Annotation of src/usr.bin/ssh/ssh-add.c, Revision 1.3
1.1 deraadt 1: /*
2:
3: ssh-add.c
4:
5: Author: Tatu Ylonen <ylo@cs.hut.fi>
6:
7: Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
8: All rights reserved
9:
10: Created: Thu Apr 6 00:52:24 1995 ylo
11:
12: Adds an identity to the authentication server, or removes an identity.
13:
14: */
15:
16: #include "includes.h"
1.3 ! deraadt 17: RCSID("$Id: ssh-add.c,v 1.2 1999/09/28 04:45:37 provos Exp $");
1.1 deraadt 18:
19: #include "rsa.h"
20: #include "ssh.h"
21: #include "xmalloc.h"
22: #include "authfd.h"
23:
1.2 provos 24: void
25: delete_file(const char *filename)
1.1 deraadt 26: {
1.2 provos 27: RSA *key;
1.1 deraadt 28: char *comment;
29: AuthenticationConnection *ac;
30:
1.2 provos 31: key = RSA_new();
32: if (!load_public_key(filename, key, &comment))
1.1 deraadt 33: {
34: printf("Bad key file %s: %s\n", filename, strerror(errno));
35: return;
36: }
37:
38: /* Send the request to the authentication agent. */
39: ac = ssh_get_authentication_connection();
40: if (!ac)
41: {
42: fprintf(stderr,
43: "Could not open a connection to your authentication agent.\n");
1.2 provos 44: RSA_free(key);
1.1 deraadt 45: xfree(comment);
46: return;
47: }
1.2 provos 48: if (ssh_remove_identity(ac, key))
1.1 deraadt 49: fprintf(stderr, "Identity removed: %s (%s)\n", filename, comment);
50: else
51: fprintf(stderr, "Could not remove identity: %s\n", filename);
1.2 provos 52: RSA_free(key);
1.1 deraadt 53: xfree(comment);
54: ssh_close_authentication_connection(ac);
55: }
56:
1.2 provos 57: void
58: delete_all()
1.1 deraadt 59: {
60: AuthenticationConnection *ac;
61:
62: /* Get a connection to the agent. */
63: ac = ssh_get_authentication_connection();
64: if (!ac)
65: {
66: fprintf(stderr,
67: "Could not open a connection to your authentication agent.\n");
68: return;
69: }
70:
71: /* Send a request to remove all identities. */
72: if (ssh_remove_all_identities(ac))
73: fprintf(stderr, "All identities removed.\n");
74: else
75: fprintf(stderr, "Failed to remove all identitities.\n");
76:
77: /* Close the connection to the agent. */
78: ssh_close_authentication_connection(ac);
79: }
80:
1.2 provos 81: void
82: add_file(const char *filename)
1.1 deraadt 83: {
1.2 provos 84: RSA *key;
85: RSA *public_key;
1.1 deraadt 86: AuthenticationConnection *ac;
87: char *saved_comment, *comment, *pass;
88: int first;
89:
1.2 provos 90: key = RSA_new();
91: public_key = RSA_new();
92: if (!load_public_key(filename, public_key, &saved_comment))
1.1 deraadt 93: {
94: printf("Bad key file %s: %s\n", filename, strerror(errno));
95: return;
96: }
1.2 provos 97: RSA_free(public_key);
1.1 deraadt 98:
99: pass = xstrdup("");
100: first = 1;
1.2 provos 101: while (!load_private_key(filename, pass, key, &comment))
1.1 deraadt 102: {
103: char buf[1024];
104: FILE *f;
105:
106: /* Free the old passphrase. */
107: memset(pass, 0, strlen(pass));
108: xfree(pass);
109:
110: /* Ask for a passphrase. */
111: if (getenv("DISPLAY") && !isatty(fileno(stdin)))
112: {
113: sprintf(buf, "ssh-askpass '%sEnter passphrase for %.100s'",
114: first ? "" : "You entered wrong passphrase. ",
115: saved_comment);
116: f = popen(buf, "r");
117: if (!fgets(buf, sizeof(buf), f))
118: {
119: pclose(f);
120: xfree(saved_comment);
121: return;
122: }
123: pclose(f);
124: if (strchr(buf, '\n'))
125: *strchr(buf, '\n') = 0;
126: pass = xstrdup(buf);
127: }
128: else
129: {
130: if (first)
