ssh-add.c (106130) | ssh-add.c (113911) |
---|---|
1/* 2 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * All rights reserved 5 * Adds an identity to the authentication server, or removes an identity. 6 * 7 * As far as I am concerned, the code I have written for this software 8 * can be used freely for any purpose. Any derived versions of this --- 21 unchanged lines hidden (view full) --- 30 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 31 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 32 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 33 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35 */ 36 37#include "includes.h" | 1/* 2 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * All rights reserved 5 * Adds an identity to the authentication server, or removes an identity. 6 * 7 * As far as I am concerned, the code I have written for this software 8 * can be used freely for any purpose. Any derived versions of this --- 21 unchanged lines hidden (view full) --- 30 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 31 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 32 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 33 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35 */ 36 37#include "includes.h" |
38RCSID("$OpenBSD: ssh-add.c,v 1.63 2002/09/19 15:51:23 markus Exp $"); 39RCSID("$FreeBSD: head/crypto/openssh/ssh-add.c 106130 2002-10-29 10:16:02Z des $"); | 38RCSID("$OpenBSD: ssh-add.c,v 1.66 2003/03/05 22:33:43 markus Exp $"); 39RCSID("$FreeBSD: head/crypto/openssh/ssh-add.c 113911 2003-04-23 17:13:13Z des $"); |
40 41#include <openssl/evp.h> 42 43#include "ssh.h" 44#include "rsa.h" 45#include "log.h" 46#include "xmalloc.h" 47#include "key.h" --- 18 unchanged lines hidden (view full) --- 66 _PATH_SSH_CLIENT_ID_DSA, 67 _PATH_SSH_CLIENT_IDENTITY, 68 NULL 69}; 70 71/* Default lifetime (0 == forever) */ 72static int lifetime = 0; 73 | 40 41#include <openssl/evp.h> 42 43#include "ssh.h" 44#include "rsa.h" 45#include "log.h" 46#include "xmalloc.h" 47#include "key.h" --- 18 unchanged lines hidden (view full) --- 66 _PATH_SSH_CLIENT_ID_DSA, 67 _PATH_SSH_CLIENT_IDENTITY, 68 NULL 69}; 70 71/* Default lifetime (0 == forever) */ 72static int lifetime = 0; 73 |
74/* User has to confirm key use */ 75static int confirm = 0; 76 |
|
74/* we keep a cache of one passphrases */ 75static char *pass = NULL; 76static void 77clear_pass(void) 78{ 79 if (pass) { 80 memset(pass, 0, strlen(pass)); 81 xfree(pass); --- 79 unchanged lines hidden (view full) --- 161 private = key_load_private(filename, pass, &comment); 162 if (private != NULL) 163 break; 164 clear_pass(); 165 strlcpy(msg, "Bad passphrase, try again: ", sizeof msg); 166 } 167 } 168 | 77/* we keep a cache of one passphrases */ 78static char *pass = NULL; 79static void 80clear_pass(void) 81{ 82 if (pass) { 83 memset(pass, 0, strlen(pass)); 84 xfree(pass); --- 79 unchanged lines hidden (view full) --- 164 private = key_load_private(filename, pass, &comment); 165 if (private != NULL) 166 break; 167 clear_pass(); 168 strlcpy(msg, "Bad passphrase, try again: ", sizeof msg); 169 } 170 } 171 |
169 if (ssh_add_identity_constrained(ac, private, comment, lifetime)) { | 172 if (ssh_add_identity_constrained(ac, private, comment, lifetime, 173 confirm)) { |
170 fprintf(stderr, "Identity added: %s (%s)\n", filename, comment); 171 ret = 0; 172 if (lifetime != 0) | 174 fprintf(stderr, "Identity added: %s (%s)\n", filename, comment); 175 ret = 0; 176 if (lifetime != 0) |
173 fprintf(stderr, | 177 fprintf(stderr, |
174 "Lifetime set to %d seconds\n", lifetime); | 178 "Lifetime set to %d seconds\n", lifetime); |
179 if (confirm != 0) 180 fprintf(stderr, 181 "The user has to confirm each use of the key\n"); |
|
175 } else if (ssh_add_identity(ac, private, comment)) { 176 fprintf(stderr, "Identity added: %s (%s)\n", filename, comment); 177 ret = 0; 178 } else { 179 fprintf(stderr, "Could not add identity: %s\n", filename); 180 } 181 182 xfree(comment); 183 key_free(private); 184 185 return ret; 186} 187 188static int 189update_card(AuthenticationConnection *ac, int add, const char *id) 190{ 191 char *pin; | 182 } else if (ssh_add_identity(ac, private, comment)) { 183 fprintf(stderr, "Identity added: %s (%s)\n", filename, comment); 184 ret = 0; 185 } else { 186 fprintf(stderr, "Could not add identity: %s\n", filename); 187 } 188 189 xfree(comment); 190 key_free(private); 191 192 return ret; 193} 194 195static int 196update_card(AuthenticationConnection *ac, int add, const char *id) 197{ 198 char *pin; |
