vendor/openssh/7.6p1

author: Dag-Erling Smørgrav <des@FreeBSD.org> 2018-05-06 12:24:45 +0000
committer: Dag-Erling Smørgrav <des@FreeBSD.org> 2018-05-06 12:24:45 +0000
commit: 20adc8f2a99cd37b64a80ef63dfc5ba6627d4dfb (patch)
tree: ad57ce9ac9538c780c802adbdfc4c581f9100310 /ssh-add.c
parent: 343d57711556d429eda777ab259ff924acbd6b34 (diff)
1 files changed, 53 insertions, 56 deletions
diff --git a/ssh-add.c b/ssh-add.c
index fb9a53e64cfe..2afd483305cc 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.128 2016/02/15 09:47:49 dtucker Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.134 2017/08/29 09:42:29 dlg Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -55,7 +55,6 @@
 
 #include "xmalloc.h"
 #include "ssh.h"
-#include "rsa.h"
 #include "log.h"
 #include "sshkey.h"
 #include "sshbuf.h"
@@ -79,9 +78,6 @@ static char *default_files[] = {
 #endif
 #endif /* WITH_OPENSSL */
 	_PATH_SSH_CLIENT_ID_ED25519,
-#ifdef WITH_SSH1
-	_PATH_SSH_CLIENT_IDENTITY,
-#endif
 	NULL
 };
 
@@ -106,7 +102,7 @@ clear_pass(void)
 }
 
 static int
-delete_file(int agent_fd, const char *filename, int key_only)
+delete_file(int agent_fd, const char *filename, int key_only, int qflag)
 {
 	struct sshkey *public, *cert = NULL;
 	char *certpath = NULL, *comment = NULL;
@@ -117,7 +113,10 @@ delete_file(int agent_fd, const char *filename, int key_only)
 		return -1;
 	}
 	if ((r = ssh_remove_identity(agent_fd, public)) == 0) {
-		fprintf(stderr, "Identity removed: %s (%s)\n", filename, comment);
+		if (!qflag) {
+			fprintf(stderr, "Identity removed: %s (%s)\n",
+			    filename, comment);
+		}
 		ret = 0;
 	} else
 		fprintf(stderr, "Could not remove identity \"%s\": %s\n",
@@ -142,8 +141,10 @@ delete_file(int agent_fd, const char *filename, int key_only)
 		    certpath, filename);
 
 	if ((r = ssh_remove_identity(agent_fd, cert)) == 0) {
-		fprintf(stderr, "Identity removed: %s (%s)\n", certpath,
-		    comment);
+		if (!qflag) {
+			fprintf(stderr, "Identity removed: %s (%s)\n",
+			    certpath, comment);
+		}
 		ret = 0;
 	} else
 		fprintf(stderr, "Could not remove identity \"%s\": %s\n",
@@ -164,6 +165,11 @@ delete_all(int agent_fd)
 {
 	int ret = -1;
 
+	/*
+	 * Since the agent might be forwarded, old or non-OpenSSH, when asked
+	 * to remove all keys, attempt to remove both protocol v.1 and v.2
+	 * keys.
+	 */
 	if (ssh_remove_all_identities(agent_fd, 2) == 0)
 		ret = 0;
 	/* ignore error-code for ssh1 */
@@ -178,7 +184,7 @@ delete_all(int agent_fd)
 }
 
 static int
-add_file(int agent_fd, const char *filename, int key_only)
+add_file(int agent_fd, const char *filename, int key_only, int qflag)
 {
 	struct sshkey *private, *cert;
 	char *comment = NULL;
@@ -304,7 +310,7 @@ add_file(int agent_fd, const char *filename, int key_only)
 		goto out;
 	}
 	if ((r = sshkey_cert_copy(cert, private)) != 0) {
-		error("%s: key_cert_copy: %s", __func__, ssh_err(r));
+		error("%s: sshkey_cert_copy: %s", __func__, ssh_err(r));
 		sshkey_free(cert);
 		goto out;
 	}
@@ -360,50 +366,36 @@ static int
 list_identities(int agent_fd, int do_fp)
 {
 	char *fp;
-	int r, had_identities = 0;
+	int r;
 	struct ssh_identitylist *idlist;
 	size_t i;
-#ifdef WITH_SSH1
-	int version = 1;
-#else
-	int version = 2;
-#endif
 
