version 1.142, 2019/10/31 21:19:15 |
version 1.143, 2019/10/31 21:19:56 |
|
|
_PATH_SSH_CLIENT_ID_RSA, |
_PATH_SSH_CLIENT_ID_RSA, |
_PATH_SSH_CLIENT_ID_DSA, |
_PATH_SSH_CLIENT_ID_DSA, |
_PATH_SSH_CLIENT_ID_ECDSA, |
_PATH_SSH_CLIENT_ID_ECDSA, |
|
_PATH_SSH_CLIENT_ID_ECDSA_SK, |
_PATH_SSH_CLIENT_ID_ED25519, |
_PATH_SSH_CLIENT_ID_ED25519, |
_PATH_SSH_CLIENT_ID_XMSS, |
_PATH_SSH_CLIENT_ID_XMSS, |
NULL |
NULL |
|
|
} |
} |
|
|
static int |
static int |
add_file(int agent_fd, const char *filename, int key_only, int qflag) |
add_file(int agent_fd, const char *filename, int key_only, int qflag, |
|
const char *skprovider) |
{ |
{ |
struct sshkey *private, *cert; |
struct sshkey *private, *cert; |
char *comment = NULL; |
char *comment = NULL; |
|
|
ssh_free_identitylist(idlist); |
ssh_free_identitylist(idlist); |
} |
} |
|
|
|
if (sshkey_type_plain(private->type) != KEY_ECDSA_SK) |
|
skprovider = NULL; /* Don't send constraint for other keys */ |
|
else if (skprovider == NULL) { |
|
fprintf(stderr, "Cannot load security key %s without " |
|
"provider\n", filename); |
|
goto out; |
|
} |
|
|
if ((r = ssh_add_identity_constrained(agent_fd, private, comment, |
if ((r = ssh_add_identity_constrained(agent_fd, private, comment, |
lifetime, confirm, maxsign, NULL)) == 0) { |
lifetime, confirm, maxsign, skprovider)) == 0) { |
ret = 0; |
ret = 0; |
if (!qflag) { |
if (!qflag) { |
fprintf(stderr, "Identity added: %s (%s)\n", |
fprintf(stderr, "Identity added: %s (%s)\n", |
|
|
sshkey_free(cert); |
sshkey_free(cert); |
|
|
if ((r = ssh_add_identity_constrained(agent_fd, private, comment, |
if ((r = ssh_add_identity_constrained(agent_fd, private, comment, |
lifetime, confirm, maxsign, NULL)) != 0) { |
lifetime, confirm, maxsign, skprovider)) != 0) { |
error("Certificate %s (%s) add failed: %s", certpath, |
error("Certificate %s (%s) add failed: %s", certpath, |
private->cert->key_id, ssh_err(r)); |
private->cert->key_id, ssh_err(r)); |
goto out; |
goto out; |
|
|
} |
} |
|
|
static int |
static int |
do_file(int agent_fd, int deleting, int key_only, char *file, int qflag) |
do_file(int agent_fd, int deleting, int key_only, char *file, int qflag, |
|
const char *skprovider) |
{ |
{ |
if (deleting) { |
if (deleting) { |
if (delete_file(agent_fd, file, key_only, qflag) == -1) |
if (delete_file(agent_fd, file, key_only, qflag) == -1) |
return -1; |
return -1; |
} else { |
} else { |
if (add_file(agent_fd, file, key_only, qflag) == -1) |
if (add_file(agent_fd, file, key_only, qflag, skprovider) == -1) |
return -1; |
return -1; |
} |
} |
return 0; |
return 0; |
|
|
fprintf(stderr, " -s pkcs11 Add keys from PKCS#11 provider.\n"); |
fprintf(stderr, " -s pkcs11 Add keys from PKCS#11 provider.\n"); |
fprintf(stderr, " -e pkcs11 Remove keys provided by PKCS#11 provider.\n"); |
fprintf(stderr, " -e pkcs11 Remove keys provided by PKCS#11 provider.\n"); |
fprintf(stderr, " -T pubkey Test if ssh-agent can access matching private key.\n"); |
fprintf(stderr, " -T pubkey Test if ssh-agent can access matching private key.\n"); |
|
fprintf(stderr, " -S provider Specify security key provider.\n"); |
fprintf(stderr, " -q Be quiet after a successful operation.\n"); |
fprintf(stderr, " -q Be quiet after a successful operation.\n"); |
fprintf(stderr, " -v Be more verbose.\n"); |
fprintf(stderr, " -v Be more verbose.\n"); |
} |
} |
|
|
extern char *optarg; |
extern char *optarg; |
extern int optind; |
extern int optind; |
int agent_fd; |
int agent_fd; |
char *pkcs11provider = NULL; |
char *pkcs11provider = NULL, *skprovider = NULL; |
int r, i, ch, deleting = 0, ret = 0, key_only = 0; |
int r, i, ch, deleting = 0, ret = 0, key_only = 0; |
int xflag = 0, lflag = 0, Dflag = 0, qflag = 0, Tflag = 0; |
int xflag = 0, lflag = 0, Dflag = 0, qflag = 0, Tflag = 0; |
SyslogFacility log_facility = SYSLOG_FACILITY_AUTH; |
SyslogFacility log_facility = SYSLOG_FACILITY_AUTH; |
|
|
exit(2); |
exit(2); |
} |
} |
|
|
while ((ch = getopt(argc, argv, "vklLcdDTxXE:e:M:m:qs:t:")) != -1) { |
skprovider = getenv("SSH_SK_PROVIDER"); |
|
|
|
while ((ch = getopt(argc, argv, "vklLcdDTxXE:e:M:m:qs:S:t:")) != -1) { |
switch (ch) { |
switch (ch) { |
case 'v': |
case 'v': |
if (log_level == SYSLOG_LEVEL_INFO) |
if (log_level == SYSLOG_LEVEL_INFO) |
|
|
case 's': |
case 's': |
pkcs11provider = optarg; |
pkcs11provider = optarg; |
break; |
break; |
|
case 'S': |
|
skprovider = optarg; |
|
break; |
case 'e': |
case 'e': |
deleting = 1; |
deleting = 1; |
pkcs11provider = optarg; |
pkcs11provider = optarg; |
|
|
if (stat(buf, &st) == -1) |
if (stat(buf, &st) == -1) |
continue; |
continue; |
if (do_file(agent_fd, deleting, key_only, buf, |
if (do_file(agent_fd, deleting, key_only, buf, |
qflag) == -1) |
qflag, skprovider) == -1) |
ret = 1; |
ret = 1; |
else |
else |
count++; |
count++; |
|
|
} else { |
} else { |
for (i = 0; i < argc; i++) { |
for (i = 0; i < argc; i++) { |
if (do_file(agent_fd, deleting, key_only, |
if (do_file(agent_fd, deleting, key_only, |
argv[i], qflag) == -1) |
argv[i], qflag, skprovider) == -1) |
ret = 1; |
ret = 1; |
} |
} |
} |
} |