Annotation of src/usr.bin/ssh/ssh-add.c, Revision 1.160
1.160 ! djm 1: /* $OpenBSD: ssh-add.c,v 1.159 2021/01/11 02:12:58 dtucker Exp $ */
1.1 deraadt 2: /*
1.13 deraadt 3: * Author: Tatu Ylonen <ylo@cs.hut.fi>
4: * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5: * All rights reserved
6: * Adds an identity to the authentication server, or removes an identity.
1.19 markus 7: *
1.22 deraadt 8: * As far as I am concerned, the code I have written for this software
9: * can be used freely for any purpose. Any derived versions of this
10: * software must be clearly marked as such, and if the derived work is
11: * incompatible with the protocol description in the RFC file, it must be
12: * called by a name other than "ssh" or "Secure Shell".
13: *
1.19 markus 14: * SSH2 implementation,
1.41 markus 15: * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
1.22 deraadt 16: *
17: * Redistribution and use in source and binary forms, with or without
18: * modification, are permitted provided that the following conditions
19: * are met:
20: * 1. Redistributions of source code must retain the above copyright
21: * notice, this list of conditions and the following disclaimer.
22: * 2. Redistributions in binary form must reproduce the above copyright
23: * notice, this list of conditions and the following disclaimer in the
24: * documentation and/or other materials provided with the distribution.
25: *
26: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
27: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
28: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
29: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
30: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
31: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1.13 deraadt 36: */
1.1 deraadt 37:
1.75 stevesk 38: #include <sys/types.h>
39: #include <sys/stat.h>
1.16 markus 40:
1.141 djm 41: #ifdef WITH_OPENSSL
1.19 markus 42: #include <openssl/evp.h>
1.141 djm 43: #endif
1.81 stevesk 44:
1.116 djm 45: #include <errno.h>
1.82 stevesk 46: #include <fcntl.h>
1.81 stevesk 47: #include <pwd.h>
1.88 stevesk 48: #include <stdio.h>
1.87 stevesk 49: #include <stdlib.h>
1.85 stevesk 50: #include <string.h>
1.146 naddy 51: #include <stdarg.h>
1.84 stevesk 52: #include <unistd.h>
1.117 deraadt 53: #include <limits.h>
1.1 deraadt 54:
1.89 deraadt 55: #include "xmalloc.h"
1.27 markus 56: #include "ssh.h"
57: #include "log.h"
1.116 djm 58: #include "sshkey.h"
59: #include "sshbuf.h"
1.18 markus 60: #include "authfd.h"
1.16 markus 61: #include "authfile.h"
1.25 markus 62: #include "pathnames.h"
1.57 stevesk 63: #include "misc.h"
1.110 djm 64: #include "ssherr.h"
1.115 djm 65: #include "digest.h"
1.148 djm 66: #include "ssh-sk.h"
1.157 djm 67: #include "sk-api.h"
1.1 deraadt 68:
1.45 jakob 69: /* argv0 */
70: extern char *__progname;
71:
1.48 djm 72: /* Default files to add */
73: static char *default_files[] = {
74: _PATH_SSH_CLIENT_ID_RSA,
75: _PATH_SSH_CLIENT_ID_DSA,
1.99 djm 76: _PATH_SSH_CLIENT_ID_ECDSA,
1.143 djm 77: _PATH_SSH_CLIENT_ID_ECDSA_SK,
1.107 pascal 78: _PATH_SSH_CLIENT_ID_ED25519,
1.144 markus 79: _PATH_SSH_CLIENT_ID_ED25519_SK,
1.135 markus 80: _PATH_SSH_CLIENT_ID_XMSS,
1.48 djm 81: NULL
82: };
83:
1.115 djm 84: static int fingerprint_hash = SSH_FP_HASH_DEFAULT;
85:
1.56 markus 86: /* Default lifetime (0 == forever) */
1.159 dtucker 87: static int lifetime = 0;
1.48 djm 88:
1.65 markus 89: /* User has to confirm key use */
90: static int confirm = 0;
91:
1.135 markus 92: /* Maximum number of signatures (XMSS) */
93: static u_int maxsign = 0;