131: printf("Need passphrase for %s (%s).\n", filename, saved_comment);
132: else
133: printf("Bad passphrase.\n");
134: pass = read_passphrase("Enter passphrase: ", 1);
135: if (strcmp(pass, "") == 0)
136: {
137: xfree(saved_comment);
138: xfree(pass);
139: return;
140: }
141: }
142: first = 0;
143: }
144: memset(pass, 0, strlen(pass));
145: xfree(pass);
146:
147: xfree(saved_comment);
148:
149: /* Send the key to the authentication agent. */
150: ac = ssh_get_authentication_connection();
151: if (!ac)
152: {
153: fprintf(stderr,
154: "Could not open a connection to your authentication agent.\n");
1.2 provos 155: RSA_free(key);
1.1 deraadt 156: xfree(comment);
157: return;
158: }
1.2 provos 159: if (ssh_add_identity(ac, key, comment))
1.1 deraadt 160: fprintf(stderr, "Identity added: %s (%s)\n", filename, comment);
161: else
162: fprintf(stderr, "Could not add identity: %s\n", filename);
1.2 provos 163: RSA_free(key);
1.1 deraadt 164: xfree(comment);
165: ssh_close_authentication_connection(ac);
166: }
167:
1.2 provos 168: void
169: list_identities()
1.1 deraadt 170: {
171: AuthenticationConnection *ac;
1.2 provos 172: BIGNUM *e, *n;
1.1 deraadt 173: int bits, status;
174: char *comment;
175: int had_identities;
176:
177: ac = ssh_get_authentication_connection();
178: if (!ac)
179: {
180: fprintf(stderr, "Could not connect to authentication server.\n");
181: return;
182: }
1.2 provos 183: e = BN_new();
184: n = BN_new();
1.1 deraadt 185: had_identities = 0;
1.2 provos 186: for (status = ssh_get_first_identity(ac, &bits, e, n, &comment);
1.1 deraadt 187: status;
1.2 provos 188: status = ssh_get_next_identity(ac, &bits, e, n, &comment))
1.1 deraadt 189: {
1.2 provos 190: char *buf;
1.1 deraadt 191: had_identities = 1;
192: printf("%d ", bits);
1.2 provos 193: buf = BN_bn2dec(e);
194: assert(buf != NULL);
195: printf("%s ", buf);
196: free (buf);
197: buf = BN_bn2dec(n);
198: assert(buf != NULL);
199: printf("%s %s\n", buf, comment);
200: free (buf);
1.1 deraadt 201: xfree(comment);
202: }
1.2 provos 203: BN_clear_free(e);
204: BN_clear_free(n);
1.1 deraadt 205: if (!had_identities)
206: printf("The agent has no identities.\n");
207: ssh_close_authentication_connection(ac);
208: }
209:
1.2 provos 210: int
211: main(int ac, char **av)
1.1 deraadt 212: {
213: struct passwd *pw;
214: char buf[1024];
215: int no_files = 1;
216: int i;
217: int deleting = 0;
1.3 ! deraadt 218:
! 219: /* check if RSA support exists */
! 220: if (rsa_alive() == 0) {
! 221: extern char *__progname;
! 222:
! 223: fprintf(stderr,
! 224: "%s: no RSA support in libssl and libcrypto. See ssl(8).\n",
! 225: __progname);
! 226: exit(1);
! 227: }
1.1 deraadt 228:
229: for (i = 1; i < ac; i++)
230: {
231: if (strcmp(av[i], "-l") == 0)
232: {
233: list_identities();
234: no_files = 0; /* Don't default-add/delete if -l. */
235: continue;
236: }
237: if (strcmp(av[i], "-d") == 0)
238: {
239: deleting = 1;
240: continue;
241: }
242: if (strcmp(av[i], "-D") == 0)
243: {
244: delete_all();
245: no_files = 0;
246: continue;
247: }
248: no_files = 0;
249: if (deleting)
250: delete_file(av[i]);
251: else
252: add_file(av[i]);
253: }
254: if (no_files)
255: {
256: pw = getpwuid(getuid());
257: if (!pw)
258: {
259: fprintf(stderr, "No user found with uid %d\n", (int)getuid());
260: exit(1);
261: }
262: sprintf(buf, "%s/%s", pw->pw_dir, SSH_CLIENT_IDENTITY);
263: if (deleting)
264: delete_file(buf);
265: else
266: add_file(buf);
267: }
268: exit(0);
269: }