[openssh.git] / ssh-add.c

/*

ssh-add.c

Author: Tatu Ylonen <ylo@cs.hut.fi>

Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
                   All rights reserved

Created: Thu Apr  6 00:52:24 1995 ylo

Adds an identity to the authentication server, or removes an identity.

*/

#include "includes.h"
RCSID("$Id$");

#include "rsa.h"
#include "ssh.h"
#include "xmalloc.h"
#include "authfd.h"

void
delete_file(const char *filename)
{
  RSA *key;
  char *comment;
  AuthenticationConnection *ac;

  key = RSA_new();
  if (!load_public_key(filename, key, &comment))
    {
      printf("Bad key file %s: %s\n", filename, strerror(errno));
      return;
    }

  /* Send the request to the authentication agent. */
  ac = ssh_get_authentication_connection();
  if (!ac)
    {
      fprintf(stderr,
	      "Could not open a connection to your authentication agent.\n");
      RSA_free(key);
      xfree(comment);
      return;
    }
  if (ssh_remove_identity(ac, key))
    fprintf(stderr, "Identity removed: %s (%s)\n", filename, comment);
  else
    fprintf(stderr, "Could not remove identity: %s\n", filename);
  RSA_free(key);
  xfree(comment);
  ssh_close_authentication_connection(ac);
}

void
delete_all()
{
  AuthenticationConnection *ac;
  
  /* Get a connection to the agent. */
  ac = ssh_get_authentication_connection();
  if (!ac)
    {
      fprintf(stderr,
	      "Could not open a connection to your authentication agent.\n");
      return;
    }

  /* Send a request to remove all identities. */
  if (ssh_remove_all_identities(ac))
    fprintf(stderr, "All identities removed.\n");
  else
    fprintf(stderr, "Failed to remove all identitities.\n");
  
  /* Close the connection to the agent. */
  ssh_close_authentication_connection(ac);
}

void
add_file(const char *filename)
{
  RSA *key;
  RSA *public_key;
  AuthenticationConnection *ac;
  char *saved_comment, *comment, *pass;
  int first;
  
  key = RSA_new();
  public_key = RSA_new();
  if (!load_public_key(filename, public_key, &saved_comment))
    {
      printf("Bad key file %s: %s\n", filename, strerror(errno));
      return;
    }
  RSA_free(public_key);
  
  pass = xstrdup("");
  first = 1;
  while (!load_private_key(filename, pass, key, &comment))
    {
      /* Free the old passphrase. */
      memset(pass, 0, strlen(pass));
      xfree(pass);

      /* Ask for a passphrase. */
      if (getenv("DISPLAY") && !isatty(fileno(stdin)))
	{
	      xfree(saved_comment);
	      return;
	}
      else
	{
	  if (first)
	    printf("Need passphrase for %s (%s).\n", filename, saved_comment);
	  else
	    printf("Bad passphrase.\n");
	  pass = read_passphrase("Enter passphrase: ", 1);
	  if (strcmp(pass, "") == 0)
	    {
	      xfree(saved_comment);
	      xfree(pass);
	      return;
	    }
	}
      first = 0;
    }
  memset(pass, 0, strlen(pass));
  xfree(pass);

  xfree(saved_comment);

  /* Send the key to the authentication agent. */
  ac = ssh_get_authentication_connection();
  if (!ac)
    {
      fprintf(stderr,
	      "Could not open a connection to your authentication agent.\n");
      RSA_free(key);
      xfree(comment);
      return;
    }
  if (ssh_add_identity(ac, key, comment))
    fprintf(stderr, "Identity added: %s (%s)\n", filename, comment);
  else
    fprintf(stderr, "Could not add identity: %s\n", filename);
  RSA_free(key);
  xfree(comment);
  ssh_close_authentication_connection(ac);
}

void
list_identities()
{
  AuthenticationConnection *ac;
  BIGNUM *e, *n;
  int bits, status;
  char *comment;
  int had_identities;

  ac = ssh_get_authentication_connection();
  if (!ac)
    {
      fprintf(stderr, "Could not connect to authentication server.\n");
      return;
    }
  e = BN_new();
  n = BN_new();
  had_identities = 0;
  for (status = ssh_get_first_identity(ac, &bits, e, n, &comment);
       status;
       status = ssh_get_next_identity(ac, &bits, e, n, &comment))
    {
      char *buf;
      had_identities = 1;
      printf("%d ", bits);
      buf = BN_bn2dec(e);
      assert(buf != NULL);
      printf("%s ", buf);
      free (buf);
      buf = BN_bn2dec(n);
      assert(buf != NULL);
      printf("%s %s\n", buf, comment);
      free (buf);
      xfree(comment);
    }
  BN_clear_free(e);
  BN_clear_free(n);
  if (!had_identities)
    printf("The agent has no identities.\n");
  ssh_close_authentication_connection(ac);
}

int
main(int ac, char **av)
{
  struct passwd *pw;
  char buf[1024];
  int no_files = 1;
  int i;
  int deleting = 0;