-	for (; version <= 2; version++) {
-		if ((r = ssh_fetch_identitylist(agent_fd, version,
-		    &idlist)) != 0) {
-			if (r != SSH_ERR_AGENT_NO_IDENTITIES)
-				fprintf(stderr, "error fetching identities for "
-				    "protocol %d: %s\n", version, ssh_err(r));
-			continue;
-		}
-		for (i = 0; i < idlist->nkeys; i++) {
-			had_identities = 1;
-			if (do_fp) {
-				fp = sshkey_fingerprint(idlist->keys[i],
-				    fingerprint_hash, SSH_FP_DEFAULT);
-				printf("%u %s %s (%s)\n",
-				    sshkey_size(idlist->keys[i]),
-				    fp == NULL ? "(null)" : fp,
-				    idlist->comments[i],
-				    sshkey_type(idlist->keys[i]));
-				free(fp);
-			} else {
-				if ((r = sshkey_write(idlist->keys[i],
-				    stdout)) != 0) {
-					fprintf(stderr, "sshkey_write: %s\n",
-					    ssh_err(r));
-					continue;
-				}
-				fprintf(stdout, " %s\n", idlist->comments[i]);
+	if ((r = ssh_fetch_identitylist(agent_fd, &idlist)) != 0) {
+		if (r != SSH_ERR_AGENT_NO_IDENTITIES)
+			fprintf(stderr, "error fetching identities: %s\n",
+			    ssh_err(r));
+		else
+			printf("The agent has no identities.\n");
+		return -1;
+	}
+	for (i = 0; i < idlist->nkeys; i++) {
+		if (do_fp) {
+			fp = sshkey_fingerprint(idlist->keys[i],
+			    fingerprint_hash, SSH_FP_DEFAULT);
+			printf("%u %s %s (%s)\n", sshkey_size(idlist->keys[i]),
+			    fp == NULL ? "(null)" : fp, idlist->comments[i],
+			    sshkey_type(idlist->keys[i]));
+			free(fp);
+		} else {
+			if ((r = sshkey_write(idlist->keys[i], stdout)) != 0) {
+				fprintf(stderr, "sshkey_write: %s\n",
+				    ssh_err(r));
+				continue;
 			}
+			fprintf(stdout, " %s\n", idlist->comments[i]);
 		}
-		ssh_free_identitylist(idlist);
-	}
-	if (!had_identities) {
-		printf("The agent has no identities.\n");
-		return -1;
 	}
+	ssh_free_identitylist(idlist);
 	return 0;
 }
 
@@ -440,13 +432,13 @@ lock_agent(int agent_fd, int lock)
 }
 
 static int
-do_file(int agent_fd, int deleting, int key_only, char *file)
+do_file(int agent_fd, int deleting, int key_only, char *file, int qflag)
 {
 	if (deleting) {
-		if (delete_file(agent_fd, file, key_only) == -1)
+		if (delete_file(agent_fd, file, key_only, qflag) == -1)
 			return -1;
 	} else {
-		if (add_file(agent_fd, file, key_only) == -1)
+		if (add_file(agent_fd, file, key_only, qflag) == -1)
 			return -1;
 	}
 	return 0;
@@ -469,6 +461,7 @@ usage(void)
 	fprintf(stderr, "  -X          Unlock agent.\n");
 	fprintf(stderr, "  -s pkcs11   Add keys from PKCS#11 provider.\n");
 	fprintf(stderr, "  -e pkcs11   Remove keys provided by PKCS#11 provider.\n");
+	fprintf(stderr, "  -q          Be quiet after a successful operation.\n");
 }
 
 int
@@ -479,7 +472,7 @@ main(int argc, char **argv)
 	int agent_fd;
 	char *pkcs11provider = NULL;
 	int r, i, ch, deleting = 0, ret = 0, key_only = 0;
-	int xflag = 0, lflag = 0, Dflag = 0;
+	int xflag = 0, lflag = 0, Dflag = 0, qflag = 0;
 
 	ssh_malloc_init();	/* must be called before any mallocs */
 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
@@ -507,7 +500,7 @@ main(int argc, char **argv)
 		exit(2);
 	}
 
-	while ((ch = getopt(argc, argv, "klLcdDxXE:e:s:t:")) != -1) {
+	while ((ch = getopt(argc, argv, "klLcdDxXE:e:qs:t:")) != -1) {
 		switch (ch) {
 		case 'E':
 			fingerprint_hash = ssh_digest_alg_by_name(optarg);
@@ -552,6 +545,9 @@ main(int argc, char **argv)
 				goto done;
 			}
 			break;
+		case 'q':
+			qflag = 1;
+			break;
 		default:
 			usage();
 			ret = 1;
@@ -600,7 +596,8 @@ main(int argc, char **argv)
 			    default_files[i]);
 			if (stat(buf, &st) < 0)
 				continue;
-			if (do_file(agent_fd, deleting, key_only, buf) == -1)
+			if (do_file(agent_fd, deleting, key_only, buf,
+			    qflag) == -1)
 				ret = 1;
 			else
 				count++;
@@ -610,7 +607,7 @@ main(int argc, char **argv)
 	} else {
 		for (i = 0; i < argc; i++) {
 			if (do_file(agent_fd, deleting, key_only,
-			    argv[i]) == -1)
+			    argv[i], qflag) == -1)
 				ret = 1;
 		}
 	}
author	Dag-Erling Smørgrav <des@FreeBSD.org>	2018-05-06 12:24:45 +0000
committer	Dag-Erling Smørgrav <des@FreeBSD.org>	2018-05-06 12:24:45 +0000
commit	20adc8f2a99cd37b64a80ef63dfc5ba6627d4dfb (patch)
tree	ad57ce9ac9538c780c802adbdfc4c581f9100310 /ssh-add.c
parent	343d57711556d429eda777ab259ff924acbd6b34 (diff)