Annotation of src/usr.bin/ssh/ssh-add.c, Revision 1.4
1.1 deraadt 1: /*
2:
3: ssh-add.c
4:
5: Author: Tatu Ylonen <ylo@cs.hut.fi>
6:
7: Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
8: All rights reserved
9:
10: Created: Thu Apr 6 00:52:24 1995 ylo
11:
12: Adds an identity to the authentication server, or removes an identity.
13:
14: */
15:
16: #include "includes.h"
1.4 ! deraadt 17: RCSID("$Id: ssh-add.c,v 1.3 1999/09/29 06:15:00 deraadt Exp $");
1.1 deraadt 18:
19: #include "rsa.h"
20: #include "ssh.h"
21: #include "xmalloc.h"
22: #include "authfd.h"
23:
1.2 provos 24: void
25: delete_file(const char *filename)
1.1 deraadt 26: {
1.2 provos 27: RSA *key;
1.1 deraadt 28: char *comment;
29: AuthenticationConnection *ac;
30:
1.2 provos 31: key = RSA_new();
32: if (!load_public_key(filename, key, &comment))
1.1 deraadt 33: {
34: printf("Bad key file %s: %s\n", filename, strerror(errno));
35: return;
36: }
37:
38: /* Send the request to the authentication agent. */
39: ac = ssh_get_authentication_connection();
40: if (!ac)
41: {
42: fprintf(stderr,
43: "Could not open a connection to your authentication agent.\n");
1.2 provos 44: RSA_free(key);
1.1 deraadt 45: xfree(comment);
46: return;
47: }
1.2 provos 48: if (ssh_remove_identity(ac, key))
1.1 deraadt 49: fprintf(stderr, "Identity removed: %s (%s)\n", filename, comment);
50: else
51: fprintf(stderr, "Could not remove identity: %s\n", filename);
1.2 provos 52: RSA_free(key);
1.1 deraadt 53: xfree(comment);
54: ssh_close_authentication_connection(ac);
55: }
56:
1.2 provos 57: void
58: delete_all()
1.1 deraadt 59: {
60: AuthenticationConnection *ac;
61:
62: /* Get a connection to the agent. */
63: ac = ssh_get_authentication_connection();
64: if (!ac)
65: {
66: fprintf(stderr,
67: "Could not open a connection to your authentication agent.\n");
68: return;
69: }
70:
71: /* Send a request to remove all identities. */
72: if (ssh_remove_all_identities(ac))
73: fprintf(stderr, "All identities removed.\n");
74: else
75: fprintf(stderr, "Failed to remove all identitities.\n");
76:
77: /* Close the connection to the agent. */
78: ssh_close_authentication_connection(ac);
79: }
80:
1.2 provos 81: void
82: add_file(const char *filename)
1.1 deraadt 83: {
1.2 provos 84: RSA *key;
85: RSA *public_key;
1.1 deraadt 86: AuthenticationConnection *ac;
87: char *saved_comment, *comment, *pass;
88: int first;
89:
1.2 provos 90: key = RSA_new();
91: public_key = RSA_new();
92: if (!load_public_key(filename, public_key, &saved_comment))
1.1 deraadt 93: {
94: printf("Bad key file %s: %s\n", filename, strerror(errno));
95: return;
96: }
1.2 provos 97: RSA_free(public_key);
1.1 deraadt 98:
99: pass = xstrdup("");
100: first = 1;
1.2 provos 101: while (!load_private_key(filename, pass, key, &comment))
1.1 deraadt 102: {
103: char buf[1024];
104: FILE *f;
105:
106: /* Free the old passphrase. */
107: memset(pass, 0, strlen(pass));
108: xfree(pass);
109:
110: /* Ask for a passphrase. */
111: if (getenv("DISPLAY") && !isatty(fileno(stdin)))
112: {
1.4 ! deraadt 113: snprintf(buf, sizeof buf,
! 114: "ssh-askpass '%sEnter passphrase for %.100s'",
1.1 deraadt 115: first ? "" : "You entered wrong passphrase. ",
116: saved_comment);
117: f = popen(buf, "r");
118: if (!fgets(buf, sizeof(buf), f))
119: {
120: pclose(f);
121: xfree(saved_comment);
122: return;
123: }
124: pclose(f);
125: if (strchr(buf, '\n'))
126: *strchr(buf, '\n') = 0;
127: pass = xstrdup(buf);
128: }
129: else
130: {
131: if (first)
