1 files changed, 28 insertions, 9 deletions
diff --git a/ssh-add.c b/ssh-add.c
index 2b01e6f13..4dc46f6db 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,3 +1,4 @@
+/* $OpenBSD: ssh-add.c,v 1.89 2006/08/03 03:34:42 deraadt Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,15 +36,27 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-add.c,v 1.74 2005/11/12 18:37:59 deraadt Exp $");
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/param.h>
 #include <openssl/evp.h>
+#include <fcntl.h>
+#include <pwd.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include "xmalloc.h"
 #include "ssh.h"
 #include "rsa.h"
 #include "log.h"
-#include "xmalloc.h"
 #include "key.h"
+#include "buffer.h"
 #include "authfd.h"
 #include "authfile.h"
 #include "pathnames.h"
@@ -124,16 +137,25 @@ delete_all(AuthenticationConnection *ac)
 static int
 add_file(AuthenticationConnection *ac, const char *filename)
 {
-        struct stat st;
        Key *private;
        char *comment = NULL;
        char msg[1024];
-        int ret = -1;
+        int fd, perms_ok, ret = -1;
-        if (stat(filename, &st) < 0) {
+        if ((fd = open(filename, O_RDONLY)) < 0) {
                perror(filename);
                return -1;
        }
+        /*
+         * Since we'll try to load a keyfile multiple times, permission errors
+         * will occur multiple times, so check perms first and bail if wrong.
+         */
+        perms_ok = key_perm_ok(fd, filename);
+        close(fd);
+        if (!perms_ok)
+                return -1;
        /* At first, try empty passphrase */
        private = key_load_private(filename, "", &comment);
        if (comment == NULL)
@@ -287,7 +309,7 @@ do_file(AuthenticationConnection *ac, int deleting, char *file)
 static void
 usage(void)
 {
-        fprintf(stderr, "Usage: %s [options]\n", __progname);
+        fprintf(stderr, "Usage: %s [options] [file ...]\n", __progname);
        fprintf(stderr, "Options:\n");
        fprintf(stderr, "  -l          List fingerprints of all identities.\n");
        fprintf(stderr, "  -L          List public key parameters of all identities.\n");
@@ -335,13 +357,11 @@ main(int argc, char **argv)
                        if (list_identities(ac, ch == 'l' ? 1 : 0) == -1)
                                ret = 1;
                        goto done;
-                        break;
                case 'x':
                case 'X':
                        if (lock_agent(ac, ch == 'x' ? 1 : 0) == -1)
                                ret = 1;
                        goto done;
-                        break;
                case 'c':
                        confirm = 1;
                        break;
@@ -352,7 +372,6 @@ main(int argc, char **argv)
                        if (delete_all(ac) == -1)
                                ret = 1;
                        goto done;
-                        break;
                case 's':
                        sc_reader_id = optarg;
                        break;

diff --git a/ssh-add.c b/ssh-add.c index 2b01e6f13..4dc46f6db 100644 --- a/ssh-add.c +++ b/ssh-add.c
@@ -1,3 +1,4 @@
		1	/* $OpenBSD: ssh-add.c,v 1.89 2006/08/03 03:34:42 deraadt Exp $ */
1	/*	2	/*
2	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
3	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,15 +36,27 @@
35	*/	36	*/
36		37
37	#include "includes.h"	38	#include "includes.h"
38	RCSID("$OpenBSD: ssh-add.c,v 1.74 2005/11/12 18:37:59 deraadt Exp $");	39
		40	#include <sys/types.h>
		41	#include <sys/stat.h>
		42	#include <sys/param.h>
39		43
40	#include <openssl/evp.h>	44	#include <openssl/evp.h>
41		45
		46	#include <fcntl.h>
		47	#include <pwd.h>
		48	#include <stdarg.h>
		49	#include <stdio.h>
		50	#include <stdlib.h>
		51	#include <string.h>
		52	#include <unistd.h>
		53
		54	#include "xmalloc.h"
42	#include "ssh.h"	55	#include "ssh.h"
43	#include "rsa.h"	56	#include "rsa.h"
44	#include "log.h"	57	#include "log.h"
45	#include "xmalloc.h"
46	#include "key.h"	58	#include "key.h"
		59	#include "buffer.h"
47	#include "authfd.h"	60	#include "authfd.h"
48	#include "authfile.h"	61	#include "authfile.h"
49	#include "pathnames.h"	62	#include "pathnames.h"
@@ -124,16 +137,25 @@ delete_all(AuthenticationConnection *ac)
124	static int	137	static int
125	add_file(AuthenticationConnection ac, const char filename)	138	add_file(AuthenticationConnection ac, const char filename)
126	{	139	{
127	struct stat st;
128	Key *private;	140	Key *private;
129	char *comment = NULL;	141	char *comment = NULL;
130	char msg[1024];	142	char msg[1024];
131	int ret = -1;	143	int fd, perms_ok, ret = -1;
132		144
133	if (stat(filename, &st) < 0) {	145	if ((fd = open(filename, O_RDONLY)) < 0) {
134	perror(filename);	146	perror(filename);
135	return -1;	147	return -1;
136	}	148	}
		149
		150	/*
		151	* Since we'll try to load a keyfile multiple times, permission errors
		152	* will occur multiple times, so check perms first and bail if wrong.
		153	*/
		154	perms_ok = key_perm_ok(fd, filename);
		155	close(fd);
		156	if (!perms_ok)
		157	return -1;
		158
137	/* At first, try empty passphrase */	159	/* At first, try empty passphrase */
138	private = key_load_private(filename, "", &comment);	160	private = key_load_private(filename, "", &comment);
139	if (comment == NULL)	161	if (comment == NULL)
@@ -287,7 +309,7 @@ do_file(AuthenticationConnection ac, int deleting, char file)
287	static void	309	static void
288	usage(void)	310	usage(void)
289	{	311	{
290	fprintf(stderr, "Usage: %s [options]\n", __progname);	312	fprintf(stderr, "Usage: %s [options] [file ...]\n", __progname);
291	fprintf(stderr, "Options:\n");	313	fprintf(stderr, "Options:\n");
292	fprintf(stderr, " -l List fingerprints of all identities.\n");	314	fprintf(stderr, " -l List fingerprints of all identities.\n");
293	fprintf(stderr, " -L List public key parameters of all identities.\n");	315	fprintf(stderr, " -L List public key parameters of all identities.\n");
@@ -335,13 +357,11 @@ main(int argc, char **argv)
335	if (list_identities(ac, ch == 'l' ? 1 : 0) == -1)	357	if (list_identities(ac, ch == 'l' ? 1 : 0) == -1)
336	ret = 1;	358	ret = 1;
337	goto done;	359	goto done;
338	break;
339	case 'x':	360	case 'x':
340	case 'X':	361	case 'X':
341	if (lock_agent(ac, ch == 'x' ? 1 : 0) == -1)	362	if (lock_agent(ac, ch == 'x' ? 1 : 0) == -1)
342	ret = 1;	363	ret = 1;
343	goto done;	364	goto done;
344	break;
345	case 'c':	365	case 'c':
346	confirm = 1;	366	confirm = 1;
347	break;	367	break;
@@ -352,7 +372,6 @@ main(int argc, char **argv)
352	if (delete_all(ac) == -1)	372	if (delete_all(ac) == -1)
353	ret = 1;	373	ret = 1;
354	goto done;	374	goto done;
355	break;
356	case 's':	375	case 's':
357	sc_reader_id = optarg;	376	sc_reader_id = optarg;
358	break;	377	break;