version 1.16, 2000/04/26 20:56:29 |
version 1.16.2.3, 2001/03/12 15:44:15 |
|
|
* Author: Tatu Ylonen <ylo@cs.hut.fi> |
* Author: Tatu Ylonen <ylo@cs.hut.fi> |
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
* All rights reserved |
* All rights reserved |
* Created: Thu Apr 6 00:52:24 1995 ylo |
|
* Adds an identity to the authentication server, or removes an identity. |
* Adds an identity to the authentication server, or removes an identity. |
|
* |
|
* As far as I am concerned, the code I have written for this software |
|
* can be used freely for any purpose. Any derived versions of this |
|
* software must be clearly marked as such, and if the derived work is |
|
* incompatible with the protocol description in the RFC file, it must be |
|
* called by a name other than "ssh" or "Secure Shell". |
|
* |
|
* SSH2 implementation, |
|
* Copyright (c) 2000 Markus Friedl. All rights reserved. |
|
* |
|
* Redistribution and use in source and binary forms, with or without |
|
* modification, are permitted provided that the following conditions |
|
* are met: |
|
* 1. Redistributions of source code must retain the above copyright |
|
* notice, this list of conditions and the following disclaimer. |
|
* 2. Redistributions in binary form must reproduce the above copyright |
|
* notice, this list of conditions and the following disclaimer in the |
|
* documentation and/or other materials provided with the distribution. |
|
* |
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
|
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
|
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
*/ |
*/ |
|
|
#include "includes.h" |
#include "includes.h" |
RCSID("$Id$"); |
RCSID("$OpenBSD$"); |
|
|
#include <openssl/rsa.h> |
#include <openssl/evp.h> |
#include <openssl/dsa.h> |
|
|
|
#include "rsa.h" |
|
#include "ssh.h" |
#include "ssh.h" |
|
#include "rsa.h" |
|
#include "log.h" |
#include "xmalloc.h" |
#include "xmalloc.h" |
#include "authfd.h" |
|
#include "fingerprint.h" |
|
#include "key.h" |
#include "key.h" |
|
#include "authfd.h" |
#include "authfile.h" |
#include "authfile.h" |
|
#include "pathnames.h" |
|
#include "readpass.h" |
|
|
void |
void |
delete_file(AuthenticationConnection *ac, const char *filename) |
delete_file(AuthenticationConnection *ac, const char *filename) |
|
|
Key *public; |
Key *public; |
char *comment; |
char *comment; |
|
|
public = key_new(KEY_RSA); |
public = key_new(KEY_RSA1); |
if (!load_public_key(filename, public, &comment)) { |
if (!load_public_key(filename, public, &comment)) { |
printf("Bad key file %s: %s\n", filename, strerror(errno)); |
key_free(public); |
return; |
public = key_new(KEY_UNSPEC); |
|
if (!try_load_public_key(filename, public, &comment)) { |
|
printf("Bad key file %s\n", filename); |
|
return; |
|
} |
} |
} |
if (ssh_remove_identity(ac, public->rsa)) |
if (ssh_remove_identity(ac, public)) |
fprintf(stderr, "Identity removed: %s (%s)\n", filename, comment); |
fprintf(stderr, "Identity removed: %s (%s)\n", filename, comment); |
else |
else |
fprintf(stderr, "Could not remove identity: %s\n", filename); |
fprintf(stderr, "Could not remove identity: %s\n", filename); |
|
|
xfree(comment); |
xfree(comment); |
} |
} |
|
|
|
/* Send a request to remove all identities. */ |
void |
void |
delete_all(AuthenticationConnection *ac) |
delete_all(AuthenticationConnection *ac) |
{ |
{ |
/* Send a request to remove all identities. */ |
int success = 1; |
if (ssh_remove_all_identities(ac)) |
|
|
if (!ssh_remove_all_identities(ac, 1)) |
|
success = 0; |
|
/* ignore error-code for ssh2 */ |
|
ssh_remove_all_identities(ac, 2); |
|
|
|
if (success) |
fprintf(stderr, "All identities removed.\n"); |
fprintf(stderr, "All identities removed.\n"); |
else |
else |
fprintf(stderr, "Failed to remove all identitities.\n"); |
fprintf(stderr, "Failed to remove all identities.\n"); |
} |
} |
|
|
char * |
char * |
|
|
int p[2], status; |
int p[2], status; |
char buf[1024]; |
char buf[1024]; |
|
|
|
if (fflush(stdout) != 0) |
|
error("ssh_askpass: fflush: %s", strerror(errno)); |
if (askpass == NULL) |
if (askpass == NULL) |
fatal("internal error: askpass undefined"); |
fatal("internal error: askpass undefined"); |
if (pipe(p) < 0) |
if (pipe(p) < 0) |
|
|
void |
void |
add_file(AuthenticationConnection *ac, const char *filename) |
add_file(AuthenticationConnection *ac, const char *filename) |
{ |
{ |
|
struct stat st; |
Key *public; |
Key *public; |
Key *private; |
Key *private; |
char *saved_comment, *comment, *askpass = NULL; |
char *saved_comment, *comment, *askpass = NULL; |
char buf[1024], msg[1024]; |
char buf[1024], msg[1024]; |
int success; |
int success; |
int interactive = isatty(STDIN_FILENO); |
int interactive = isatty(STDIN_FILENO); |
|