94: static u_int minleft = 0;
95:
1.124 tim 96: /* we keep a cache of one passphrase */
1.33 markus 97: static char *pass = NULL;
1.39 itojun 98: static void
1.33 markus 99: clear_pass(void)
100: {
101: if (pass) {
1.154 jsg 102: freezero(pass, strlen(pass));
1.33 markus 103: pass = NULL;
104: }
105: }
106:
1.46 djm 107: static int
1.156 djm 108: delete_one(int agent_fd, const struct sshkey *key, const char *comment,
109: const char *path, int qflag)
110: {
111: int r;
112:
113: if ((r = ssh_remove_identity(agent_fd, key)) != 0) {
114: fprintf(stderr, "Could not remove identity \"%s\": %s\n",
115: path, ssh_err(r));
116: return r;
117: }
118: if (!qflag) {
119: fprintf(stderr, "Identity removed: %s %s (%s)\n", path,
120: sshkey_type(key), comment);
121: }
122: return 0;
123: }
124:
125: static int
126: delete_stdin(int agent_fd, int qflag)
127: {
128: char *line = NULL, *cp;
129: size_t linesize = 0;
130: struct sshkey *key = NULL;
131: int lnum = 0, r, ret = -1;
132:
133: while (getline(&line, &linesize, stdin) != -1) {
134: lnum++;
135: sshkey_free(key);
136: key = NULL;
137: line[strcspn(line, "\n")] = '\0';
138: cp = line + strspn(line, " \t");
139: if (*cp == '#' || *cp == '\0')
140: continue;
141: if ((key = sshkey_new(KEY_UNSPEC)) == NULL)
1.158 djm 142: fatal_f("sshkey_new");
1.156 djm 143: if ((r = sshkey_read(key, &cp)) != 0) {
1.158 djm 144: error_r(r, "(stdin):%d: invalid key", lnum);
1.156 djm 145: continue;
146: }
147: if (delete_one(agent_fd, key, cp, "(stdin)", qflag) == 0)
148: ret = 0;
149: }
150: sshkey_free(key);
151: free(line);
152: return ret;
153: }
154:
155: static int
1.134 dlg 156: delete_file(int agent_fd, const char *filename, int key_only, int qflag)
1.1 deraadt 157: {
1.116 djm 158: struct sshkey *public, *cert = NULL;
1.104 djm 159: char *certpath = NULL, *comment = NULL;
1.116 djm 160: int r, ret = -1;
1.1 deraadt 161:
1.156 djm 162: if (strcmp(filename, "-") == 0)
163: return delete_stdin(agent_fd, qflag);
164:
1.116 djm 165: if ((r = sshkey_load_public(filename, &public, &comment)) != 0) {
166: printf("Bad key file %s: %s\n", filename, ssh_err(r));
1.46 djm 167: return -1;
1.12 markus 168: }
1.156 djm 169: if (delete_one(agent_fd, public, comment, filename, qflag) == 0)
1.46 djm 170: ret = 0;
171:
1.104 djm 172: if (key_only)
173: goto out;
174:
175: /* Now try to delete the corresponding certificate too */
176: free(comment);
1.105 markus 177: comment = NULL;
1.104 djm 178: xasprintf(&certpath, "%s-cert.pub", filename);
1.120 halex 179: if ((r = sshkey_load_public(certpath, &cert, &comment)) != 0) {
180: if (r != SSH_ERR_SYSTEM_ERROR || errno != ENOENT)
1.158 djm 181: error_r(r, "Failed to load certificate \"%s\"", certpath);
1.104 djm 182: goto out;
1.120 halex 183: }
184:
1.116 djm 185: if (!sshkey_equal_public(cert, public))
1.104 djm 186: fatal("Certificate %s does not match private key %s",
187: certpath, filename);
188:
1.156 djm 189: if (delete_one(agent_fd, cert, comment, certpath, qflag) == 0)
1.104 djm 190: ret = 0;
191:
192: out:
1.127 mmcc 193: sshkey_free(cert);
194: sshkey_free(public);
1.104 djm 195: free(certpath);
196: free(comment);
1.47 deraadt 197:
1.46 djm 198: return ret;
1.1 deraadt 199: }
200:
1.19 markus 201: /* Send a request to remove all identities. */
1.46 djm 202: static int
1.136 djm 203: delete_all(int agent_fd, int qflag)
1.1 deraadt 204: {
1.46 djm 205: int ret = -1;
1.19 markus 206:
1.130 djm 207: /*
208: * Since the agent might be forwarded, old or non-OpenSSH, when asked
209: * to remove all keys, attempt to remove both protocol v.1 and v.2
210: * keys.
