From 8f4279e4ab6fdc3245fe9c80e363a2f5bdf01d4f Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Tue, 18 Oct 2011 16:06:33 +1100
Subject:    - djm@cvs.openbsd.org 2011/10/18 05:00:48      [ssh-add.1
 ssh-add.c]      new "ssh-add -k" option to load plain keys (skipping
 certificates);      "looks ok" markus@

---
 ssh-add.c | 27 +++++++++++++++++----------
 1 file changed, 17 insertions(+), 10 deletions(-)

(limited to 'ssh-add.c')

diff --git a/ssh-add.c b/ssh-add.c
index 6d5e2a957..ea7619e6a 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.101 2011/05/04 21:15:29 djm Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.102 2011/10/18 05:00:48 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -139,11 +139,11 @@ delete_all(AuthenticationConnection *ac)
 }
 
 static int
-add_file(AuthenticationConnection *ac, const char *filename)
+add_file(AuthenticationConnection *ac, const char *filename, int key_only)
 {
 	Key *private, *cert;
 	char *comment = NULL;
-	char msg[1024], *certpath;
+	char msg[1024], *certpath = NULL;
 	int fd, perms_ok, ret = -1;
 	Buffer keyblob;
 
@@ -219,6 +219,9 @@ add_file(AuthenticationConnection *ac, const char *filename)
 		fprintf(stderr, "Could not add identity: %s\n", filename);
 	}
 
+	/* Skip trying to load the cert if requested */
+	if (key_only)
+		goto out;
 
 	/* Now try to add the certificate flavour too */
 	xasprintf(&certpath, "%s-cert.pub", filename);
@@ -253,7 +256,8 @@ add_file(AuthenticationConnection *ac, const char *filename)
 	if (confirm != 0)
 		fprintf(stderr, "The user must confirm each use of the key\n");
  out:
-	xfree(certpath);
+	if (certpath != NULL)
+		xfree(certpath);
 	xfree(comment);
 	key_free(private);
 
@@ -347,13 +351,13 @@ lock_agent(AuthenticationConnection *ac, int lock)
 }
 
 static int
-do_file(AuthenticationConnection *ac, int deleting, char *file)
+do_file(AuthenticationConnection *ac, int deleting, int key_only, char *file)
 {
 	if (deleting) {
 		if (delete_file(ac, file) == -1)
 			return -1;
 	} else {
-		if (add_file(ac, file) == -1)
+		if (add_file(ac, file, key_only) == -1)
 			return -1;
 	}
 	return 0;
@@ -383,7 +387,7 @@ main(int argc, char **argv)
 	extern int optind;
 	AuthenticationConnection *ac = NULL;
 	char *pkcs11provider = NULL;
-	int i, ch, deleting = 0, ret = 0;
+	int i, ch, deleting = 0, ret = 0, key_only = 0;
 
 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
 	sanitise_stdfd();
@@ -400,8 +404,11 @@ main(int argc, char **argv)
 		    "Could not open a connection to your authentication agent.\n");
 		exit(2);
 	}
-	while ((ch = getopt(argc, argv, "lLcdDxXe:s:t:")) != -1) {
+	while ((ch = getopt(argc, argv, "klLcdDxXe:s:t:")) != -1) {
 		switch (ch) {
+		case 'k':
+			key_only = 1;
+			break;
 		case 'l':
 		case 'L':
 			if (list_identities(ac, ch == 'l' ? 1 : 0) == -1)
@@ -467,7 +474,7 @@ main(int argc, char **argv)
 			    default_files[i]);
 			if (stat(buf, &st) < 0)
 				continue;
-			if (do_file(ac, deleting, buf) == -1)
+			if (do_file(ac, deleting, key_only, buf) == -1)
 				ret = 1;
 			else
 				count++;
@@ -476,7 +483,7 @@ main(int argc, char **argv)
 			ret = 1;
 	} else {
 		for (i = 0; i < argc; i++) {
-			if (do_file(ac, deleting, argv[i]) == -1)
+			if (do_file(ac, deleting, key_only, argv[i]) == -1)
 				ret = 1;
 		}
 	}
-- 
cgit v1.2.3