Annotation of src/usr.bin/ssh/ssh-add.c, Revision 1.7
1.1 deraadt 1: /*
2:
3: ssh-add.c
4:
5: Author: Tatu Ylonen <ylo@cs.hut.fi>
6:
7: Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
8: All rights reserved
9:
10: Created: Thu Apr 6 00:52:24 1995 ylo
11:
12: Adds an identity to the authentication server, or removes an identity.
13:
14: */
15:
16: #include "includes.h"
1.7 ! markus 17: RCSID("$Id: ssh-add.c,v 1.6 1999/10/17 20:39:11 dugsong Exp $");
1.1 deraadt 18:
19: #include "rsa.h"
20: #include "ssh.h"
21: #include "xmalloc.h"
22: #include "authfd.h"
23:
1.2 provos 24: void
1.7 ! markus 25: delete_file(AuthenticationConnection *ac, const char *filename)
1.1 deraadt 26: {
1.2 provos 27: RSA *key;
1.1 deraadt 28: char *comment;
29:
1.2 provos 30: key = RSA_new();
31: if (!load_public_key(filename, key, &comment))
1.1 deraadt 32: {
33: printf("Bad key file %s: %s\n", filename, strerror(errno));
34: return;
35: }
36:
1.2 provos 37: if (ssh_remove_identity(ac, key))
1.1 deraadt 38: fprintf(stderr, "Identity removed: %s (%s)\n", filename, comment);
39: else
40: fprintf(stderr, "Could not remove identity: %s\n", filename);
1.2 provos 41: RSA_free(key);
1.1 deraadt 42: xfree(comment);
43: }
44:
1.2 provos 45: void
1.7 ! markus 46: delete_all(AuthenticationConnection *ac)
1.1 deraadt 47: {
48: /* Send a request to remove all identities. */
49: if (ssh_remove_all_identities(ac))
50: fprintf(stderr, "All identities removed.\n");
51: else
52: fprintf(stderr, "Failed to remove all identitities.\n");
53: }
54:
1.2 provos 55: void
1.7 ! markus 56: add_file(AuthenticationConnection *ac, const char *filename)
1.1 deraadt 57: {
1.2 provos 58: RSA *key;
59: RSA *public_key;
1.1 deraadt 60: char *saved_comment, *comment, *pass;
61: int first;
62:
1.2 provos 63: key = RSA_new();
64: public_key = RSA_new();
65: if (!load_public_key(filename, public_key, &saved_comment))
1.1 deraadt 66: {
67: printf("Bad key file %s: %s\n", filename, strerror(errno));
68: return;
69: }
1.2 provos 70: RSA_free(public_key);
1.1 deraadt 71:
72: pass = xstrdup("");
73: first = 1;
1.2 provos 74: while (!load_private_key(filename, pass, key, &comment))
1.1 deraadt 75: {
76: /* Free the old passphrase. */
77: memset(pass, 0, strlen(pass));
78: xfree(pass);
79:
80: /* Ask for a passphrase. */
81: if (getenv("DISPLAY") && !isatty(fileno(stdin)))
82: {
83: xfree(saved_comment);
84: return;
85: }
86: else
87: {
88: if (first)
89: printf("Need passphrase for %s (%s).\n", filename, saved_comment);
90: else
91: printf("Bad passphrase.\n");
92: pass = read_passphrase("Enter passphrase: ", 1);
93: if (strcmp(pass, "") == 0)
94: {
95: xfree(saved_comment);
96: xfree(pass);
97: return;
98: }
99: }
100: first = 0;
101: }
102: memset(pass, 0, strlen(pass));
103: xfree(pass);
104:
105: xfree(saved_comment);
106:
1.2 provos 107: if (ssh_add_identity(ac, key, comment))
1.1 deraadt 108: fprintf(stderr, "Identity added: %s (%s)\n", filename, comment);
109: else
110: fprintf(stderr, "Could not add identity: %s\n", filename);
1.2 provos 111: RSA_free(key);
1.1 deraadt 112: xfree(comment);