211: */
1.121 markus 212: if (ssh_remove_all_identities(agent_fd, 2) == 0)
1.46 djm 213: ret = 0;
1.121 markus 214: /* ignore error-code for ssh1 */
215: ssh_remove_all_identities(agent_fd, 1);
1.19 markus 216:
1.136 djm 217: if (ret != 0)
218: fprintf(stderr, "Failed to remove all identities.\n");
219: else if (!qflag)
1.12 markus 220: fprintf(stderr, "All identities removed.\n");
1.46 djm 221:
222: return ret;
1.1 deraadt 223: }
224:
1.46 djm 225: static int
1.143 djm 226: add_file(int agent_fd, const char *filename, int key_only, int qflag,
227: const char *skprovider)
1.1 deraadt 228: {
1.116 djm 229: struct sshkey *private, *cert;
1.36 markus 230: char *comment = NULL;
1.102 djm 231: char msg[1024], *certpath = NULL;
1.116 djm 232: int r, fd, ret = -1;
1.135 markus 233: size_t i;
234: u_int32_t left;
1.116 djm 235: struct sshbuf *keyblob;
1.135 markus 236: struct ssh_identitylist *idlist;
1.12 markus 237:
1.101 djm 238: if (strcmp(filename, "-") == 0) {
239: fd = STDIN_FILENO;
240: filename = "(stdin)";
1.140 deraadt 241: } else if ((fd = open(filename, O_RDONLY)) == -1) {
1.19 markus 242: perror(filename);
1.46 djm 243: return -1;
1.19 markus 244: }
1.76 dtucker 245:
246: /*
247: * Since we'll try to load a keyfile multiple times, permission errors
248: * will occur multiple times, so check perms first and bail if wrong.
249: */
1.101 djm 250: if (fd != STDIN_FILENO) {
1.116 djm 251: if (sshkey_perm_ok(fd, filename) != 0) {
1.101 djm 252: close(fd);
253: return -1;
254: }
255: }
1.151 djm 256: if ((r = sshbuf_load_fd(fd, &keyblob)) != 0) {
1.116 djm 257: fprintf(stderr, "Error loading key \"%s\": %s\n",
258: filename, ssh_err(r));
259: sshbuf_free(keyblob);
1.101 djm 260: close(fd);
261: return -1;
262: }
1.76 dtucker 263: close(fd);
264:
1.12 markus 265: /* At first, try empty passphrase */
1.125 tim 266: if ((r = sshkey_parse_private_fileblob(keyblob, "", &private,
267: &comment)) != 0 && r != SSH_ERR_KEY_WRONG_PASSPHRASE) {
1.116 djm 268: fprintf(stderr, "Error loading key \"%s\": %s\n",
269: filename, ssh_err(r));
270: goto fail_load;
271: }
1.33 markus 272: /* try last */
1.110 djm 273: if (private == NULL && pass != NULL) {
1.125 tim 274: if ((r = sshkey_parse_private_fileblob(keyblob, pass, &private,
275: &comment)) != 0 && r != SSH_ERR_KEY_WRONG_PASSPHRASE) {
1.116 djm 276: fprintf(stderr, "Error loading key \"%s\": %s\n",
277: filename, ssh_err(r));
278: goto fail_load;
279: }
1.110 djm 280: }
1.31 markus 281: if (private == NULL) {
1.33 markus 282: /* clear passphrase since it did not work */
283: clear_pass();
1.124 tim 284: snprintf(msg, sizeof msg, "Enter passphrase for %s%s: ",
285: filename, confirm ? " (will confirm each use)" : "");
1.12 markus 286: for (;;) {
1.40 markus 287: pass = read_passphrase(msg, RP_ALLOW_STDIN);
1.116 djm 288: if (strcmp(pass, "") == 0)
289: goto fail_load;
290: if ((r = sshkey_parse_private_fileblob(keyblob, pass,
1.125 tim 291: &private, &comment)) == 0)
1.116 djm 292: break;
293: else if (r != SSH_ERR_KEY_WRONG_PASSPHRASE) {
294: fprintf(stderr,
295: "Error loading key \"%s\": %s\n",
296: filename, ssh_err(r));
297: fail_load:
1.35 markus 298: clear_pass();
1.116 djm 299: sshbuf_free(keyblob);
1.46 djm 300: return -1;
1.12 markus 301: }
1.33 markus 302: clear_pass();
1.68 markus 303: snprintf(msg, sizeof msg,
1.124 tim 304: "Bad passphrase, try again for %s%s: ", filename,
