1 files changed, 22 insertions, 8 deletions

diff --git a/authfd.c b/authfd.c
index 61faad12319c..28a8cf2d7d80 100644
--- a/authfd.c
+++ b/authfd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfd.c,v 1.80 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: authfd.c,v 1.82 2010/02/26 20:29:54 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -483,6 +483,16 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment)
 		buffer_put_bignum2(b, key->rsa->p);
 		buffer_put_bignum2(b, key->rsa->q);
 		break;
+	case KEY_RSA_CERT:
+		if (key->cert == NULL || buffer_len(&key->cert->certblob) == 0)
+			fatal("%s: no cert/certblob", __func__);
+		buffer_put_string(b, buffer_ptr(&key->cert->certblob),
+		    buffer_len(&key->cert->certblob));
+		buffer_put_bignum2(b, key->rsa->d);
+		buffer_put_bignum2(b, key->rsa->iqmp);
+		buffer_put_bignum2(b, key->rsa->p);
+		buffer_put_bignum2(b, key->rsa->q);
+		break;
 	case KEY_DSA:
 		buffer_put_bignum2(b, key->dsa->p);
 		buffer_put_bignum2(b, key->dsa->q);
@@ -490,6 +500,13 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment)
 		buffer_put_bignum2(b, key->dsa->pub_key);
 		buffer_put_bignum2(b, key->dsa->priv_key);
 		break;
+	case KEY_DSA_CERT:
+		if (key->cert == NULL || buffer_len(&key->cert->certblob) == 0)
+			fatal("%s: no cert/certblob", __func__);
+		buffer_put_string(b, buffer_ptr(&key->cert->certblob),
+		    buffer_len(&key->cert->certblob));
+		buffer_put_bignum2(b, key->dsa->priv_key);
+		break;
 	}
 	buffer_put_cstring(b, comment);
 }
@@ -517,7 +534,9 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key,
 		ssh_encode_identity_rsa1(&msg, key->rsa, comment);
 		break;
 	case KEY_RSA:
+	case KEY_RSA_CERT:
 	case KEY_DSA:
+	case KEY_DSA_CERT:
 		type = constrained ?
 		    SSH2_AGENTC_ADD_ID_CONSTRAINED :
 		    SSH2_AGENTC_ADD_IDENTITY;
@@ -545,12 +564,6 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key,
 	return decode_reply(type);
 }
 
-int
-ssh_add_identity(AuthenticationConnection *auth, Key *key, const char *comment)
-{
-	return ssh_add_identity_constrained(auth, key, comment, 0, 0);
-}
-
 /*
  * Removes an identity from the authentication server.  This call is not
  * meant to be used by normal applications.
@@ -571,7 +584,8 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key)
 		buffer_put_int(&msg, BN_num_bits(key->rsa->n));
 		buffer_put_bignum(&msg, key->rsa->e);
 		buffer_put_bignum(&msg, key->rsa->n);
-	} else if (key->type == KEY_DSA || key->type == KEY_RSA) {
+	} else if (key_type_plain(key->type) == KEY_DSA ||
+	    key_type_plain(key->type) == KEY_RSA) {
 		key_to_blob(key, &blob, &blen);
 		buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY);
 		buffer_put_string(&msg, blob, blen);