+ }
+
+ if (ssh_add_identity_constrained(ac, private, comment, lifetime,
+ confirm)) {
+ fprintf(stderr, "Identity added: %s (%s)\n", filename, comment);
+ ret = 0;
+ if (lifetime != 0)
+ fprintf(stderr,
+ "Lifetime set to %d seconds\n", lifetime);
+ if (confirm != 0)
+ fprintf(stderr,
+ "The user has to confirm each use of the key\n");
+ } else if (ssh_add_identity(ac, private, comment)) {
+ fprintf(stderr, "Identity added: %s (%s)\n", filename, comment);
+ ret = 0;
+ } else {
+ fprintf(stderr, "Could not add identity: %s\n", filename);
+ }
+
+ xfree(comment);
+ key_free(private);
+
+ return ret;
+}
+
+static int
+update_card(AuthenticationConnection *ac, int add, const char *id)
+{
+ char *pin;
+ int ret = -1;
+
+ pin = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN);
+ if (pin == NULL)
+ return -1;
+
+ if (ssh_update_card(ac, add, id, pin, lifetime, confirm)) {
+ fprintf(stderr, "Card %s: %s\n",
+ add ? "added" : "removed", id);
+ ret = 0;
+ } else {
+ fprintf(stderr, "Could not %s card: %s\n",
+ add ? "add" : "remove", id);
+ ret = -1;
+ }
+ xfree(pin);
+ return ret;
+}
+
+static int
+list_identities(AuthenticationConnection *ac, int do_fp)
+{
+ Key *key;
+ char *comment, *fp;
+ int had_identities = 0;
+ int version;
+
+ for (version = 1; version <= 2; version++) {
+ for (key = ssh_get_first_identity(ac, &comment, version);
+ key != NULL;
+ key = ssh_get_next_identity(ac, &comment, version)) {
+ had_identities = 1;
+ if (do_fp) {
+ fp = key_fingerprint(key, SSH_FP_MD5,
+ SSH_FP_HEX);
+ printf("%d %s %s (%s)\n",
+ key_size(key), fp, comment, key_type(key));
+ xfree(fp);
+ } else {
+ if (!key_write(key, stdout))
+ fprintf(stderr, "key_write failed");
+ fprintf(stdout, " %s\n", comment);
+ }
+ key_free(key);
+ xfree(comment);
+ }
+ }
+ if (!had_identities) {
+ printf("The agent has no identities.\n");
+ return -1;
+ }
+ return 0;
+}
+
+static int
+lock_agent(AuthenticationConnection *ac, int lock)
+{
+ char prompt[100], *p1, *p2;
+ int passok = 1, ret = -1;
+
+ strlcpy(prompt, "Enter lock password: ", sizeof(prompt));
+ p1 = read_passphrase(prompt, RP_ALLOW_STDIN);
+ if (lock) {
+ strlcpy(prompt, "Again: ", sizeof prompt);
+ p2 = read_passphrase(prompt, RP_ALLOW_STDIN);
+ if (strcmp(p1, p2) != 0) {
+ fprintf(stderr, "Passwords do not match.\n");
+ passok = 0;