199 int ret = -1; |
|
192 193 pin = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN); 194 if (pin == NULL) 195 return -1; 196 197 if (ssh_update_card(ac, add, id, pin)) { 198 fprintf(stderr, "Card %s: %s\n", 199 add ? "added" : "removed", id); | 200 201 pin = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN); 202 if (pin == NULL) 203 return -1; 204 205 if (ssh_update_card(ac, add, id, pin)) { 206 fprintf(stderr, "Card %s: %s\n", 207 add ? "added" : "removed", id); |
200 return 0; | 208 ret = 0; |
201 } else { 202 fprintf(stderr, "Could not %s card: %s\n", 203 add ? "add" : "remove", id); | 209 } else { 210 fprintf(stderr, "Could not %s card: %s\n", 211 add ? "add" : "remove", id); |
204 return -1; | 212 ret = -1; |
205 } | 213 } |
214 xfree(pin); 215 return ret; |
|
206} 207 208static int 209list_identities(AuthenticationConnection *ac, int do_fp) 210{ 211 Key *key; 212 char *comment, *fp; 213 int had_identities = 0; --- 74 unchanged lines hidden (view full) --- 288 fprintf(stderr, "Options:\n"); 289 fprintf(stderr, " -l List fingerprints of all identities.\n"); 290 fprintf(stderr, " -L List public key parameters of all identities.\n"); 291 fprintf(stderr, " -d Delete identity.\n"); 292 fprintf(stderr, " -D Delete all identities.\n"); 293 fprintf(stderr, " -x Lock agent.\n"); 294 fprintf(stderr, " -X Unlock agent.\n"); 295 fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n"); | 216} 217 218static int 219list_identities(AuthenticationConnection *ac, int do_fp) 220{ 221 Key *key; 222 char *comment, *fp; 223 int had_identities = 0; --- 74 unchanged lines hidden (view full) --- 298 fprintf(stderr, "Options:\n"); 299 fprintf(stderr, " -l List fingerprints of all identities.\n"); 300 fprintf(stderr, " -L List public key parameters of all identities.\n"); 301 fprintf(stderr, " -d Delete identity.\n"); 302 fprintf(stderr, " -D Delete all identities.\n"); 303 fprintf(stderr, " -x Lock agent.\n"); 304 fprintf(stderr, " -X Unlock agent.\n"); 305 fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n"); |
306 fprintf(stderr, " -c Require confirmation to sign using identities\n"); |
|
296#ifdef SMARTCARD 297 fprintf(stderr, " -s reader Add key in smartcard reader.\n"); 298 fprintf(stderr, " -e reader Remove key in smartcard reader.\n"); 299#endif 300} 301 302int 303main(int argc, char **argv) --- 11 unchanged lines hidden (view full) --- 315 SSLeay_add_all_algorithms(); 316 317 /* At first, get a connection to the authentication agent. */ 318 ac = ssh_get_authentication_connection(); 319 if (ac == NULL) { 320 fprintf(stderr, "Could not open a connection to your authentication agent.\n"); 321 exit(2); 322 } | 307#ifdef SMARTCARD 308 fprintf(stderr, " -s reader Add key in smartcard reader.\n"); 309 fprintf(stderr, " -e reader Remove key in smartcard reader.\n"); 310#endif 311} 312 313int 314main(int argc, char **argv) --- 11 unchanged lines hidden (view full) --- 326 SSLeay_add_all_algorithms(); 327 328 /* At first, get a connection to the authentication agent. */ 329 ac = ssh_get_authentication_connection(); 330 if (ac == NULL) { 331 fprintf(stderr, "Could not open a connection to your authentication agent.\n"); 332 exit(2); 333 } |
323 while ((ch = getopt(argc, argv, "lLdDxXe:s:t:")) != -1) { | 334 while ((ch = getopt(argc, argv, "lLcdDxXe:s:t:")) != -1) { |
324 switch (ch) { 325 case 'l': 326 case 'L': 327 if (list_identities(ac, ch == 'l' ? 1 : 0) == -1) 328 ret = 1; 329 goto done; 330 break; 331 case 'x': 332 case 'X': 333 if (lock_agent(ac, ch == 'x' ? 1 : 0) == -1) 334 ret = 1; 335 goto done; 336 break; | 335 switch (ch) { 336 case 'l': 337 case 'L': 338 if (list_identities(ac, ch == 'l' ? 1 : 0) == -1) 339 ret = 1; 340 goto done; 341 break; 342 case 'x': 343 case 'X': 344 if (lock_agent(ac, ch == 'x' ? 1 : 0) == -1) 345 ret = 1; 346 goto done; 347 break; |
348 case 'c': 349 confirm = 1; 350 break; |
|
337 case 'd': 338 deleting = 1; 339 break; 340 case 'D': 341 if (delete_all(ac) == -1) 342 ret = 1; 343 goto done; 344 break; --- 64 unchanged lines hidden --- | 351 case 'd': 352 deleting = 1; 353 break; 354 case 'D': 355 if (delete_all(ac) == -1) 356 ret = 1; 357 goto done; 358 break; --- 64 unchanged lines hidden --- |