1.119 halex 305: confirm ? " (will confirm each use)" : "");
1.12 markus 306: }
307: }
1.124 tim 308: if (comment == NULL || *comment == '\0')
309: comment = xstrdup(filename);
1.116 djm 310: sshbuf_free(keyblob);
1.60 markus 311:
1.135 markus 312: /* For XMSS */
313: if ((r = sshkey_set_filename(private, filename)) != 0) {
314: fprintf(stderr, "Could not add filename to private key: %s (%s)\n",
315: filename, comment);
316: goto out;
317: }
318: if (maxsign && minleft &&
319: (r = ssh_fetch_identitylist(agent_fd, &idlist)) == 0) {
320: for (i = 0; i < idlist->nkeys; i++) {
321: if (!sshkey_equal_public(idlist->keys[i], private))
322: continue;
323: left = sshkey_signatures_left(idlist->keys[i]);
324: if (left < minleft) {
325: fprintf(stderr,
326: "Only %d signatures left.\n", left);
327: break;
328: }
329: fprintf(stderr, "Skipping update: ");
330: if (left == minleft) {
331: fprintf(stderr,
1.160 ! djm 332: "required signatures left (%d).\n", left);
1.135 markus 333: } else {
334: fprintf(stderr,
1.160 ! djm 335: "more signatures left (%d) than"
1.135 markus 336: " required (%d).\n", left, minleft);
337: }
338: ssh_free_identitylist(idlist);
339: goto out;
340: }
341: ssh_free_identitylist(idlist);
342: }
343:
1.157 djm 344: if (sshkey_is_sk(private)) {
345: if (skprovider == NULL) {
346: fprintf(stderr, "Cannot load FIDO key %s "
347: "without provider\n", filename);
348: goto out;
349: }
350: if ((private->sk_flags & SSH_SK_USER_VERIFICATION_REQD) != 0) {
351: fprintf(stderr, "FIDO verify-required key %s is not "
352: "currently supported by ssh-agent\n", filename);
353: goto out;
354: }
355: } else {
356: /* Don't send provider constraint for other keys */
357: skprovider = NULL;
1.143 djm 358: }
359:
1.116 djm 360: if ((r = ssh_add_identity_constrained(agent_fd, private, comment,
1.143 djm 361: lifetime, confirm, maxsign, skprovider)) == 0) {
1.60 markus 362: ret = 0;
1.136 djm 363: if (!qflag) {
364: fprintf(stderr, "Identity added: %s (%s)\n",
365: filename, comment);
366: if (lifetime != 0) {
367: fprintf(stderr,
1.159 dtucker 368: "Lifetime set to %d seconds\n", lifetime);
1.136 djm 369: }
370: if (confirm != 0) {
371: fprintf(stderr, "The user must confirm "
372: "each use of the key\n");
373: }
374: }
1.60 markus 375: } else {
1.116 djm 376: fprintf(stderr, "Could not add identity \"%s\": %s\n",
377: filename, ssh_err(r));
1.56 markus 378: }
379:
1.102 djm 380: /* Skip trying to load the cert if requested */
381: if (key_only)
382: goto out;
1.93 djm 383:
384: /* Now try to add the certificate flavour too */
385: xasprintf(&certpath, "%s-cert.pub", filename);
1.116 djm 386: if ((r = sshkey_load_public(certpath, &cert, NULL)) != 0) {
387: if (r != SSH_ERR_SYSTEM_ERROR || errno != ENOENT)
1.158 djm 388: error_r(r, "Failed to load certificate \"%s\"", certpath);
1.96 djm 389: goto out;
1.116 djm 390: }
1.96 djm 391:
1.116 djm 392: if (!sshkey_equal_public(cert, private)) {
1.96 djm 393: error("Certificate %s does not match private key %s",
394: certpath, filename);
1.116 djm 395: sshkey_free(cert);
1.96 djm 396: goto out;
397: }
1.93 djm 398:
1.96 djm 399: /* Graft with private bits */
1.123 djm 400: if ((r = sshkey_to_certified(private)) != 0) {
1.158 djm 401: error_fr(r, "sshkey_to_certified");
1.116 djm 402: sshkey_free(cert);
403: goto out;
404: }
405: if ((r = sshkey_cert_copy(cert, private)) != 0) {
1.158 djm 406: error_fr(r, "sshkey_cert_copy");