113: }
114:
1.2 provos 115: void
1.7 ! markus 116: list_identities(AuthenticationConnection *ac)
1.1 deraadt 117: {
1.2 provos 118: BIGNUM *e, *n;
1.1 deraadt 119: int bits, status;
120: char *comment;
121: int had_identities;
122:
1.2 provos 123: e = BN_new();
124: n = BN_new();
1.1 deraadt 125: had_identities = 0;
1.2 provos 126: for (status = ssh_get_first_identity(ac, &bits, e, n, &comment);
1.1 deraadt 127: status;
1.2 provos 128: status = ssh_get_next_identity(ac, &bits, e, n, &comment))
1.1 deraadt 129: {
1.2 provos 130: char *buf;
1.1 deraadt 131: had_identities = 1;
132: printf("%d ", bits);
1.2 provos 133: buf = BN_bn2dec(e);
134: assert(buf != NULL);
135: printf("%s ", buf);
136: free (buf);
137: buf = BN_bn2dec(n);
138: assert(buf != NULL);
139: printf("%s %s\n", buf, comment);
140: free (buf);
1.1 deraadt 141: xfree(comment);
142: }
1.2 provos 143: BN_clear_free(e);
144: BN_clear_free(n);
1.1 deraadt 145: if (!had_identities)
146: printf("The agent has no identities.\n");
147: }
148:
1.2 provos 149: int
1.7 ! markus 150: main(int argc, char **argv)
1.1 deraadt 151: {
1.7 ! markus 152: AuthenticationConnection *ac = NULL;
1.1 deraadt 153: struct passwd *pw;
154: char buf[1024];
155: int no_files = 1;
156: int i;
157: int deleting = 0;
1.3 deraadt 158:
159: /* check if RSA support exists */
160: if (rsa_alive() == 0) {
161: extern char *__progname;
162:
163: fprintf(stderr,
164: "%s: no RSA support in libssl and libcrypto. See ssl(8).\n",
165: __progname);
166: exit(1);
167: }
1.1 deraadt 168:
1.7 ! markus 169: /* At first, get a connection to the authentication agent. */
! 170: ac = ssh_get_authentication_connection();
! 171: if (ac == NULL) {
! 172: fprintf(stderr, "Could not open a connection to your authentication agent.\n");
! 173: exit(1);
! 174: }
! 175:
! 176: for (i = 1; i < argc; i++)
1.1 deraadt 177: {
1.7 ! markus 178: if (strcmp(argv[i], "-l") == 0)
1.1 deraadt 179: {
1.7 ! markus 180: list_identities(ac);
1.1 deraadt 181: no_files = 0; /* Don't default-add/delete if -l. */
182: continue;
183: }
1.7 ! markus 184: if (strcmp(argv[i], "-d") == 0)
1.1 deraadt 185: {
186: deleting = 1;
187: continue;
188: }
1.7 ! markus 189: if (strcmp(argv[i], "-D") == 0)
1.1 deraadt 190: {
1.7 ! markus 191: delete_all(ac);
1.1 deraadt 192: no_files = 0;
193: continue;
194: }
195: no_files = 0;
196: if (deleting)
1.7 ! markus 197: delete_file(ac, argv[i]);
1.1 deraadt 198: else
1.7 ! markus 199: add_file(ac, argv[i]);
1.1 deraadt 200: }
201: if (no_files)
202: {
203: pw = getpwuid(getuid());
204: if (!pw)
205: {
206: fprintf(stderr, "No user found with uid %d\n", (int)getuid());
1.7 ! markus 207: ssh_close_authentication_connection(ac);
1.1 deraadt 208: exit(1);
209: }
1.4 deraadt 210: snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, SSH_CLIENT_IDENTITY);
1.1 deraadt 211: if (deleting)
1.7 ! markus 212: delete_file(ac, buf);
1.1 deraadt 213: else
1.7 ! markus 214: add_file(ac, buf);
1.1 deraadt 215: }
1.7 ! markus 216: ssh_close_authentication_connection(ac);
1.1 deraadt 217: exit(0);
218: }