===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-add.c,v
retrieving revision 1.63
retrieving revision 1.63.2.1
diff -u -r1.63 -r1.63.2.1
--- src/usr.bin/ssh/ssh-add.c	2002/09/19 15:51:23	1.63
+++ src/usr.bin/ssh/ssh-add.c	2003/04/01 00:12:14	1.63.2.1
@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-add.c,v 1.63 2002/09/19 15:51:23 markus Exp $");
+RCSID("$OpenBSD: ssh-add.c,v 1.63.2.1 2003/04/01 00:12:14 margarida Exp $");
 
 #include <openssl/evp.h>
 
@@ -64,6 +64,9 @@
 /* Default lifetime (0 == forever) */
 static int lifetime = 0;
 
+/* User has to confirm key use */
+static int confirm = 0;
+
 /* we keep a cache of one passphrases */
 static char *pass = NULL;
 static void
@@ -159,12 +162,16 @@
 		}
 	}
 
-	if (ssh_add_identity_constrained(ac, private, comment, lifetime)) {
+ 	if (ssh_add_identity_constrained(ac, private, comment, lifetime,
+ 	    confirm)) {
 		fprintf(stderr, "Identity added: %s (%s)\n", filename, comment);
 		ret = 0;
 		if (lifetime != 0)
-                        fprintf(stderr,
+			fprintf(stderr,
 			    "Lifetime set to %d seconds\n", lifetime);
+ 		if (confirm != 0)
+			fprintf(stderr,
+			    "The user has to confirm each use of the key\n");
 	} else if (ssh_add_identity(ac, private, comment)) {
 		fprintf(stderr, "Identity added: %s (%s)\n", filename, comment);
 		ret = 0;
@@ -182,6 +189,7 @@
 update_card(AuthenticationConnection *ac, int add, const char *id)
 {
 	char *pin;
+	int ret = -1;
 
 	pin = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN);
 	if (pin == NULL)
@@ -190,12 +198,14 @@
 	if (ssh_update_card(ac, add, id, pin)) {
 		fprintf(stderr, "Card %s: %s\n",
 		    add ? "added" : "removed", id);
-		return 0;
+		ret = 0;
 	} else {
 		fprintf(stderr, "Could not %s card: %s\n",
 		    add ? "add" : "remove", id);
-		return -1;
+		ret = -1;
 	}
+	xfree(pin);
+	return ret;
 }
 
 static int
@@ -286,6 +296,7 @@
 	fprintf(stderr, "  -x          Lock agent.\n");
 	fprintf(stderr, "  -X          Unlock agent.\n");
 	fprintf(stderr, "  -t life     Set lifetime (in seconds) when adding identities.\n");
+	fprintf(stderr, "  -c          Require confirmation to sign using identities\n");
 #ifdef SMARTCARD
 	fprintf(stderr, "  -s reader   Add key in smartcard reader.\n");
 	fprintf(stderr, "  -e reader   Remove key in smartcard reader.\n");
@@ -309,7 +320,7 @@
 		fprintf(stderr, "Could not open a connection to your authentication agent.\n");
 		exit(2);
 	}
-	while ((ch = getopt(argc, argv, "lLdDxXe:s:t:")) != -1) {
+	while ((ch = getopt(argc, argv, "lLcdDxXe:s:t:")) != -1) {
 		switch (ch) {
 		case 'l':
 		case 'L':
@@ -322,6 +333,9 @@
 			if (lock_agent(ac, ch == 'x' ? 1 : 0) == -1)
 				ret = 1;
 			goto done;
+			break;
+		case 'c':
+			confirm = 1;
 			break;
 		case 'd':
 			deleting = 1;