X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/cf8dd51301ee1fe4a405a8e26bc6bed6f1793506..2e73a022769fe8381d733b1ad00d8a106708216f:/ssh-add.c diff --git a/ssh-add.c b/ssh-add.c index 2ade9c23..a51f477a 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -4,47 +4,62 @@ * All rights reserved * Created: Thu Apr 6 00:52:24 1995 ylo * Adds an identity to the authentication server, or removes an identity. + * + * SSH2 implementation, + * Copyright (c) 2000 Markus Friedl. All rights reserved. */ #include "includes.h" -RCSID("$Id$"); +RCSID("$OpenBSD: ssh-add.c,v 1.19 2000/08/19 21:34:43 markus Exp $"); + +#include +#include +#include #include "rsa.h" #include "ssh.h" #include "xmalloc.h" +#include "key.h" #include "authfd.h" -#include "fingerprint.h" +#include "authfile.h" #ifdef HAVE___PROGNAME extern char *__progname; #else /* HAVE___PROGNAME */ -const char *__progname = "ssh-add"; +static const char *__progname = "ssh-add"; #endif /* HAVE___PROGNAME */ void delete_file(AuthenticationConnection *ac, const char *filename) { - RSA *key; + Key *public; char *comment; - key = RSA_new(); - if (!load_public_key(filename, key, &comment)) { + public = key_new(KEY_RSA); + if (!load_public_key(filename, public, &comment)) { printf("Bad key file %s: %s\n", filename, strerror(errno)); return; } - if (ssh_remove_identity(ac, key)) + if (ssh_remove_identity(ac, public)) fprintf(stderr, "Identity removed: %s (%s)\n", filename, comment); else fprintf(stderr, "Could not remove identity: %s\n", filename); - RSA_free(key); + key_free(public); xfree(comment); } +/* Send a request to remove all identities. */ void delete_all(AuthenticationConnection *ac) { - /* Send a request to remove all identities. */ - if (ssh_remove_all_identities(ac)) + int success = 1; + + if (!ssh_remove_all_identities(ac, 1)) + success = 0; + /* ignore error-code for ssh2 */ + ssh_remove_all_identities(ac, 2); + + if (success) fprintf(stderr, "All identities removed.\n"); else fprintf(stderr, "Failed to remove all identitities.\n"); @@ -91,26 +106,41 @@ ssh_askpass(char *askpass, char *msg) void add_file(AuthenticationConnection *ac, const char *filename) { - RSA *key; - RSA *public_key; + struct stat st; + Key *public; + Key *private; char *saved_comment, *comment, *askpass = NULL; char buf[1024], msg[1024]; int success; int interactive = isatty(STDIN_FILENO); + int type = KEY_RSA; - key = RSA_new(); - public_key = RSA_new(); - if (!load_public_key(filename, public_key, &saved_comment)) { - printf("Bad key file %s: %s\n", filename, strerror(errno)); - return; + if (stat(filename, &st) < 0) { + perror(filename); + exit(1); + } + /* + * try to load the public key. right now this only works for RSA, + * since DSA keys are fully encrypted + */ + public = key_new(KEY_RSA); + if (!load_public_key(filename, public, &saved_comment)) { + /* ok, so we will asume this is a DSA key */ + type = KEY_DSA; + saved_comment = xstrdup(filename); } - RSA_free(public_key); + key_free(public); - if (!interactive && getenv("DISPLAY")) - askpass = getenv("SSH_ASKPASS"); + if (!interactive && getenv("DISPLAY")) { + if (getenv(SSH_ASKPASS_ENV)) + askpass = getenv(SSH_ASKPASS_ENV); + else + askpass = SSH_ASKPASS_DEFAULT; + } /* At first, try empty passphrase */ - success = load_private_key(filename, "", key, &comment); + private = key_new(type); + success = load_private_key(filename, "", private, &comment); if (!success) { printf("Need passphrase for %.200s\n", filename); if (!interactive && askpass == NULL) { @@ -131,7 +161,7 @@ add_file(AuthenticationConnection *ac, const char *filename) xfree(saved_comment); return; } - success = load_private_key(filename, pass, key, &comment); + success = load_private_key(filename, pass, private, &comment); memset(pass, 0, strlen(pass)); xfree(pass); if (success) @@ -139,54 +169,40 @@ add_file(AuthenticationConnection *ac, const char *filename) strlcpy(msg, "Bad passphrase, try again", sizeof msg); } } - xfree(saved_comment); - - if (ssh_add_identity(ac, key, comment)) - fprintf(stderr, "Identity added: %s (%s)\n", filename, comment); + xfree(comment); + if (ssh_add_identity(ac, private, saved_comment)) + fprintf(stderr, "Identity added: %s (%s)\n", filename, saved_comment); else fprintf(stderr, "Could not add identity: %s\n", filename); - RSA_free(key); - xfree(comment); + key_free(private); + xfree(saved_comment); } void list_identities(AuthenticationConnection *ac, int fp) { - BIGNUM *e, *n; - int status; + Key *key; char *comment; - int had_identities; - - e = BN_new(); - n = BN_new(); - had_identities = 0; - for (status = ssh_get_first_identity(ac, e, n, &comment); - status; - status = ssh_get_next_identity(ac, e, n, &comment)) { - unsigned int bits = BN_num_bits(n); - had_identities = 1; - if (fp) { - printf("%d %s %s\n", bits, fingerprint(e, n), comment); - } else { - char *ebuf, *nbuf; - ebuf = BN_bn2dec(e); - if (ebuf == NULL) { - error("list_identities: BN_bn2dec(e) failed."); + int had_identities = 0; + int version; + + for (version = 1; version <= 2; version++) { + for (key = ssh_get_first_identity(ac, &comment, version); + key != NULL; + key = ssh_get_next_identity(ac, &comment, version)) { + had_identities = 1; + if (fp) { + printf("%d %s %s\n", + key_size(key), key_fingerprint(key), comment); } else { - nbuf = BN_bn2dec(n); - if (nbuf == NULL) { - error("list_identities: BN_bn2dec(n) failed."); - } else { - printf("%d %s %s %s\n", bits, ebuf, nbuf, comment); - free(nbuf); - } - free(ebuf); + if (!key_write(key, stdout)) + fprintf(stderr, "key_write failed"); + fprintf(stdout, " %s\n", comment); } + key_free(key); + xfree(comment); } - xfree(comment); } - BN_clear_free(e); - BN_clear_free(n); if (!had_identities) printf("The agent has no identities.\n"); } @@ -201,6 +217,8 @@ main(int argc, char **argv) int i; int deleting = 0; + init_rng(); + /* check if RSA support exists */ if (rsa_alive() == 0) { fprintf(stderr, @@ -208,6 +226,8 @@ main(int argc, char **argv) __progname); exit(1); } + SSLeay_add_all_algorithms(); + /* At first, get a connection to the authentication agent. */ ac = ssh_get_authentication_connection(); if (ac == NULL) {