5 Author: Tatu Ylonen <ylo@cs.hut.fi>
7 Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
10 Created: Thu Apr 6 00:52:24 1995 ylo
12 Adds an identity to the authentication server, or removes an identity.
25 delete_file(AuthenticationConnection *ac, const char *filename)
31 if (!load_public_key(filename, key, &comment))
33 printf("Bad key file %s: %s\n", filename, strerror(errno));
37 if (ssh_remove_identity(ac, key))
38 fprintf(stderr, "Identity removed: %s (%s)\n", filename, comment);
40 fprintf(stderr, "Could not remove identity: %s\n", filename);
46 delete_all(AuthenticationConnection *ac)
48 /* Send a request to remove all identities. */
49 if (ssh_remove_all_identities(ac))
50 fprintf(stderr, "All identities removed.\n");
52 fprintf(stderr, "Failed to remove all identitities.\n");
57 add_file(AuthenticationConnection *ac, const char *filename)
61 char *saved_comment, *comment, *pass;
70 public_key = RSA_new();
71 if (!load_public_key(filename, public_key, &saved_comment))
73 printf("Bad key file %s: %s\n", filename, strerror(errno));
80 while (!load_private_key(filename, pass, key, &comment))
82 /* Free the old passphrase. */
83 memset(pass, 0, strlen(pass));
86 /* Ask for a passphrase. */
87 if (getenv("DISPLAY") && !isatty(fileno(stdin)))
91 fprintf(stderr, "Creating pipes failed: %s\n", strerror(errno));
94 if (fflush(NULL)==EOF)
96 fprintf(stderr, "Cannot flush buffers: %s\n", strerror(errno));
102 fprintf(stderr, "Cannot fork: %s\n", strerror(errno));
106 if (dup2(pipes[1], 1) ==-1)
108 fprintf(stderr, "dup2 failed: %s\n", strerror(errno));
111 tmp=snprintf(buf, BUFSIZE, "Need passphrase for %s (%s)",
112 filename, saved_comment);
113 /* skip the prompt if it won't fit */
114 if (tmp < 0 || tmp >= BUFSIZE)
115 tmp=execlp(ASKPASS_PROGRAM, "ssh-askpass", 0);
117 tmp=execlp(ASKPASS_PROGRAM, "ssh-askpass", buf, 0);
120 fprintf(stderr, "Executing ssh-askpass failed: %s\n",
127 if ( (pipef=fdopen(pipes[0], "r")) ==NULL)
129 fprintf(stderr, "fdopen failed: %s\n", strerror(errno));
132 if(fgets(buf, sizeof(buf), pipef)==NULL)
134 xfree(saved_comment);
138 if (strchr(buf, '\n'))
139 *strchr(buf, '\n') = 0;
141 memset(buf, 0, sizeof(buf));
142 if (waitpid(child, NULL, 0) ==-1)
144 fprintf(stderr, "Waiting for child failed: %s\n",
148 if (strcmp(pass, "") == 0)
150 xfree(saved_comment);
159 printf("Need passphrase for %s (%s).\n", filename, saved_comment);
161 printf("Bad passphrase.\n");
162 pass = read_passphrase("Enter passphrase: ", 1);
163 if (strcmp(pass, "") == 0)
165 xfree(saved_comment);
172 memset(pass, 0, strlen(pass));
175 xfree(saved_comment);
177 if (ssh_add_identity(ac, key, comment))
178 fprintf(stderr, "Identity added: %s (%s)\n", filename, comment);
180 fprintf(stderr, "Could not add identity: %s\n", filename);
186 list_identities(AuthenticationConnection *ac)
196 for (status = ssh_get_first_identity(ac, &bits, e, n, &comment);
198 status = ssh_get_next_identity(ac, &bits, e, n, &comment))
208 error("list_identities: BN_bn2dec #1 failed.");
212 printf("%s %s\n", buf, comment);
215 error("list_identities: BN_bn2dec #2 failed.");
222 printf("The agent has no identities.\n");
226 main(int argc, char **argv)
228 AuthenticationConnection *ac = NULL;
235 /* check if RSA support exists */
236 if (rsa_alive() == 0) {
237 extern char *__progname;
240 "%s: no RSA support in libssl and libcrypto. See ssl(8).\n",
245 /* At first, get a connection to the authentication agent. */
246 ac = ssh_get_authentication_connection();
248 fprintf(stderr, "Could not open a connection to your authentication agent.\n");
252 for (i = 1; i < argc; i++)
254 if (strcmp(argv[i], "-l") == 0)
257 no_files = 0; /* Don't default-add/delete if -l. */
260 if (strcmp(argv[i], "-d") == 0)
265 if (strcmp(argv[i], "-D") == 0)
273 delete_file(ac, argv[i]);
275 add_file(ac, argv[i]);
279 pw = getpwuid(getuid());
282 fprintf(stderr, "No user found with uid %d\n", (int)getuid());
283 ssh_close_authentication_connection(ac);
286 snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, SSH_CLIENT_IDENTITY);
288 delete_file(ac, buf);
292 ssh_close_authentication_connection(ac);