  /* check if RSA support exists */
  if (rsa_alive() == 0) {
    extern char *__progname;

    fprintf(stderr,
      "%s: no RSA support in libssl and libcrypto.  See ssl(8).\n",
      __progname);
    exit(1);
  }

  for (i = 1; i < ac; i++)
    {
      if (strcmp(av[i], "-l") == 0)
	{
	  list_identities();
	  no_files = 0; /* Don't default-add/delete if -l. */
	  continue;
	}
      if (strcmp(av[i], "-d") == 0)
	{
	  deleting = 1;
	  continue;
	}
      if (strcmp(av[i], "-D") == 0)
	{
	  delete_all();
	  no_files = 0;
	  continue;
	}
      no_files = 0;
      if (deleting)
	delete_file(av[i]);
      else
	add_file(av[i]);
    }
  if (no_files)
    {
      pw = getpwuid(getuid());
      if (!pw)
	{
	  fprintf(stderr, "No user found with uid %d\n", (int)getuid());
	  exit(1);
	}
      snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, SSH_CLIENT_IDENTITY);
      if (deleting)
	delete_file(buf);
      else
	add_file(buf);
    }
  exit(0);
}
Commit	Line	Data
8efc0c15	1	/*
	2
	3	ssh-add.c
	4
	5	Author: Tatu Ylonen <ylo@cs.hut.fi>
	6
	7	Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
	8	All rights reserved
	9
	10	Created: Thu Apr 6 00:52:24 1995 ylo
	11
	12	Adds an identity to the authentication server, or removes an identity.
	13
	14	*/
	15
	16	#include "includes.h"
	17	RCSID("$Id$");
	18
	19	#include "rsa.h"
	20	#include "ssh.h"
	21	#include "xmalloc.h"
	22	#include "authfd.h"
	23
	24	void
	25	delete_file(const char *filename)
	26	{
	27	RSA *key;
	28	char *comment;
	29	AuthenticationConnection *ac;
	30
	31	key = RSA_new();
	32	if (!load_public_key(filename, key, &comment))
	33	{
	34	printf("Bad key file %s: %s\n", filename, strerror(errno));
	35	return;
	36	}
	37
	38	/* Send the request to the authentication agent. */
	39	ac = ssh_get_authentication_connection();
	40	if (!ac)
	41	{
	42	fprintf(stderr,
	43	"Could not open a connection to your authentication agent.\n");
	44	RSA_free(key);
	45	xfree(comment);
	46	return;
	47	}
	48	if (ssh_remove_identity(ac, key))
	49	fprintf(stderr, "Identity removed: %s (%s)\n", filename, comment);
	50	else
	51	fprintf(stderr, "Could not remove identity: %s\n", filename);
	52	RSA_free(key);
	53	xfree(comment);
	54	ssh_close_authentication_connection(ac);
	55	}
	56
	57	void
	58	delete_all()
	59	{
	60	AuthenticationConnection *ac;
	61
	62	/* Get a connection to the agent. */
	63	ac = ssh_get_authentication_connection();
	64	if (!ac)
65	{
66	fprintf(stderr,
67	"Could not open a connection to your authentication agent.\n");
68	return;
69	}
70
71	/* Send a request to remove all identities. */
72	if (ssh_remove_all_identities(ac))
73	fprintf(stderr, "All identities removed.\n");
74	else
75	fprintf(stderr, "Failed to remove all identitities.\n");
76
77	/* Close the connection to the agent. */
78	ssh_close_authentication_connection(ac);
79	}
80
81	void
82	add_file(const char *filename)
83	{
84	RSA *key;
85	RSA *public_key;
86	AuthenticationConnection *ac;
87	char saved_comment, comment, *pass;
88	int first;
89
90	key = RSA_new();
91	public_key = RSA_new();
92	if (!load_public_key(filename, public_key, &saved_comment))
93	{
94	printf("Bad key file %s: %s\n", filename, strerror(errno));
95	return;
96	}
97	RSA_free(public_key);
98
99	pass = xstrdup("");
100	first = 1;
101	while (!load_private_key(filename, pass, key, &comment))