1.116 djm 407: sshkey_free(cert);
1.96 djm 408: goto out;
1.94 otto 409: }
1.116 djm 410: sshkey_free(cert);
1.93 djm 411:
1.116 djm 412: if ((r = ssh_add_identity_constrained(agent_fd, private, comment,
1.143 djm 413: lifetime, confirm, maxsign, skprovider)) != 0) {
1.158 djm 414: error_r(r, "Certificate %s (%s) add failed", certpath,
415: private->cert->key_id);
1.116 djm 416: goto out;
1.96 djm 417: }
1.136 djm 418: /* success */
419: if (!qflag) {
420: fprintf(stderr, "Certificate added: %s (%s)\n", certpath,
421: private->cert->key_id);
422: if (lifetime != 0) {
1.159 dtucker 423: fprintf(stderr, "Lifetime set to %d seconds\n",
1.136 djm 424: lifetime);
425: }
426: if (confirm != 0) {
427: fprintf(stderr, "The user must confirm each use "
428: "of the key\n");
429: }
430: }
431:
1.96 djm 432: out:
1.116 djm 433: free(certpath);
1.106 djm 434: free(comment);
1.116 djm 435: sshkey_free(private);
1.47 deraadt 436:
1.46 djm 437: return ret;
1.1 deraadt 438: }
439:
1.46 djm 440: static int
1.136 djm 441: update_card(int agent_fd, int add, const char *id, int qflag)
1.42 markus 442: {
1.108 djm 443: char *pin = NULL;
1.116 djm 444: int r, ret = -1;
1.53 rees 445:
1.108 djm 446: if (add) {
447: if ((pin = read_passphrase("Enter passphrase for PKCS#11: ",
448: RP_ALLOW_STDIN)) == NULL)
449: return -1;
450: }
1.53 rees 451:
1.116 djm 452: if ((r = ssh_update_card(agent_fd, add, id, pin == NULL ? "" : pin,
453: lifetime, confirm)) == 0) {
1.66 markus 454: ret = 0;
1.136 djm 455: if (!qflag) {
456: fprintf(stderr, "Card %s: %s\n",
457: add ? "added" : "removed", id);
458: }
1.46 djm 459: } else {
1.116 djm 460: fprintf(stderr, "Could not %s card \"%s\": %s\n",
461: add ? "add" : "remove", id, ssh_err(r));
1.66 markus 462: ret = -1;
1.46 djm 463: }
1.106 djm 464: free(pin);
1.66 markus 465: return ret;
1.42 markus 466: }
467:
1.50 markus 468: static int
1.137 djm 469: test_key(int agent_fd, const char *filename)
470: {
471: struct sshkey *key = NULL;
472: u_char *sig = NULL;
473: size_t slen = 0;
474: int r, ret = -1;
475: char data[1024];
476:
477: if ((r = sshkey_load_public(filename, &key, NULL)) != 0) {
1.158 djm 478: error_r(r, "Couldn't read public key %s", filename);
1.137 djm 479: return -1;
480: }
481: arc4random_buf(data, sizeof(data));
482: if ((r = ssh_agent_sign(agent_fd, key, &sig, &slen, data, sizeof(data),
483: NULL, 0)) != 0) {
1.158 djm 484: error_r(r, "Agent signature failed for %s", filename);
1.137 djm 485: goto done;
486: }
487: if ((r = sshkey_verify(key, sig, slen, data, sizeof(data),
1.147 djm 488: NULL, 0, NULL)) != 0) {
1.158 djm 489: error_r(r, "Signature verification failed for %s", filename);
1.137 djm 490: goto done;
491: }
492: /* success */
493: ret = 0;
494: done:
495: free(sig);
496: sshkey_free(key);
497: return ret;
498: }
499:
500: static int
1.116 djm 501: list_identities(int agent_fd, int do_fp)
1.1 deraadt 502: {
1.116 djm 503: char *fp;
1.131 naddy 504: int r;
1.116 djm 505: struct ssh_identitylist *idlist;
1.135 markus 506: u_int32_t left;
1.116 djm 507: size_t i;
1.12 markus 508:
1.131 naddy 509: if ((r = ssh_fetch_identitylist(agent_fd, &idlist)) != 0) {
510: if (r != SSH_ERR_AGENT_NO_IDENTITIES)
511: fprintf(stderr, "error fetching identities: %s\n",
512: ssh_err(r));
513: else
514: printf("The agent has no identities.\n");
515: return -1;
516: }
517: for (i = 0; i < idlist->nkeys; i++) {
