src/usr.bin/ssh/ssh-add.c - diff

Return to ssh-add.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/ssh-add.c between version 1.16 and 1.16.2.4

version 1.16, 2000/04/26 20:56:29

version 1.16.2.4, 2001/03/21 18:53:08

Line 2

* Author: Tatu Ylonen <ylo@cs.hut.fi>

* Created: Thu Apr 6 00:52:24 1995 ylo

* Adds an identity to the authentication server, or removes an identity.

* As far as I am concerned, the code I have written for this software

* can be used freely for any purpose. Any derived versions of this

* software must be clearly marked as such, and if the derived work is

* incompatible with the protocol description in the RFC file, it must be

* called by a name other than "ssh" or "Secure Shell".

* SSH2 implementation,

* Redistribution and use in source and binary forms, with or without

* modification, are permitted provided that the following conditions

* are met:

* 1. Redistributions of source code must retain the above copyright

* notice, this list of conditions and the following disclaimer.

* 2. Redistributions in binary form must reproduce the above copyright

* notice, this list of conditions and the following disclaimer in the

* documentation and/or other materials provided with the distribution.

* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR

* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES

* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.

* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,

* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,

* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY

* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF

* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

#include "includes.h"

RCSID("$Id$");

RCSID("$OpenBSD$");

#include <openssl/rsa.h>

#include <openssl/evp.h>

#include <openssl/dsa.h>

#include "rsa.h"

#include "ssh.h"

#include "rsa.h"

#include "log.h"

#include "xmalloc.h"

#include "authfd.h"

#include "fingerprint.h"

#include "key.h"

#include "authfd.h"

#include "authfile.h"

#include "pathnames.h"

#include "readpass.h"

void

delete_file(AuthenticationConnection *ac, const char *filename)

Line 26

Line 55

Key *public;

char *comment;

public = key_new(KEY_RSA);

public = key_new(KEY_RSA1);

if (!load_public_key(filename, public, &comment)) {

printf("Bad key file %s: %s\n", filename, strerror(errno));

key_free(public);

return;

public = key_new(KEY_UNSPEC);

if (!try_load_public_key(filename, public, &comment)) {

printf("Bad key file %s\n", filename);

return;

}

if (ssh_remove_identity(ac, public->rsa))

if (ssh_remove_identity(ac, public))

fprintf(stderr, "Identity removed: %s (%s)\n", filename, comment);

else

fprintf(stderr, "Could not remove identity: %s\n", filename);

Line 39

Line 72

xfree(comment);

}

/* Send a request to remove all identities. */

void

delete_all(AuthenticationConnection *ac)

{

/* Send a request to remove all identities. */

int success = 1;

if (ssh_remove_all_identities(ac))

if (!ssh_remove_all_identities(ac, 1))

success = 0;

/* ignore error-code for ssh2 */

ssh_remove_all_identities(ac, 2);

if (success)

fprintf(stderr, "All identities removed.\n");

else

fprintf(stderr, "Failed to remove all identitities.\n");

fprintf(stderr, "Failed to remove all identities.\n");

}

char *

Line 58

Line 98

int p[2], status;

char buf[1024];

if (fflush(stdout) != 0)

error("ssh_askpass: fflush: %s", strerror(errno));

if (askpass == NULL)

fatal("internal error: askpass undefined");

if (pipe(p) < 0)

Line 90

Line 132

void

add_file(AuthenticationConnection *ac, const char *filename)

{

struct stat st;

Key *public;

Key *private;

char *saved_comment, *comment, *askpass = NULL;

char buf[1024], msg[1024];

int success;

int interactive = isatty(STDIN_FILENO);

int type = KEY_RSA1;

public = key_new(KEY_RSA);

if (stat(filename, &st) < 0) {

perror(filename);

exit(1);

}

* try to load the public key. right now this only works for RSA,

* since DSA keys are fully encrypted

public = key_new(KEY_RSA1);

if (!load_public_key(filename, public, &saved_comment)) {

printf("Bad key file %s: %s\n", filename, strerror(errno));

