ssh-add.c

   1 /*
   2  * Author: Tatu Ylonen <ylo@cs.hut.fi>
   3  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
   4  *                    All rights reserved
   5  * Created: Thu Apr  6 00:52:24 1995 ylo
   6  * Adds an identity to the authentication server, or removes an identity.
   7  *
   8  * SSH2 implementation,
   9  * Copyright (c) 2000 Markus Friedl. All rights reserved.
  10  */
  11
  12 #include "includes.h"
  13 RCSID("$OpenBSD: ssh-add.c,v 1.20 2000/08/28 03:50:54 deraadt Exp $");
  14
  15 #include <openssl/evp.h>
  16 #include <openssl/rsa.h>
  17 #include <openssl/dsa.h>
  18
  19 #include "rsa.h"
  20 #include "ssh.h"
  21 #include "xmalloc.h"
  22 #include "key.h"
  23 #include "authfd.h"
  24 #include "authfile.h"
  25
  26 #ifdef HAVE___PROGNAME
  27 extern char *__progname;
  28 #else /* HAVE___PROGNAME */
  29 static const char *__progname = "ssh-add";
  30 #endif /* HAVE___PROGNAME */
  31
  32 void
  33 delete_file(AuthenticationConnection *ac, const char *filename)
  34 {
  35         Key *public;
  36         char *comment;
  37
  38         public = key_new(KEY_RSA);
  39         if (!load_public_key(filename, public, &comment)) {
  40                 printf("Bad key file %s: %s\n", filename, strerror(errno));
  41                 return;
  42         }
  43         if (ssh_remove_identity(ac, public))
  44                 fprintf(stderr, "Identity removed: %s (%s)\n", filename, comment);
  45         else
  46                 fprintf(stderr, "Could not remove identity: %s\n", filename);
  47         key_free(public);
  48         xfree(comment);
  49 }
  50
  51 /* Send a request to remove all identities. */
  52 void
  53 delete_all(AuthenticationConnection *ac)
  54 {
  55         int success = 1;
  56
  57         if (!ssh_remove_all_identities(ac, 1))
  58                 success = 0;
  59         /* ignore error-code for ssh2 */
  60         ssh_remove_all_identities(ac, 2);
  61
  62         if (success)
  63                 fprintf(stderr, "All identities removed.\n");
  64         else
  65                 fprintf(stderr, "Failed to remove all identitities.\n");
  66 }
  67
  68 char *
  69 ssh_askpass(char *askpass, char *msg)
  70 {
  71         pid_t pid;
  72         size_t len;
  73         char *nl, *pass;
  74         int p[2], status;
  75         char buf[1024];
  76
  77         if (askpass == NULL)
  78                 fatal("internal error: askpass undefined");
  79         if (pipe(p) < 0)
  80                 fatal("ssh_askpass: pipe: %s", strerror(errno));
  81         if ((pid = fork()) < 0)
  82                 fatal("ssh_askpass: fork: %s", strerror(errno));
  83         if (pid == 0) {
  84                 close(p[0]);
  85                 if (dup2(p[1], STDOUT_FILENO) < 0)
  86                         fatal("ssh_askpass: dup2: %s", strerror(errno));
  87                 execlp(askpass, askpass, msg, (char *) 0);
  88                 fatal("ssh_askpass: exec(%s): %s", askpass, strerror(errno));
  89         }
  90         close(p[1]);
  91         len = read(p[0], buf, sizeof buf);
  92         close(p[0]);
  93         while (waitpid(pid, &status, 0) < 0)
  94                 if (errno != EINTR)
  95                         break;
  96         if (len <= 1)
  97                 return xstrdup("");
  98         nl = strchr(buf, '\n');
  99         if (nl)
 100                 *nl = '\0';
 101         pass = xstrdup(buf);
 102         memset(buf, 0, sizeof(buf));
 103         return pass;
 104 }
 105
 106 void
 107 add_file(AuthenticationConnection *ac, const char *filename)
 108 {
 109         struct stat st;
 110         Key *public;
 111         Key *private;
 112         char *saved_comment, *comment, *askpass = NULL;
 113         char buf[1024], msg[1024];
 114         int success;
 115         int interactive = isatty(STDIN_FILENO);
 116         int type = KEY_RSA;
 117
 118         if (stat(filename, &st) < 0) {
 119                 perror(filename);
 120                 exit(1);
 121         }
 122         /*
 123          * try to load the public key. right now this only works for RSA,
 124          * since DSA keys are fully encrypted
 125          */
 126         public = key_new(KEY_RSA);
 127         if (!load_public_key(filename, public, &saved_comment)) {
 128                 /* ok, so we will asume this is a DSA key */
 129                 type = KEY_DSA;
 130                 saved_comment = xstrdup(filename);
 131         }
 132         key_free(public);
 133
 134         if (!interactive && getenv("DISPLAY")) {
 135                 if (getenv(SSH_ASKPASS_ENV))
 136                         askpass = getenv(SSH_ASKPASS_ENV);
 137                 else
 138                         askpass = SSH_ASKPASS_DEFAULT;
 139         }
 140
 141         /* At first, try empty passphrase */
 142         private = key_new(type);
 143         success = load_private_key(filename, "", private, &comment);
 144         if (!success) {
 145                 printf("Need passphrase for %.200s\n", filename);
 146                 if (!interactive && askpass == NULL) {
 147                         xfree(saved_comment);
 148                         return;
 149                 }
 150                 snprintf(msg, sizeof msg, "Enter passphrase for %.200s", saved_comment);