int type = KEY_RSA1; |
|
|
public = key_new(KEY_RSA); |
if (stat(filename, &st) < 0) { |
|
perror(filename); |
|
exit(1); |
|
} |
|
/* |
|
* try to load the public key. right now this only works for RSA, |
|
* since DSA keys are fully encrypted |
|
*/ |
|
public = key_new(KEY_RSA1); |
if (!load_public_key(filename, public, &saved_comment)) { |
if (!load_public_key(filename, public, &saved_comment)) { |
printf("Bad key file %s: %s\n", filename, strerror(errno)); |
/* ok, so we will assume this is 'some' key */ |
return; |
type = KEY_UNSPEC; |
|
saved_comment = xstrdup(filename); |
} |
} |
key_free(public); |
key_free(public); |
|
|
|
|
if (getenv(SSH_ASKPASS_ENV)) |
if (getenv(SSH_ASKPASS_ENV)) |
askpass = getenv(SSH_ASKPASS_ENV); |
askpass = getenv(SSH_ASKPASS_ENV); |
else |
else |
askpass = SSH_ASKPASS_DEFAULT; |
askpass = _PATH_SSH_ASKPASS_DEFAULT; |
} |
} |
|
|
/* At first, try empty passphrase */ |
/* At first, try empty passphrase */ |
private = key_new(KEY_RSA); |
private = key_new(type); |
success = load_private_key(filename, "", private, &comment); |
success = load_private_key(filename, "", private, &comment); |
if (!success) { |
if (!success) { |
printf("Need passphrase for %.200s\n", filename); |
printf("Need passphrase for %.200s\n", filename); |
|
|
strlcpy(msg, "Bad passphrase, try again", sizeof msg); |
strlcpy(msg, "Bad passphrase, try again", sizeof msg); |
} |
} |
} |
} |
xfree(saved_comment); |
xfree(comment); |
|
if (ssh_add_identity(ac, private, saved_comment)) |
if (ssh_add_identity(ac, private->rsa, comment)) |
fprintf(stderr, "Identity added: %s (%s)\n", filename, saved_comment); |
fprintf(stderr, "Identity added: %s (%s)\n", filename, comment); |
|
else |
else |
fprintf(stderr, "Could not add identity: %s\n", filename); |
fprintf(stderr, "Could not add identity: %s\n", filename); |
key_free(private); |
key_free(private); |
xfree(comment); |
xfree(saved_comment); |
} |
} |
|
|
void |
void |
list_identities(AuthenticationConnection *ac, int fp) |
list_identities(AuthenticationConnection *ac, int fp) |
{ |
{ |
BIGNUM *e, *n; |
Key *key; |
int status; |
|
char *comment; |
char *comment; |
int had_identities; |
int had_identities = 0; |
|
int version; |
|
|
e = BN_new(); |
for (version = 1; version <= 2; version++) { |
n = BN_new(); |
for (key = ssh_get_first_identity(ac, &comment, version); |
had_identities = 0; |
key != NULL; |
for (status = ssh_get_first_identity(ac, e, n, &comment); |
key = ssh_get_next_identity(ac, &comment, version)) { |
status; |
had_identities = 1; |
status = ssh_get_next_identity(ac, e, n, &comment)) { |
if (fp) { |
unsigned int bits = BN_num_bits(n); |
printf("%d %s %s (%s)\n", |
had_identities = 1; |
key_size(key), key_fingerprint(key), |
if (fp) { |
comment, key_type(key)); |
printf("%d %s %s\n", bits, fingerprint(e, n), comment); |
|
} else { |
|
char *ebuf, *nbuf; |
|
ebuf = BN_bn2dec(e); |
|
if (ebuf == NULL) { |
|
error("list_identities: BN_bn2dec(e) failed."); |
|
} else { |
} else { |
nbuf = BN_bn2dec(n); |
if (!key_write(key, stdout)) |
if (nbuf == NULL) { |
fprintf(stderr, "key_write failed"); |
error("list_identities: BN_bn2dec(n) failed."); |
fprintf(stdout, " %s\n", comment); |
} else { |
|
printf("%d %s %s %s\n", bits, ebuf, nbuf, comment); |
|
free(nbuf); |
|
} |
|
free(ebuf); |
|
} |
} |
|
key_free(key); |
|
xfree(comment); |
} |
} |
xfree(comment); |
|
} |
} |
BN_clear_free(e); |
|
BN_clear_free(n); |
|
if (!had_identities) |
if (!had_identities) |
printf("The agent has no identities.\n"); |
printf("The agent has no identities.\n"); |
} |
} |
|
|
int i; |
int i; |
int deleting = 0; |
int deleting = 0; |
|
|
/* check if RSA support exists */ |
SSLeay_add_all_algorithms(); |
if (rsa_alive() == 0) { |
|
extern char *__progname; |
|
|
|
fprintf(stderr, |
|
"%s: no RSA support in libssl and libcrypto. See ssl(8).\n", |
|
__progname); |
|
exit(1); |
|
} |
|
/* At first, get a connection to the authentication agent. */ |
/* At first, get a connection to the authentication agent. */ |
ac = ssh_get_authentication_connection(); |
ac = ssh_get_authentication_connection(); |
if (ac == NULL) { |
if (ac == NULL) { |
|
|
if (no_files) { |
if (no_files) { |
pw = getpwuid(getuid()); |
pw = getpwuid(getuid()); |
if (!pw) { |
if (!pw) { |
fprintf(stderr, "No user found with uid %d\n", (int) getuid()); |
fprintf(stderr, "No user found with uid %u\n", |
|
(u_int)getuid()); |
ssh_close_authentication_connection(ac); |
ssh_close_authentication_connection(ac); |
exit(1); |
exit(1); |
} |
} |
snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, SSH_CLIENT_IDENTITY); |
snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, _PATH_SSH_CLIENT_IDENTITY); |
if (deleting) |
if (deleting) |
delete_file(ac, buf); |
delete_file(ac, buf); |
else |
else |