diff options
Diffstat (limited to 'ssh-add.c')
| -rw-r--r-- | ssh-add.c | 54 |
1 files changed, 38 insertions, 16 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-add.c,v 1.90 2007/09/09 11:38:01 sobrado Exp $ */ | 1 | /* $OpenBSD: ssh-add.c,v 1.94 2010/03/01 11:07:06 otto Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -138,9 +138,9 @@ delete_all(AuthenticationConnection *ac) | |||
| 138 | static int | 138 | static int |
| 139 | add_file(AuthenticationConnection *ac, const char *filename) | 139 | add_file(AuthenticationConnection *ac, const char *filename) |
| 140 | { | 140 | { |
| 141 | Key *private; | 141 | Key *private, *cert; |
| 142 | char *comment = NULL; | 142 | char *comment = NULL; |
| 143 | char msg[1024]; | 143 | char msg[1024], *certpath; |
| 144 | int fd, perms_ok, ret = -1; | 144 | int fd, perms_ok, ret = -1; |
| 145 | 145 | ||
| 146 | if ((fd = open(filename, O_RDONLY)) < 0) { | 146 | if ((fd = open(filename, O_RDONLY)) < 0) { |
| @@ -195,13 +195,37 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
| 195 | if (confirm != 0) | 195 | if (confirm != 0) |
| 196 | fprintf(stderr, | 196 | fprintf(stderr, |
| 197 | "The user has to confirm each use of the key\n"); | 197 | "The user has to confirm each use of the key\n"); |
| 198 | } else if (ssh_add_identity(ac, private, comment)) { | ||
| 199 | fprintf(stderr, "Identity added: %s (%s)\n", filename, comment); | ||
| 200 | ret = 0; | ||
| 201 | } else { | 198 | } else { |
| 202 | fprintf(stderr, "Could not add identity: %s\n", filename); | 199 | fprintf(stderr, "Could not add identity: %s\n", filename); |
| 203 | } | 200 | } |
| 204 | 201 | ||
| 202 | |||
| 203 | /* Now try to add the certificate flavour too */ | ||
| 204 | xasprintf(&certpath, "%s-cert.pub", filename); | ||
| 205 | if ((cert = key_load_public(certpath, NULL)) != NULL) { | ||
| 206 | /* Graft with private bits */ | ||
| 207 | if (key_to_certified(private) != 0) | ||
| 208 | fatal("%s: key_to_certified failed", __func__); | ||
| 209 | key_cert_copy(cert, private); | ||
| 210 | key_free(cert); | ||
| 211 | |||
| 212 | if (ssh_add_identity_constrained(ac, private, comment, | ||
| 213 | lifetime, confirm)) { | ||
| 214 | fprintf(stderr, "Certificate added: %s (%s)\n", | ||
| 215 | certpath, private->cert->key_id); | ||
| 216 | if (lifetime != 0) | ||
| 217 | fprintf(stderr, "Lifetime set to %d seconds\n", | ||
| 218 | lifetime); | ||
| 219 | if (confirm != 0) | ||
| 220 | fprintf(stderr, "The user has to confirm each " | ||
| 221 | "use of the key\n"); | ||
| 222 | } else { | ||
| 223 | error("Certificate %s (%s) add failed", certpath, | ||
| 224 | private->cert->key_id); | ||
| 225 | } | ||
| 226 | } | ||
| 227 | |||
| 228 | xfree(certpath); | ||
| 205 | xfree(comment); | 229 | xfree(comment); |
| 206 | key_free(private); | 230 | key_free(private); |
| 207 | 231 | ||
| @@ -214,7 +238,7 @@ update_card(AuthenticationConnection *ac, int add, const char *id) | |||
| 214 | char *pin; | 238 | char *pin; |
| 215 | int ret = -1; | 239 | int ret = -1; |
| 216 | 240 | ||
| 217 | pin = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN); | 241 | pin = read_passphrase("Enter passphrase for PKCS#11: ", RP_ALLOW_STDIN); |
| 218 | if (pin == NULL) | 242 | if (pin == NULL) |
| 219 | return -1; | 243 | return -1; |
| 220 | 244 | ||
| @@ -320,10 +344,8 @@ usage(void) | |||
| 320 | fprintf(stderr, " -X Unlock agent.\n"); | 344 | fprintf(stderr, " -X Unlock agent.\n"); |
| 321 | fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n"); | 345 | fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n"); |
| 322 | fprintf(stderr, " -c Require confirmation to sign using identities\n"); | 346 | fprintf(stderr, " -c Require confirmation to sign using identities\n"); |
| 323 | #ifdef SMARTCARD | 347 | fprintf(stderr, " -s pkcs11 Add keys from PKCS#11 provider.\n"); |
| 324 | fprintf(stderr, " -s reader Add key in smartcard reader.\n"); | 348 | fprintf(stderr, " -e pkcs11 Remove keys provided by PKCS#11 provider.\n"); |
| 325 | fprintf(stderr, " -e reader Remove key in smartcard reader.\n"); | ||
| 326 | #endif | ||
| 327 | } | 349 | } |
| 328 | 350 | ||
| 329 | int | 351 | int |
| @@ -332,7 +354,7 @@ main(int argc, char **argv) | |||
| 332 | extern char *optarg; | 354 | extern char *optarg; |
| 333 | extern int optind; | 355 | extern int optind; |
| 334 | AuthenticationConnection *ac = NULL; | 356 | AuthenticationConnection *ac = NULL; |
| 335 | char *sc_reader_id = NULL; | 357 | char *pkcs11provider = NULL; |
| 336 | int i, ch, deleting = 0, ret = 0; | 358 | int i, ch, deleting = 0, ret = 0; |
| 337 | 359 | ||
| 338 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | 360 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
| @@ -374,11 +396,11 @@ main(int argc, char **argv) | |||
| 374 | ret = 1; | 396 | ret = 1; |
| 375 | goto done; | 397 | goto done; |
| 376 | case 's': | 398 | case 's': |
| 377 | sc_reader_id = optarg; | 399 | pkcs11provider = optarg; |
| 378 | break; | 400 | break; |
| 379 | case 'e': | 401 | case 'e': |
| 380 | deleting = 1; | 402 | deleting = 1; |
| 381 | sc_reader_id = optarg; | 403 | pkcs11provider = optarg; |
| 382 | break; | 404 | break; |
| 383 | case 't': | 405 | case 't': |
| 384 | if ((lifetime = convtime(optarg)) == -1) { | 406 | if ((lifetime = convtime(optarg)) == -1) { |
| @@ -395,8 +417,8 @@ main(int argc, char **argv) | |||
| 395 | } | 417 | } |
| 396 | argc -= optind; | 418 | argc -= optind; |
| 397 | argv += optind; | 419 | argv += optind; |
| 398 | if (sc_reader_id != NULL) { | 420 | if (pkcs11provider != NULL) { |
| 399 | if (update_card(ac, !deleting, sc_reader_id) == -1) | 421 | if (update_card(ac, !deleting, pkcs11provider) == -1) |
| 400 | ret = 1; | 422 | ret = 1; |
| 401 | goto done; | 423 | goto done; |
| 402 | } | 424 | } |