src/usr.bin/ssh/ssh-add.c - diff

Return to ssh-add.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/ssh-add.c between version 1.147 and 1.148

version 1.147, 2019/11/25 00:51:37

version 1.148, 2019/12/30 09:22:49

Line 63

#include "misc.h"

#include "ssherr.h"

#include "digest.h"

#include "ssh-sk.h"

/* argv0 */

extern char *__progname;

Line 533

Line 534

}

static int

load_resident_keys(int agent_fd, const char *skprovider, int qflag)

{

struct sshkey **keys;

size_t nkeys, i;

int r, ok = 0;

char *fp;

pass = read_passphrase("Enter PIN for security key: ", RP_ALLOW_STDIN);

if ((r = sshsk_load_resident(skprovider, pass, &keys, &nkeys)) != 0) {

error("Unable to load resident keys: %s", ssh_err(r));

return r;

}

for (i = 0; i < nkeys; i++) {

if ((fp = sshkey_fingerprint(keys[i],

fingerprint_hash, SSH_FP_DEFAULT)) == NULL)

fatal("%s: sshkey_fingerprint failed", __func__);

if ((r = ssh_add_identity_constrained(agent_fd, keys[i], "",

lifetime, confirm, maxsign, skprovider)) != 0) {

error("Unable to add key %s %s",

sshkey_type(keys[i]), fp);

free(fp);

ok = r;

continue;

}

if (ok == 0)

ok = 1;

if (!qflag) {

fprintf(stderr, "Resident identity added: %s %s\n",

sshkey_type(keys[i]), fp);

if (lifetime != 0) {

fprintf(stderr,

"Lifetime set to %d seconds\n", lifetime);

}

if (confirm != 0) {

fprintf(stderr, "The user must confirm "

"each use of the key\n");

}

free(fp);

sshkey_free(keys[i]);

}

free(keys);

if (nkeys == 0)

return SSH_ERR_KEY_NOT_FOUND;

return ok == 1 ? 0 : ok;

}

static int

do_file(int agent_fd, int deleting, int key_only, char *file, int qflag,

const char *skprovider)

{

Line 578

Line 627

extern int optind;

int agent_fd;

char *pkcs11provider = NULL, *skprovider = NULL;

int r, i, ch, deleting = 0, ret = 0, key_only = 0;

int r, i, ch, deleting = 0, ret = 0, key_only = 0, do_download = 0;

int xflag = 0, lflag = 0, Dflag = 0, qflag = 0, Tflag = 0;

SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;

LogLevel log_level = SYSLOG_LEVEL_INFO;

Line 608

Line 657

skprovider = getenv("SSH_SK_PROVIDER");

while ((ch = getopt(argc, argv, "vklLcdDTxXE:e:M:m:qs:S:t:")) != -1) {

while ((ch = getopt(argc, argv, "vklLcdDTxXE:e:M:m:Oqs:S:t:")) != -1) {

switch (ch) {

case 'v':

if (log_level == SYSLOG_LEVEL_INFO)

Line 630

Line 679

fatal("-%c flag already specified", lflag);

lflag = ch;

break;

case 'O':

do_download = 1;

break;

case 'x':

case 'X':

if (xflag != 0)

Line 727

Line 779

ret = 1;

goto done;

}

if (do_download) {

if (skprovider == NULL)

fatal("Cannot download keys without provider");

if (load_resident_keys(agent_fd, skprovider, qflag) != 0)

ret = 1;

goto done;

}

if (argc == 0) {

char buf[PATH_MAX];

struct passwd *pw;

Line 760

Line 819

ret = 1;

}

clear_pass();

done:

clear_pass();

ssh_close_authentication_socket(agent_fd);

return ret;

}