132: printf("Need passphrase for %s (%s).\n", filename, saved_comment);
133: else
134: printf("Bad passphrase.\n");
135: pass = read_passphrase("Enter passphrase: ", 1);
136: if (strcmp(pass, "") == 0)
137: {
138: xfree(saved_comment);
139: xfree(pass);
140: return;
141: }
142: }
143: first = 0;
144: }
145: memset(pass, 0, strlen(pass));
146: xfree(pass);
147:
148: xfree(saved_comment);
149:
150: /* Send the key to the authentication agent. */
151: ac = ssh_get_authentication_connection();
152: if (!ac)
153: {
154: fprintf(stderr,
155: "Could not open a connection to your authentication agent.\n");
1.2 provos 156: RSA_free(key);
1.1 deraadt 157: xfree(comment);
158: return;
159: }
1.2 provos 160: if (ssh_add_identity(ac, key, comment))
1.1 deraadt 161: fprintf(stderr, "Identity added: %s (%s)\n", filename, comment);
162: else
163: fprintf(stderr, "Could not add identity: %s\n", filename);
1.2 provos 164: RSA_free(key);
1.1 deraadt 165: xfree(comment);
166: ssh_close_authentication_connection(ac);
167: }
168:
1.2 provos 169: void
170: list_identities()
1.1 deraadt 171: {
172: AuthenticationConnection *ac;
1.2 provos 173: BIGNUM *e, *n;
1.1 deraadt 174: int bits, status;
175: char *comment;
176: int had_identities;
177:
178: ac = ssh_get_authentication_connection();
179: if (!ac)
180: {
181: fprintf(stderr, "Could not connect to authentication server.\n");
182: return;
183: }
1.2 provos 184: e = BN_new();
185: n = BN_new();
1.1 deraadt 186: had_identities = 0;
1.2 provos 187: for (status = ssh_get_first_identity(ac, &bits, e, n, &comment);
1.1 deraadt 188: status;
1.2 provos 189: status = ssh_get_next_identity(ac, &bits, e, n, &comment))
1.1 deraadt 190: {
1.2 provos 191: char *buf;
1.1 deraadt 192: had_identities = 1;
193: printf("%d ", bits);
1.2 provos 194: buf = BN_bn2dec(e);
195: assert(buf != NULL);
196: printf("%s ", buf);
197: free (buf);
198: buf = BN_bn2dec(n);
199: assert(buf != NULL);
200: printf("%s %s\n", buf, comment);
201: free (buf);
1.1 deraadt 202: xfree(comment);
203: }
1.2 provos 204: BN_clear_free(e);
205: BN_clear_free(n);
1.1 deraadt 206: if (!had_identities)
207: printf("The agent has no identities.\n");
208: ssh_close_authentication_connection(ac);
209: }
210:
1.2 provos 211: int
212: main(int ac, char **av)
1.1 deraadt 213: {
214: struct passwd *pw;
215: char buf[1024];
216: int no_files = 1;
217: int i;
218: int deleting = 0;
1.3 deraadt 219:
220: /* check if RSA support exists */
221: if (rsa_alive() == 0) {
222: extern char *__progname;
223:
224: fprintf(stderr,
225: "%s: no RSA support in libssl and libcrypto. See ssl(8).\n",
226: __progname);
227: exit(1);
228: }
1.1 deraadt 229:
230: for (i = 1; i < ac; i++)
231: {
232: if (strcmp(av[i], "-l") == 0)
233: {
234: list_identities();
235: no_files = 0; /* Don't default-add/delete if -l. */
236: continue;
237: }
238: if (strcmp(av[i], "-d") == 0)
239: {
240: deleting = 1;
241: continue;
242: }
243: if (strcmp(av[i], "-D") == 0)
244: {
245: delete_all();
246: no_files = 0;
247: continue;
248: }
249: no_files = 0;
250: if (deleting)
251: delete_file(av[i]);
252: else
253: add_file(av[i]);
254: }
255: if (no_files)
256: {
257: pw = getpwuid(getuid());
258: if (!pw)
259: {
260: fprintf(stderr, "No user found with uid %d\n", (int)getuid());
261: exit(1);
262: }
1.4 ! deraadt 263: snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, SSH_CLIENT_IDENTITY);
1.1 deraadt 264: if (deleting)
265: delete_file(buf);
266: else
267: add_file(buf);
268: }
269: exit(0);
270: }