518: if (do_fp) {
519: fp = sshkey_fingerprint(idlist->keys[i],
520: fingerprint_hash, SSH_FP_DEFAULT);
521: printf("%u %s %s (%s)\n", sshkey_size(idlist->keys[i]),
522: fp == NULL ? "(null)" : fp, idlist->comments[i],
523: sshkey_type(idlist->keys[i]));
524: free(fp);
525: } else {
526: if ((r = sshkey_write(idlist->keys[i], stdout)) != 0) {
527: fprintf(stderr, "sshkey_write: %s\n",
528: ssh_err(r));
529: continue;
1.12 markus 530: }
1.135 markus 531: fprintf(stdout, " %s", idlist->comments[i]);
532: left = sshkey_signatures_left(idlist->keys[i]);
533: if (left > 0)
534: fprintf(stdout,
535: " [signatures left %d]", left);
536: fprintf(stdout, "\n");
1.12 markus 537: }
1.50 markus 538: }
1.131 naddy 539: ssh_free_identitylist(idlist);
1.50 markus 540: return 0;
1.1 deraadt 541: }
542:
1.48 djm 543: static int
1.116 djm 544: lock_agent(int agent_fd, int lock)
1.54 markus 545: {
546: char prompt[100], *p1, *p2;
1.116 djm 547: int r, passok = 1, ret = -1;
1.61 deraadt 548:
1.54 markus 549: strlcpy(prompt, "Enter lock password: ", sizeof(prompt));
550: p1 = read_passphrase(prompt, RP_ALLOW_STDIN);
551: if (lock) {
552: strlcpy(prompt, "Again: ", sizeof prompt);
553: p2 = read_passphrase(prompt, RP_ALLOW_STDIN);
554: if (strcmp(p1, p2) != 0) {
555: fprintf(stderr, "Passwords do not match.\n");
556: passok = 0;
557: }
1.154 jsg 558: freezero(p2, strlen(p2));
1.54 markus 559: }
1.116 djm 560: if (passok) {
561: if ((r = ssh_lock_agent(agent_fd, lock, p1)) == 0) {
562: fprintf(stderr, "Agent %slocked.\n", lock ? "" : "un");
563: ret = 0;
564: } else {
565: fprintf(stderr, "Failed to %slock agent: %s\n",
566: lock ? "" : "un", ssh_err(r));
567: }
568: }
1.154 jsg 569: freezero(p1, strlen(p1));
1.62 markus 570: return (ret);
1.54 markus 571: }
572:
573: static int
1.148 djm 574: load_resident_keys(int agent_fd, const char *skprovider, int qflag)
575: {
576: struct sshkey **keys;
577: size_t nkeys, i;
578: int r, ok = 0;
579: char *fp;
580:
1.152 naddy 581: pass = read_passphrase("Enter PIN for authenticator: ", RP_ALLOW_STDIN);
1.149 djm 582: if ((r = sshsk_load_resident(skprovider, NULL, pass,
583: &keys, &nkeys)) != 0) {
1.158 djm 584: error_r(r, "Unable to load resident keys");
1.148 djm 585: return r;
586: }
587: for (i = 0; i < nkeys; i++) {
588: if ((fp = sshkey_fingerprint(keys[i],
589: fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
1.158 djm 590: fatal_f("sshkey_fingerprint failed");
1.148 djm 591: if ((r = ssh_add_identity_constrained(agent_fd, keys[i], "",
592: lifetime, confirm, maxsign, skprovider)) != 0) {
593: error("Unable to add key %s %s",
594: sshkey_type(keys[i]), fp);
595: free(fp);
596: ok = r;
597: continue;
598: }
599: if (ok == 0)
600: ok = 1;
601: if (!qflag) {
602: fprintf(stderr, "Resident identity added: %s %s\n",
603: sshkey_type(keys[i]), fp);
604: if (lifetime != 0) {
605: fprintf(stderr,
1.159 dtucker 606: "Lifetime set to %d seconds\n", lifetime);
1.148 djm 607: }
608: if (confirm != 0) {
609: fprintf(stderr, "The user must confirm "
610: "each use of the key\n");
611: }
612: }
613: free(fp);
614: sshkey_free(keys[i]);
615: }
616: free(keys);
617: if (nkeys == 0)
618: return SSH_ERR_KEY_NOT_FOUND;
619: return ok == 1 ? 0 : ok;
620: }
621:
622: static int
1.143 djm 623: do_file(int agent_fd, int deleting, int key_only, char *file, int qflag,
624: const char *skprovider)
1.48 djm 625: {