 151                 for (;;) {
 152                         char *pass;
 153                         if (interactive) {
 154                                 snprintf(buf, sizeof buf, "%s: ", msg);
 155                                 pass = read_passphrase(buf, 1);
 156                         } else {
 157                                 pass = ssh_askpass(askpass, msg);
 158                         }
 159                         if (strcmp(pass, "") == 0) {
 160                                 xfree(pass);
 161                                 xfree(saved_comment);
 162                                 return;
 163                         }
 164                         success = load_private_key(filename, pass, private, &comment);
 165                         memset(pass, 0, strlen(pass));
 166                         xfree(pass);
 167                         if (success)
 168                                 break;
 169                         strlcpy(msg, "Bad passphrase, try again", sizeof msg);
 170                 }
 171         }
 172         xfree(comment);
 173         if (ssh_add_identity(ac, private, saved_comment))
 174                 fprintf(stderr, "Identity added: %s (%s)\n", filename, saved_comment);
 175         else
 176                 fprintf(stderr, "Could not add identity: %s\n", filename);
 177         key_free(private);
 178         xfree(saved_comment);
 179 }
 180
 181 void
 182 list_identities(AuthenticationConnection *ac, int fp)
 183 {
 184         Key *key;
 185         char *comment;
 186         int had_identities = 0;
 187         int version;
 188
 189         for (version = 1; version <= 2; version++) {
 190                 for (key = ssh_get_first_identity(ac, &comment, version);
 191                      key != NULL;
 192                      key = ssh_get_next_identity(ac, &comment, version)) {
 193                         had_identities = 1;
 194                         if (fp) {
 195                                 printf("%d %s %s\n",
 196                                     key_size(key), key_fingerprint(key), comment);
 197                         } else {
 198                                 if (!key_write(key, stdout))
 199                                         fprintf(stderr, "key_write failed");
 200                                 fprintf(stdout, " %s\n", comment);
 201                         }
 202                         key_free(key);
 203                         xfree(comment);
 204                 }
 205         }
 206         if (!had_identities)
 207                 printf("The agent has no identities.\n");
 208 }
 209
 210 int
 211 main(int argc, char **argv)
 212 {
 213         AuthenticationConnection *ac = NULL;
 214         struct passwd *pw;
 215         char buf[1024];
 216         int no_files = 1;
 217         int i;
 218         int deleting = 0;
 219
 220         init_rng();
 221
 222         /* check if RSA support exists */
 223         if (rsa_alive() == 0) {
 224                 fprintf(stderr,
 225                         "%s: no RSA support in libssl and libcrypto.  See ssl(8).\n",
 226                         __progname);
 227                 exit(1);
 228         }
 229         SSLeay_add_all_algorithms();
 230
 231         /* At first, get a connection to the authentication agent. */
 232         ac = ssh_get_authentication_connection();
 233         if (ac == NULL) {
 234                 fprintf(stderr, "Could not open a connection to your authentication agent.\n");
 235                 exit(1);
 236         }
 237         for (i = 1; i < argc; i++) {
 238                 if ((strcmp(argv[i], "-l") == 0) ||
 239                     (strcmp(argv[i], "-L") == 0)) {
 240                         list_identities(ac, argv[i][1] == 'l' ? 1 : 0);
 241                         /* Don't default-add/delete if -l. */
 242                         no_files = 0;
 243                         continue;
 244                 }
 245                 if (strcmp(argv[i], "-d") == 0) {
 246                         deleting = 1;
 247                         continue;
 248                 }
 249                 if (strcmp(argv[i], "-D") == 0) {
 250                         delete_all(ac);
 251                         no_files = 0;
 252                         continue;
 253                 }
 254                 no_files = 0;
 255                 if (deleting)
 256                         delete_file(ac, argv[i]);
 257                 else
 258                         add_file(ac, argv[i]);
 259         }
 260         if (no_files) {
 261                 pw = getpwuid(getuid());
 262                 if (!pw) {
 263                         fprintf(stderr, "No user found with uid %u\n",
 264                             (u_int)getuid());
 265                         ssh_close_authentication_connection(ac);
 266                         exit(1);
 267                 }
 268                 snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, SSH_CLIENT_IDENTITY);
 269                 if (deleting)
 270                         delete_file(ac, buf);
 271                 else
 272                         add_file(ac, buf);
 273         }
 274         ssh_close_authentication_connection(ac);
 275         exit(0);
 276 }