Annotation of src/usr.bin/ssh/ssh-add.c, Revision 1.9
1.1 deraadt 1: /*
2:
3: ssh-add.c
4:
5: Author: Tatu Ylonen <ylo@cs.hut.fi>
6:
7: Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
8: All rights reserved
9:
10: Created: Thu Apr 6 00:52:24 1995 ylo
11:
12: Adds an identity to the authentication server, or removes an identity.
13:
14: */
15:
16: #include "includes.h"
1.9 ! markus 17: RCSID("$Id: ssh-add.c,v 1.8 1999/11/02 19:42:36 markus Exp $");
1.1 deraadt 18:
19: #include "rsa.h"
20: #include "ssh.h"
21: #include "xmalloc.h"
22: #include "authfd.h"
23:
1.2 provos 24: void
1.7 markus 25: delete_file(AuthenticationConnection *ac, const char *filename)
1.1 deraadt 26: {
1.2 provos 27: RSA *key;
1.1 deraadt 28: char *comment;
29:
1.2 provos 30: key = RSA_new();
31: if (!load_public_key(filename, key, &comment))
1.1 deraadt 32: {
33: printf("Bad key file %s: %s\n", filename, strerror(errno));
34: return;
35: }
36:
1.2 provos 37: if (ssh_remove_identity(ac, key))
1.1 deraadt 38: fprintf(stderr, "Identity removed: %s (%s)\n", filename, comment);
39: else
40: fprintf(stderr, "Could not remove identity: %s\n", filename);
1.2 provos 41: RSA_free(key);
1.1 deraadt 42: xfree(comment);
43: }
44:
1.2 provos 45: void
1.7 markus 46: delete_all(AuthenticationConnection *ac)
1.1 deraadt 47: {
48: /* Send a request to remove all identities. */
49: if (ssh_remove_all_identities(ac))
50: fprintf(stderr, "All identities removed.\n");
51: else
52: fprintf(stderr, "Failed to remove all identitities.\n");
53: }
54:
1.2 provos 55: void
1.7 markus 56: add_file(AuthenticationConnection *ac, const char *filename)
1.1 deraadt 57: {
1.2 provos 58: RSA *key;
59: RSA *public_key;
1.9 ! markus 60: char *saved_comment, *comment;
! 61: int success;
1.1 deraadt 62:
1.2 provos 63: key = RSA_new();
64: public_key = RSA_new();
65: if (!load_public_key(filename, public_key, &saved_comment))
1.1 deraadt 66: {
67: printf("Bad key file %s: %s\n", filename, strerror(errno));
68: return;
69: }
1.2 provos 70: RSA_free(public_key);
1.9 ! markus 71:
! 72: /* At first, try empty passphrase */
! 73: success = load_private_key(filename, "", key, &comment);
! 74: if (!success) {
! 75: printf("Need passphrase for %s (%s).\n", filename, saved_comment);
! 76: if (!isatty(STDIN_FILENO)){
! 77: xfree(saved_comment);
! 78: return;
! 79: }
! 80: for (;;) {
! 81: char *pass = read_passphrase("Enter passphrase: ", 1);
! 82: if (strcmp(pass, "") == 0){
! 83: xfree(pass);
! 84: xfree(saved_comment);
! 85: return;
! 86: }
! 87: success = load_private_key(filename, pass, key, &comment);
1.1 deraadt 88: memset(pass, 0, strlen(pass));
89: xfree(pass);
1.9 ! markus 90: if (success)
! 91: break;
! 92: printf("Bad passphrase.\n");
! 93: }
! 94: }
1.1 deraadt 95: xfree(saved_comment);
96:
1.2 provos 97: if (ssh_add_identity(ac, key, comment))
1.1 deraadt 98: fprintf(stderr, "Identity added: %s (%s)\n", filename, comment);
99: else
100: fprintf(stderr, "Could not add identity: %s\n", filename);
1.2 provos 101: RSA_free(key);
1.1 deraadt 102: xfree(comment);
103: }
104:
1.2 provos 105: void
1.7 markus 106: list_identities(AuthenticationConnection *ac)
