Annotation of src/usr.bin/ssh/ssh-add.c, Revision 1.10
1.1 deraadt 1: /*
2:
3: ssh-add.c
4:
5: Author: Tatu Ylonen <ylo@cs.hut.fi>
6:
7: Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
8: All rights reserved
9:
10: Created: Thu Apr 6 00:52:24 1995 ylo
11:
12: Adds an identity to the authentication server, or removes an identity.
13:
14: */
15:
16: #include "includes.h"
1.10 ! markus 17: RCSID("$Id: ssh-add.c,v 1.9 1999/11/14 17:53:48 markus Exp $");
1.1 deraadt 18:
19: #include "rsa.h"
20: #include "ssh.h"
21: #include "xmalloc.h"
22: #include "authfd.h"
23:
1.2 provos 24: void
1.7 markus 25: delete_file(AuthenticationConnection *ac, const char *filename)
1.1 deraadt 26: {
1.2 provos 27: RSA *key;
1.1 deraadt 28: char *comment;
29:
1.2 provos 30: key = RSA_new();
31: if (!load_public_key(filename, key, &comment))
1.1 deraadt 32: {
33: printf("Bad key file %s: %s\n", filename, strerror(errno));
34: return;
35: }
36:
1.2 provos 37: if (ssh_remove_identity(ac, key))
1.1 deraadt 38: fprintf(stderr, "Identity removed: %s (%s)\n", filename, comment);
39: else
40: fprintf(stderr, "Could not remove identity: %s\n", filename);
1.2 provos 41: RSA_free(key);
1.1 deraadt 42: xfree(comment);
43: }
44:
1.2 provos 45: void
1.7 markus 46: delete_all(AuthenticationConnection *ac)
1.1 deraadt 47: {
48: /* Send a request to remove all identities. */
49: if (ssh_remove_all_identities(ac))
50: fprintf(stderr, "All identities removed.\n");
51: else
52: fprintf(stderr, "Failed to remove all identitities.\n");
53: }
54:
1.2 provos 55: void
1.7 markus 56: add_file(AuthenticationConnection *ac, const char *filename)
1.1 deraadt 57: {
1.2 provos 58: RSA *key;
59: RSA *public_key;
1.9 markus 60: char *saved_comment, *comment;
61: int success;
1.1 deraadt 62:
1.2 provos 63: key = RSA_new();
64: public_key = RSA_new();
65: if (!load_public_key(filename, public_key, &saved_comment))
1.1 deraadt 66: {
67: printf("Bad key file %s: %s\n", filename, strerror(errno));
68: return;
69: }
1.2 provos 70: RSA_free(public_key);
1.9 markus 71:
72: /* At first, try empty passphrase */
73: success = load_private_key(filename, "", key, &comment);
74: if (!success) {
75: printf("Need passphrase for %s (%s).\n", filename, saved_comment);
76: if (!isatty(STDIN_FILENO)){
77: xfree(saved_comment);
78: return;
79: }
80: for (;;) {
81: char *pass = read_passphrase("Enter passphrase: ", 1);
82: if (strcmp(pass, "") == 0){
83: xfree(pass);
84: xfree(saved_comment);
85: return;
86: }
87: success = load_private_key(filename, pass, key, &comment);
1.1 deraadt 88: memset(pass, 0, strlen(pass));
89: xfree(pass);
1.9 markus 90: if (success)
91: break;
92: printf("Bad passphrase.\n");
93: }
94: }
1.1 deraadt 95: xfree(saved_comment);
96:
1.2 provos 97: if (ssh_add_identity(ac, key, comment))
1.1 deraadt 98: fprintf(stderr, "Identity added: %s (%s)\n", filename, comment);
99: else
100: fprintf(stderr, "Could not add identity: %s\n", filename);
1.2 provos 101: RSA_free(key);
1.1 deraadt 102: xfree(comment);
103: }
104:
1.2 provos 105: void
1.7 markus 106: list_identities(AuthenticationConnection *ac)
1.1 deraadt 107: {