/* ok, so we will assume this is 'some' key */

return;

type = KEY_UNSPEC;

saved_comment = xstrdup(filename);

}

key_free(public);

Line 108

Line 161

if (getenv(SSH_ASKPASS_ENV))

askpass = getenv(SSH_ASKPASS_ENV);

else

askpass = SSH_ASKPASS_DEFAULT;

askpass = _PATH_SSH_ASKPASS_DEFAULT;

}

/* At first, try empty passphrase */

private = key_new(KEY_RSA);

private = key_new(type);

success = load_private_key(filename, "", private, &comment);

if (!success) {

printf("Need passphrase for %.200s\n", filename);

Line 142

Line 195

strlcpy(msg, "Bad passphrase, try again", sizeof msg);

}

xfree(saved_comment);

xfree(comment);

if (ssh_add_identity(ac, private, saved_comment))

if (ssh_add_identity(ac, private->rsa, comment))

fprintf(stderr, "Identity added: %s (%s)\n", filename, saved_comment);

fprintf(stderr, "Identity added: %s (%s)\n", filename, comment);

else

fprintf(stderr, "Could not add identity: %s\n", filename);

key_free(private);

xfree(comment);

xfree(saved_comment);

}

void

list_identities(AuthenticationConnection *ac, int fp)

list_identities(AuthenticationConnection *ac, int do_fp)

{

BIGNUM *e, *n;

Key *key;

int status;

char *comment, *fp;

char *comment;

int had_identities = 0;

int had_identities;

int version;

e = BN_new();

for (version = 1; version <= 2; version++) {

n = BN_new();

for (key = ssh_get_first_identity(ac, &comment, version);

had_identities = 0;

key != NULL;

for (status = ssh_get_first_identity(ac, e, n, &comment);

key = ssh_get_next_identity(ac, &comment, version)) {

status;

had_identities = 1;

status = ssh_get_next_identity(ac, e, n, &comment)) {

if (do_fp) {

unsigned int bits = BN_num_bits(n);

fp = key_fingerprint(key, SSH_FP_MD5,

had_identities = 1;

SSH_FP_HEX);

if (fp) {

printf("%d %s %s (%s)\n",

printf("%d %s %s\n", bits, fingerprint(e, n), comment);

key_size(key), fp, comment, key_type(key));

} else {

xfree(fp);

char *ebuf, *nbuf;

ebuf = BN_bn2dec(e);

if (ebuf == NULL) {

error("list_identities: BN_bn2dec(e) failed.");

} else {

nbuf = BN_bn2dec(n);

if (!key_write(key, stdout))

if (nbuf == NULL) {

fprintf(stderr, "key_write failed");

error("list_identities: BN_bn2dec(n) failed.");

fprintf(stdout, " %s\n", comment);

} else {

printf("%d %s %s %s\n", bits, ebuf, nbuf, comment);

free(nbuf);

}

free(ebuf);

}

key_free(key);

xfree(comment);

}

xfree(comment);

}

BN_clear_free(e);

BN_clear_free(n);

if (!had_identities)

printf("The agent has no identities.\n");

}

Line 204

Line 246

int i;

int deleting = 0;

/* check if RSA support exists */

SSLeay_add_all_algorithms();

if (rsa_alive() == 0) {

extern char *__progname;

fprintf(stderr,

"%s: no RSA support in libssl and libcrypto. See ssl(8).\n",

__progname);

exit(1);

}

/* At first, get a connection to the authentication agent. */

ac = ssh_get_authentication_connection();

if (ac == NULL) {

Line 245

Line 280

if (no_files) {

pw = getpwuid(getuid());

if (!pw) {

fprintf(stderr, "No user found with uid %d\n", (int) getuid());

fprintf(stderr, "No user found with uid %u\n",

(u_int)getuid());

ssh_close_authentication_connection(ac);

exit(1);

}

snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, SSH_CLIENT_IDENTITY);

snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, _PATH_SSH_CLIENT_IDENTITY);

if (deleting)

delete_file(ac, buf);

else