Annotation of src/usr.bin/ssh/ssh-add.c, Revision 1.13
1.1 deraadt 1: /*
1.13 ! deraadt 2: * Author: Tatu Ylonen <ylo@cs.hut.fi>
! 3: * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
! 4: * All rights reserved
! 5: * Created: Thu Apr 6 00:52:24 1995 ylo
! 6: * Adds an identity to the authentication server, or removes an identity.
! 7: */
1.1 deraadt 8:
9: #include "includes.h"
1.13 ! deraadt 10: RCSID("$Id: ssh-add.c,v 1.12 1999/11/23 22:25:55 markus Exp $");
1.1 deraadt 11:
12: #include "rsa.h"
13: #include "ssh.h"
14: #include "xmalloc.h"
15: #include "authfd.h"
1.11 markus 16: #include "fingerprint.h"
1.1 deraadt 17:
1.2 provos 18: void
1.7 markus 19: delete_file(AuthenticationConnection *ac, const char *filename)
1.1 deraadt 20: {
1.12 markus 21: RSA *key;
22: char *comment;
1.1 deraadt 23:
1.12 markus 24: key = RSA_new();
25: if (!load_public_key(filename, key, &comment)) {
26: printf("Bad key file %s: %s\n", filename, strerror(errno));
27: return;
28: }
29: if (ssh_remove_identity(ac, key))
30: fprintf(stderr, "Identity removed: %s (%s)\n", filename, comment);
31: else
32: fprintf(stderr, "Could not remove identity: %s\n", filename);
33: RSA_free(key);
34: xfree(comment);
1.1 deraadt 35: }
36:
1.2 provos 37: void
1.7 markus 38: delete_all(AuthenticationConnection *ac)
1.1 deraadt 39: {
1.12 markus 40: /* Send a request to remove all identities. */
41: if (ssh_remove_all_identities(ac))
42: fprintf(stderr, "All identities removed.\n");
43: else
44: fprintf(stderr, "Failed to remove all identitities.\n");
1.1 deraadt 45: }
46:
1.2 provos 47: void
1.7 markus 48: add_file(AuthenticationConnection *ac, const char *filename)
1.1 deraadt 49: {
1.12 markus 50: RSA *key;
51: RSA *public_key;
52: char *saved_comment, *comment;
53: int success;
54:
55: key = RSA_new();
56: public_key = RSA_new();
57: if (!load_public_key(filename, public_key, &saved_comment)) {
58: printf("Bad key file %s: %s\n", filename, strerror(errno));
59: return;
60: }
61: RSA_free(public_key);
62:
63: /* At first, try empty passphrase */
64: success = load_private_key(filename, "", key, &comment);
65: if (!success) {
66: printf("Need passphrase for %s (%s).\n", filename, saved_comment);
67: if (!isatty(STDIN_FILENO)) {
68: xfree(saved_comment);
69: return;
70: }
71: for (;;) {
72: char *pass = read_passphrase("Enter passphrase: ", 1);
73: if (strcmp(pass, "") == 0) {
74: xfree(pass);
75: xfree(saved_comment);
76: return;
77: }
78: success = load_private_key(filename, pass, key, &comment);
79: memset(pass, 0, strlen(pass));
80: xfree(pass);
81: if (success)
82: break;
83: printf("Bad passphrase.\n");
84: }
85: }
86: xfree(saved_comment);
87:
88: if (ssh_add_identity(ac, key, comment))
89: fprintf(stderr, "Identity added: %s (%s)\n", filename, comment);
90: else
91: fprintf(stderr, "Could not add identity: %s\n", filename);
92: RSA_free(key);
93: xfree(comment);
1.1 deraadt 94: }
95:
1.2 provos 96: void
1.11 markus 97: list_identities(AuthenticationConnection *ac, int fp)
1.1 deraadt 98: {
1.12 markus 99: BIGNUM *e, *n;
100: int status;
101: char *comment;
102: int had_identities;
103:
104: e = BN_new();
105: n = BN_new();
106: had_identities = 0;
107: for (status = ssh_get_first_identity(ac, e, n, &comment);
108: status;
109: status = ssh_get_next_identity(ac, e, n, &comment)) {
110: unsigned int bits = BN_num_bits(n);
111: had_identities = 1;
112: if (fp) {
113: printf("%d %s %s\n", bits, fingerprint(e, n), comment);
114: } else {
115: char *ebuf, *nbuf;
116: ebuf = BN_bn2dec(e);
117: if (ebuf == NULL) {
118: error("list_identities: BN_bn2dec(e) failed.");
119: } else {
120: nbuf = BN_bn2dec(n);
121: if (nbuf == NULL) {
122: error("list_identities: BN_bn2dec(n) failed.");
123: } else {
124: printf("%d %s %s %s\n", bits, ebuf, nbuf, comment);
125: free(nbuf);
126: }
127: free(ebuf);
128: }
129: }
130: xfree(comment);
131: }
132: BN_clear_free(e);
133: BN_clear_free(n);
134: if (!had_identities)
135: printf("The agent has no identities.\n");
1.1 deraadt 136: }
137:
1.2 provos 138: int
1.7 markus 139: main(int argc, char **argv)
1.1 deraadt 140: {
1.12 markus 141: AuthenticationConnection *ac = NULL;
142: struct passwd *pw;
143: char buf[1024];
144: int no_files = 1;
145: int i;
146: int deleting = 0;
147:
148: /* check if RSA support exists */
149: if (rsa_alive() == 0) {
150: extern char *__progname;
151:
152: fprintf(stderr,
153: "%s: no RSA support in libssl and libcrypto. See ssl(8).\n",
154: __progname);
155: exit(1);
156: }
157: /* At first, get a connection to the authentication agent. */
158: ac = ssh_get_authentication_connection();
159: if (ac == NULL) {
160: fprintf(stderr, "Could not open a connection to your authentication agent.\n");
161: exit(1);
162: }
163: for (i = 1; i < argc; i++) {
164: if ((strcmp(argv[i], "-l") == 0) ||
165: (strcmp(argv[i], "-L") == 0)) {
166: list_identities(ac, argv[i][1] == 'l' ? 1 : 0);
167: /* Don't default-add/delete if -l. */
168: no_files = 0;
169: continue;
170: }
171: if (strcmp(argv[i], "-d") == 0) {
172: deleting = 1;
173: continue;
174: }
175: if (strcmp(argv[i], "-D") == 0) {
176: delete_all(ac);
177: no_files = 0;
178: continue;
179: }
180: no_files = 0;
181: if (deleting)
182: delete_file(ac, argv[i]);
183: else
184: add_file(ac, argv[i]);
185: }
186: if (no_files) {
187: pw = getpwuid(getuid());
188: if (!pw) {
189: fprintf(stderr, "No user found with uid %d\n", (int) getuid());
190: ssh_close_authentication_connection(ac);
191: exit(1);
192: }
193: snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, SSH_CLIENT_IDENTITY);
194: if (deleting)
195: delete_file(ac, buf);
196: else
197: add_file(ac, buf);
198: }
199: ssh_close_authentication_connection(ac);
200: exit(0);
1.1 deraadt 201: }