); | 303 | fprintf(stderr, " -X Unlock agent.\n"); |
| 294 | fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n"); | 304 | fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n"); |
| 305 | fprintf(stderr, " -c Require confirmation to sign using identities\n"); | ||
| 295 | #ifdef SMARTCARD | 306 | #ifdef SMARTCARD |
| 296 | fprintf(stderr, " -s reader Add key in smartcard reader.\n"); | 307 | fprintf(stderr, " -s reader Add key in smartcard reader.\n"); |
| 297 | fprintf(stderr, " -e reader Remove key in smartcard reader.\n"); | 308 | fprintf(stderr, " -e reader Remove key in smartcard reader.\n"); |
| @@ -319,7 +330,7 @@ main(int argc, char **argv) | |||
| 319 | fprintf(stderr, "Could not open a connection to your authentication agent.\n"); | 330 | fprintf(stderr, "Could not open a connection to your authentication agent.\n"); |
| 320 | exit(2); | 331 | exit(2); |
| 321 | } | 332 | } |
| 322 | while ((ch = getopt(argc, argv, "lLdDxXe:s:t:")) != -1) { | 333 | while ((ch = getopt(argc, argv, "lLcdDxXe:s:t:")) != -1) { |
| 323 | switch (ch) { | 334 | switch (ch) { |
| 324 | case 'l': | 335 | case 'l': |
| 325 | case 'L': | 336 | case 'L': |
| @@ -333,6 +344,9 @@ main(int argc, char **argv) | |||
| 333 | ret = 1; | 344 | ret = 1; |
| 334 | goto done; | 345 | goto done; |
| 335 | break; | 346 | break; |
| 347 | case 'c': | ||
| 348 | confirm = 1; | ||
| 349 | break; | ||
| 336 | case 'd': | 350 | case 'd': |
| 337 | deleting = 1; | 351 | deleting = 1; |
| 338 | break; | 352 | break; |