src/usr.bin/ssh/ssh-add.c - diff

Return to ssh-add.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/ssh-add.c between version 1.134 and 1.135

version 1.134, 2017/08/29 09:42:29

version 1.135, 2018/02/23 15:58:37

Line 70

_PATH_SSH_CLIENT_ID_DSA,

_PATH_SSH_CLIENT_ID_ECDSA,

_PATH_SSH_CLIENT_ID_ED25519,

_PATH_SSH_CLIENT_ID_XMSS,

NULL

};

Line 81

Line 82

/* User has to confirm key use */

static int confirm = 0;

/* Maximum number of signatures (XMSS) */

static u_int maxsign = 0;

static u_int minleft = 0;

/* we keep a cache of one passphrase */

static char *pass = NULL;

static void

Line 182

Line 187

char *comment = NULL;

char msg[1024], *certpath = NULL;

int r, fd, ret = -1;

size_t i;

u_int32_t left;

struct sshbuf *keyblob;

struct ssh_identitylist *idlist;

if (strcmp(filename, "-") == 0) {

fd = STDIN_FILENO;

Line 260

Line 268

comment = xstrdup(filename);

sshbuf_free(keyblob);

/* For XMSS */

if ((r = sshkey_set_filename(private, filename)) != 0) {

fprintf(stderr, "Could not add filename to private key: %s (%s)\n",

filename, comment);

goto out;

}

if (maxsign && minleft &&

(r = ssh_fetch_identitylist(agent_fd, &idlist)) == 0) {

for (i = 0; i < idlist->nkeys; i++) {

if (!sshkey_equal_public(idlist->keys[i], private))

continue;

left = sshkey_signatures_left(idlist->keys[i]);

if (left < minleft) {

fprintf(stderr,

"Only %d signatures left.\n", left);

break;

}

fprintf(stderr, "Skipping update: ");

if (left == minleft) {

fprintf(stderr,

"required signatures left (%d).\n", left);

} else {

fprintf(stderr,

"more signatures left (%d) than"

" required (%d).\n", left, minleft);

}

ssh_free_identitylist(idlist);

goto out;

}

ssh_free_identitylist(idlist);

}

if ((r = ssh_add_identity_constrained(agent_fd, private, comment,

lifetime, confirm)) == 0) {

lifetime, confirm, maxsign)) == 0) {

fprintf(stderr, "Identity added: %s (%s)\n", filename, comment);

ret = 0;

if (lifetime != 0)

Line 309

Line 349

sshkey_free(cert);

if ((r = ssh_add_identity_constrained(agent_fd, private, comment,

lifetime, confirm)) != 0) {

lifetime, confirm, maxsign)) != 0) {

error("Certificate %s (%s) add failed: %s", certpath,

private->cert->key_id, ssh_err(r));

goto out;

Line 360

Line 400

char *fp;

int r;

struct ssh_identitylist *idlist;

u_int32_t left;

size_t i;

if ((r = ssh_fetch_identitylist(agent_fd, &idlist)) != 0) {

Line 384

Line 425

ssh_err(r));

continue;

}

fprintf(stdout, " %s\n", idlist->comments[i]);

fprintf(stdout, " %s", idlist->comments[i]);

left = sshkey_signatures_left(idlist->keys[i]);

if (left > 0)

fprintf(stdout,

" [signatures left %d]", left);

fprintf(stdout, "\n");

}

ssh_free_identitylist(idlist);

Line 446

Line 492

fprintf(stderr, " -L List public key parameters of all identities.\n");

fprintf(stderr, " -k Load only keys and not certificates.\n");

fprintf(stderr, " -c Require confirmation to sign using identities\n");

fprintf(stderr, " -m minleft Maxsign is only changed if less than minleft are left (for XMSS)\n");

fprintf(stderr, " -M maxsign Maximum number of signatures allowed (for XMSS)\n");

fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n");

fprintf(stderr, " -d Delete identity.\n");

fprintf(stderr, " -D Delete all identities.\n");

Line 487

Line 535

exit(2);

}

while ((ch = getopt(argc, argv, "klLcdDxXE:e:qs:t:")) != -1) {

while ((ch = getopt(argc, argv, "klLcdDxXE:e:M:m:qs:t:")) != -1) {

switch (ch) {

case 'E':

fingerprint_hash = ssh_digest_alg_by_name(optarg);

Line 511

Line 559

break;

case 'c':

confirm = 1;

break;

case 'm':

minleft = (int)strtonum(optarg, 1, UINT_MAX, NULL);

if (minleft == 0) {

usage();

ret = 1;

goto done;

}

break;

case 'M':

maxsign = (int)strtonum(optarg, 1, UINT_MAX, NULL);

if (maxsign == 0) {

usage();

ret = 1;

goto done;

}

break;

case 'd':

deleting = 1;