626: if (deleting) {
1.134 dlg 627: if (delete_file(agent_fd, file, key_only, qflag) == -1)
1.48 djm 628: return -1;
629: } else {
1.143 djm 630: if (add_file(agent_fd, file, key_only, qflag, skprovider) == -1)
1.48 djm 631: return -1;
632: }
633: return 0;
634: }
635:
1.42 markus 636: static void
637: usage(void)
638: {
1.150 naddy 639: fprintf(stderr,
640: "usage: ssh-add [-cDdKkLlqvXx] [-E fingerprint_hash] [-S provider] [-t life]\n"
641: #ifdef WITH_XMSS
642: " [-M maxsign] [-m minleft]\n"
643: #endif
644: " [file ...]\n"
645: " ssh-add -s pkcs11\n"
646: " ssh-add -e pkcs11\n"
647: " ssh-add -T pubkey ...\n"
648: );
1.42 markus 649: }
650:
1.2 provos 651: int
1.7 markus 652: main(int argc, char **argv)
1.1 deraadt 653: {
1.43 markus 654: extern char *optarg;
655: extern int optind;
1.116 djm 656: int agent_fd;
1.143 djm 657: char *pkcs11provider = NULL, *skprovider = NULL;
1.148 djm 658: int r, i, ch, deleting = 0, ret = 0, key_only = 0, do_download = 0;
1.137 djm 659: int xflag = 0, lflag = 0, Dflag = 0, qflag = 0, Tflag = 0;
1.138 djm 660: SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;
661: LogLevel log_level = SYSLOG_LEVEL_INFO;
1.73 djm 662:
663: /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
664: sanitise_stdfd();
1.12 markus 665:
1.141 djm 666: #ifdef WITH_OPENSSL
1.100 djm 667: OpenSSL_add_all_algorithms();
1.141 djm 668: #endif
1.138 djm 669: log_init(__progname, log_level, log_facility, 1);
670:
1.114 millert 671: setvbuf(stdout, NULL, _IOLBF, 0);
1.19 markus 672:
1.116 djm 673: /* First, get a connection to the authentication agent. */
674: switch (r = ssh_get_authentication_socket(&agent_fd)) {
675: case 0:
676: break;
677: case SSH_ERR_AGENT_NOT_PRESENT:
678: fprintf(stderr, "Could not open a connection to your "
679: "authentication agent.\n");
680: exit(2);
681: default:
682: fprintf(stderr, "Error connecting to agent: %s\n", ssh_err(r));
1.50 markus 683: exit(2);
1.12 markus 684: }
1.116 djm 685:
1.143 djm 686: skprovider = getenv("SSH_SK_PROVIDER");
687:
1.150 naddy 688: while ((ch = getopt(argc, argv, "vkKlLcdDTxXE:e:M:m:qs:S:t:")) != -1) {
1.43 markus 689: switch (ch) {
1.138 djm 690: case 'v':
691: if (log_level == SYSLOG_LEVEL_INFO)
692: log_level = SYSLOG_LEVEL_DEBUG1;
693: else if (log_level < SYSLOG_LEVEL_DEBUG3)
694: log_level++;
695: break;
1.115 djm 696: case 'E':
697: fingerprint_hash = ssh_digest_alg_by_name(optarg);
698: if (fingerprint_hash == -1)
699: fatal("Invalid hash algorithm \"%s\"", optarg);
700: break;
1.102 djm 701: case 'k':
702: key_only = 1;
703: break;
1.150 naddy 704: case 'K':
705: do_download = 1;
706: break;
1.43 markus 707: case 'l':
708: case 'L':
1.115 djm 709: if (lflag != 0)
710: fatal("-%c flag already specified", lflag);
711: lflag = ch;
1.148 djm 712: break;
1.54 markus 713: case 'x':
714: case 'X':
1.115 djm 715: if (xflag != 0)
716: fatal("-%c flag already specified", xflag);
717: xflag = ch;
718: break;
1.65 markus 719: case 'c':
720: confirm = 1;
1.135 markus 721: break;
722: case 'm':
723: minleft = (int)strtonum(optarg, 1, UINT_MAX, NULL);
724: if (minleft == 0) {
725: usage();
726: ret = 1;
727: goto done;
728: }
729: break;
730: case 'M':
731: maxsign = (int)strtonum(optarg, 1, UINT_MAX, NULL);
732: if (maxsign == 0) {
733: usage();
734: ret = 1;
735: goto done;
736: }
1.43 markus 737: break;
738: case 'd':
1.12 markus 739: deleting = 1;