1.2 provos 108: BIGNUM *e, *n;
1.10 ! markus 109: int status;
1.1 deraadt 110: char *comment;
111: int had_identities;
112:
1.2 provos 113: e = BN_new();
114: n = BN_new();
1.1 deraadt 115: had_identities = 0;
1.10 ! markus 116: for (status = ssh_get_first_identity(ac, e, n, &comment);
1.1 deraadt 117: status;
1.10 ! markus 118: status = ssh_get_next_identity(ac, e, n, &comment))
1.1 deraadt 119: {
1.10 ! markus 120: char *ebuf, *nbuf;
1.1 deraadt 121: had_identities = 1;
1.10 ! markus 122: ebuf = BN_bn2dec(e);
! 123: if (ebuf == NULL) {
! 124: error("list_identities: BN_bn2dec(e) failed.");
! 125: }else{
! 126: nbuf = BN_bn2dec(n);
! 127: if (nbuf == NULL) {
! 128: error("list_identities: BN_bn2dec(n) failed.");
! 129: }else{
! 130: unsigned int bits = BN_num_bits(n);
! 131: printf("%d %s %s %s\n", bits, ebuf, nbuf, comment);
! 132: free(nbuf);
! 133: }
! 134: free(ebuf);
1.8 markus 135: }
1.1 deraadt 136: xfree(comment);
137: }
1.2 provos 138: BN_clear_free(e);
139: BN_clear_free(n);
1.1 deraadt 140: if (!had_identities)
141: printf("The agent has no identities.\n");
142: }
143:
1.2 provos 144: int
1.7 markus 145: main(int argc, char **argv)
1.1 deraadt 146: {
1.7 markus 147: AuthenticationConnection *ac = NULL;
1.1 deraadt 148: struct passwd *pw;
149: char buf[1024];
150: int no_files = 1;
151: int i;
152: int deleting = 0;
1.3 deraadt 153:
154: /* check if RSA support exists */
155: if (rsa_alive() == 0) {
156: extern char *__progname;
157:
158: fprintf(stderr,
159: "%s: no RSA support in libssl and libcrypto. See ssl(8).\n",
160: __progname);
161: exit(1);
162: }
1.1 deraadt 163:
1.7 markus 164: /* At first, get a connection to the authentication agent. */
165: ac = ssh_get_authentication_connection();
166: if (ac == NULL) {
167: fprintf(stderr, "Could not open a connection to your authentication agent.\n");
168: exit(1);
169: }
170:
171: for (i = 1; i < argc; i++)
1.1 deraadt 172: {
1.7 markus 173: if (strcmp(argv[i], "-l") == 0)
1.1 deraadt 174: {
1.7 markus 175: list_identities(ac);
1.1 deraadt 176: no_files = 0; /* Don't default-add/delete if -l. */
177: continue;
178: }
1.7 markus 179: if (strcmp(argv[i], "-d") == 0)
1.1 deraadt 180: {
181: deleting = 1;
182: continue;
183: }
1.7 markus 184: if (strcmp(argv[i], "-D") == 0)
1.1 deraadt 185: {
1.7 markus 186: delete_all(ac);
1.1 deraadt 187: no_files = 0;
188: continue;
189: }
190: no_files = 0;
191: if (deleting)
1.7 markus 192: delete_file(ac, argv[i]);
1.1 deraadt 193: else
1.7 markus 194: add_file(ac, argv[i]);
1.1 deraadt 195: }
196: if (no_files)
197: {
198: pw = getpwuid(getuid());
199: if (!pw)
200: {
201: fprintf(stderr, "No user found with uid %d\n", (int)getuid());
1.7 markus 202: ssh_close_authentication_connection(ac);
1.1 deraadt 203: exit(1);
204: }
1.4 deraadt 205: snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, SSH_CLIENT_IDENTITY);
1.1 deraadt 206: if (deleting)
1.7 markus 207: delete_file(ac, buf);
1.1 deraadt 208: else
1.7 markus 209: add_file(ac, buf);
1.1 deraadt 210: }
1.7 markus 211: ssh_close_authentication_connection(ac);
1.1 deraadt 212: exit(0);
213: }