102	{
103	/* Free the old passphrase. */
104	memset(pass, 0, strlen(pass));
105	xfree(pass);
106
107	/* Ask for a passphrase. */
108	if (getenv("DISPLAY") && !isatty(fileno(stdin)))
109	{
110	xfree(saved_comment);
111	return;
112	}
113	else
114	{
115	if (first)
116	printf("Need passphrase for %s (%s).\n", filename, saved_comment);
117	else
118	printf("Bad passphrase.\n");
119	pass = read_passphrase("Enter passphrase: ", 1);
120	if (strcmp(pass, "") == 0)
121	{
122	xfree(saved_comment);
123	xfree(pass);
124	return;
125	}
126	}
127	first = 0;
128	}
129	memset(pass, 0, strlen(pass));
130	xfree(pass);
131
132	xfree(saved_comment);
133
134	/* Send the key to the authentication agent. */
135	ac = ssh_get_authentication_connection();
136	if (!ac)
137	{
138	fprintf(stderr,
139	"Could not open a connection to your authentication agent.\n");
140	RSA_free(key);
141	xfree(comment);
142	return;
143	}
144	if (ssh_add_identity(ac, key, comment))
145	fprintf(stderr, "Identity added: %s (%s)\n", filename, comment);
146	else
147	fprintf(stderr, "Could not add identity: %s\n", filename);
148	RSA_free(key);
149	xfree(comment);
150	ssh_close_authentication_connection(ac);
151	}
152
153	void
154	list_identities()
155	{
156	AuthenticationConnection *ac;
157	BIGNUM e, n;
158	int bits, status;
159	char *comment;
160	int had_identities;
161
162	ac = ssh_get_authentication_connection();
163	if (!ac)
164	{
165	fprintf(stderr, "Could not connect to authentication server.\n");
166	return;
167	}
168	e = BN_new();
169	n = BN_new();
170	had_identities = 0;
171	for (status = ssh_get_first_identity(ac, &bits, e, n, &comment);
172	status;
173	status = ssh_get_next_identity(ac, &bits, e, n, &comment))
174	{
175	char *buf;
176	had_identities = 1;
177	printf("%d ", bits);
178	buf = BN_bn2dec(e);
179	assert(buf != NULL);
180	printf("%s ", buf);
181	free (buf);
182	buf = BN_bn2dec(n);
183	assert(buf != NULL);
184	printf("%s %s\n", buf, comment);
185	free (buf);
186	xfree(comment);
187	}
188	BN_clear_free(e);
189	BN_clear_free(n);
190	if (!had_identities)
191	printf("The agent has no identities.\n");
192	ssh_close_authentication_connection(ac);
193	}
194
195	int
196	main(int ac, char **av)
197	{
198	struct passwd *pw;
199	char buf[1024];
200	int no_files = 1;
201	int i;
202	int deleting = 0;
203
204	/* check if RSA support exists */
205	if (rsa_alive() == 0) {
206	extern char *__progname;
207
208	fprintf(stderr,
209	"%s: no RSA support in libssl and libcrypto. See ssl(8).\n",
210	__progname);
211	exit(1);
212	}
213
214	for (i = 1; i < ac; i++)
215	{
216	if (strcmp(av[i], "-l") == 0)
217	{
218	list_identities();
219	no_files = 0; /* Don't default-add/delete if -l. */
220	continue;
221	}
222	if (strcmp(av[i], "-d") == 0)
223	{
224	deleting = 1;
225	continue;
226	}
227	if (strcmp(av[i], "-D") == 0)
228	{
229	delete_all();
230	no_files = 0;
231	continue;
232	}
233	no_files = 0;
234	if (deleting)
235	delete_file(av[i]);
236	else
237	add_file(av[i]);
238	}
239	if (no_files)
240	{
241	pw = getpwuid(getuid());
242	if (!pw)
243	{
244	fprintf(stderr, "No user found with uid %d\n", (int)getuid());
245	exit(1);
246	}
247	snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, SSH_CLIENT_IDENTITY);
248	if (deleting)
249	delete_file(buf);
250	else
251	add_file(buf);
252	}
253	exit(0);
254	}