1.43 markus 740: break;
741: case 'D':
1.115 djm 742: Dflag = 1;
743: break;
1.43 markus 744: case 's':
1.92 markus 745: pkcs11provider = optarg;
1.43 markus 746: break;
1.143 djm 747: case 'S':
748: skprovider = optarg;
749: break;
1.43 markus 750: case 'e':
1.47 deraadt 751: deleting = 1;
1.92 markus 752: pkcs11provider = optarg;
1.56 markus 753: break;
754: case 't':
1.153 dtucker 755: if ((lifetime = convtime(optarg)) == -1 ||
1.155 dtucker 756: lifetime < 0 || (u_long)lifetime > UINT32_MAX) {
1.57 stevesk 757: fprintf(stderr, "Invalid lifetime\n");
758: ret = 1;
759: goto done;
760: }
1.43 markus 761: break;
1.134 dlg 762: case 'q':
763: qflag = 1;
764: break;
1.137 djm 765: case 'T':
766: Tflag = 1;
767: break;
1.43 markus 768: default:
769: usage();
1.46 djm 770: ret = 1;
771: goto done;
1.42 markus 772: }
773: }
1.138 djm 774: log_init(__progname, log_level, log_facility, 1);
1.115 djm 775:
776: if ((xflag != 0) + (lflag != 0) + (Dflag != 0) > 1)
777: fatal("Invalid combination of actions");
778: else if (xflag) {
1.116 djm 779: if (lock_agent(agent_fd, xflag == 'x' ? 1 : 0) == -1)
1.115 djm 780: ret = 1;
781: goto done;
782: } else if (lflag) {
1.116 djm 783: if (list_identities(agent_fd, lflag == 'l' ? 1 : 0) == -1)
1.115 djm 784: ret = 1;
785: goto done;
786: } else if (Dflag) {
1.136 djm 787: if (delete_all(agent_fd, qflag) == -1)
1.115 djm 788: ret = 1;
789: goto done;
790: }
1.145 djm 791:
792: if (skprovider == NULL)
793: skprovider = "internal";
1.115 djm 794:
1.43 markus 795: argc -= optind;
796: argv += optind;
1.137 djm 797: if (Tflag) {
798: if (argc <= 0)
799: fatal("no keys to test");
800: for (r = i = 0; i < argc; i++)
801: r |= test_key(agent_fd, argv[i]);
802: ret = r == 0 ? 0 : 1;
803: goto done;
804: }
1.92 markus 805: if (pkcs11provider != NULL) {
1.136 djm 806: if (update_card(agent_fd, !deleting, pkcs11provider,
807: qflag) == -1)
1.46 djm 808: ret = 1;
1.43 markus 809: goto done;
1.12 markus 810: }
1.148 djm 811: if (do_download) {
812: if (skprovider == NULL)
813: fatal("Cannot download keys without provider");
814: if (load_resident_keys(agent_fd, skprovider, qflag) != 0)
815: ret = 1;
816: goto done;
817: }
1.43 markus 818: if (argc == 0) {
1.117 deraadt 819: char buf[PATH_MAX];
1.48 djm 820: struct passwd *pw;
1.52 markus 821: struct stat st;
822: int count = 0;
1.48 djm 823:
824: if ((pw = getpwuid(getuid())) == NULL) {
1.20 deraadt 825: fprintf(stderr, "No user found with uid %u\n",
826: (u_int)getuid());
1.46 djm 827: ret = 1;
828: goto done;
1.12 markus 829: }
1.48 djm 830:
1.71 deraadt 831: for (i = 0; default_files[i]; i++) {
1.51 markus 832: snprintf(buf, sizeof(buf), "%s/%s", pw->pw_dir,
1.48 djm 833: default_files[i]);
1.140 deraadt 834: if (stat(buf, &st) == -1)
1.52 markus 835: continue;
1.134 dlg 836: if (do_file(agent_fd, deleting, key_only, buf,
1.143 djm 837: qflag, skprovider) == -1)
1.46 djm 838: ret = 1;
1.52 markus 839: else
840: count++;
1.46 djm 841: }
1.52 markus 842: if (count == 0)
843: ret = 1;
1.43 markus 844: } else {
1.71 deraadt 845: for (i = 0; i < argc; i++) {
1.116 djm 846: if (do_file(agent_fd, deleting, key_only,
1.143 djm 847: argv[i], qflag, skprovider) == -1)
1.48 djm 848: ret = 1;
1.43 markus 849: }
1.12 markus 850: }
1.148 djm 851: done:
1.33 markus 852: clear_pass();
1.116 djm 853: ssh_close_authentication_socket(agent_fd);
1.46 djm 854: return ret;
1.1 deraadt 855: }