1.1 deraadt 107: {
1.2 provos 108: BIGNUM *e, *n;
1.1 deraadt 109: int bits, status;
110: char *comment;
111: int had_identities;
112:
1.2 provos 113: e = BN_new();
114: n = BN_new();
1.1 deraadt 115: had_identities = 0;
1.2 provos 116: for (status = ssh_get_first_identity(ac, &bits, e, n, &comment);
1.1 deraadt 117: status;
1.2 provos 118: status = ssh_get_next_identity(ac, &bits, e, n, &comment))
1.1 deraadt 119: {
1.2 provos 120: char *buf;
1.1 deraadt 121: had_identities = 1;
122: printf("%d ", bits);
1.2 provos 123: buf = BN_bn2dec(e);
1.8 markus 124: if (buf != NULL) {
125: printf("%s ", buf);
126: free (buf);
127: } else {
128: error("list_identities: BN_bn2dec #1 failed.");
129: }
1.2 provos 130: buf = BN_bn2dec(n);
1.8 markus 131: if (buf != NULL) {
132: printf("%s %s\n", buf, comment);
133: free (buf);
134: } else {
135: error("list_identities: BN_bn2dec #2 failed.");
136: }
1.1 deraadt 137: xfree(comment);
138: }
1.2 provos 139: BN_clear_free(e);
140: BN_clear_free(n);
1.1 deraadt 141: if (!had_identities)
142: printf("The agent has no identities.\n");
143: }
144:
1.2 provos 145: int
1.7 markus 146: main(int argc, char **argv)
1.1 deraadt 147: {
1.7 markus 148: AuthenticationConnection *ac = NULL;
1.1 deraadt 149: struct passwd *pw;
150: char buf[1024];
151: int no_files = 1;
152: int i;
153: int deleting = 0;
1.3 deraadt 154:
155: /* check if RSA support exists */
156: if (rsa_alive() == 0) {
157: extern char *__progname;
158:
159: fprintf(stderr,
160: "%s: no RSA support in libssl and libcrypto. See ssl(8).\n",
161: __progname);
162: exit(1);
163: }
1.1 deraadt 164:
1.7 markus 165: /* At first, get a connection to the authentication agent. */
166: ac = ssh_get_authentication_connection();
167: if (ac == NULL) {
168: fprintf(stderr, "Could not open a connection to your authentication agent.\n");
169: exit(1);
170: }
171:
172: for (i = 1; i < argc; i++)
1.1 deraadt 173: {
1.7 markus 174: if (strcmp(argv[i], "-l") == 0)
1.1 deraadt 175: {
1.7 markus 176: list_identities(ac);
1.1 deraadt 177: no_files = 0; /* Don't default-add/delete if -l. */
178: continue;
179: }
1.7 markus 180: if (strcmp(argv[i], "-d") == 0)
1.1 deraadt 181: {
182: deleting = 1;
183: continue;
184: }
1.7 markus 185: if (strcmp(argv[i], "-D") == 0)
1.1 deraadt 186: {
1.7 markus 187: delete_all(ac);
1.1 deraadt 188: no_files = 0;
189: continue;
190: }
191: no_files = 0;
192: if (deleting)
1.7 markus 193: delete_file(ac, argv[i]);
1.1 deraadt 194: else
1.7 markus 195: add_file(ac, argv[i]);
1.1 deraadt 196: }
197: if (no_files)
198: {
199: pw = getpwuid(getuid());
200: if (!pw)
201: {
202: fprintf(stderr, "No user found with uid %d\n", (int)getuid());
1.7 markus 203: ssh_close_authentication_connection(ac);
1.1 deraadt 204: exit(1);
205: }
1.4 deraadt 206: snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, SSH_CLIENT_IDENTITY);
1.1 deraadt 207: if (deleting)
1.7 markus 208: delete_file(ac, buf);
1.1 deraadt 209: else
1.7 markus 210: add_file(ac, buf);
1.1 deraadt 211: }
1.7 markus 212: ssh_close_authentication_connection(ac);
1.1 deraadt 213: exit(0);
214: }