1 /* 2 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * All rights reserved 5 * Adds an identity to the authentication server, or removes an identity. 6 * 7 * As far as I am concerned, the code I have written for this software 8 * can be used freely for any purpose. Any derived versions of this 9 * software must be clearly marked as such, and if the derived work is 10 * incompatible with the protocol description in the RFC file, it must be 11 * called by a name other than "ssh" or "Secure Shell". 12 * 13 * SSH2 implementation, 14 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 15 * 16 * Redistribution and use in source and binary forms, with or without 17 * modification, are permitted provided that the following conditions 18 * are met: 19 * 1. Redistributions of source code must retain the above copyright 20 * notice, this list of conditions and the following disclaimer. 21 * 2. Redistributions in binary form must reproduce the above copyright 22 * notice, this list of conditions and the following disclaimer in the 23 * documentation and/or other materials provided with the distribution. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 26 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 27 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 28 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 29 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 30 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 31 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 32 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 33 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35 */ 36 37 #include "includes.h" 38 RCSID("$OpenBSD: ssh-add.c,v 1.45 2001/08/03 10:31:30 jakob Exp $"); 39 40 #include <openssl/evp.h> 41 42 #include "ssh.h" 43 #include "rsa.h" 44 #include "log.h" 45 #include "xmalloc.h" 46 #include "key.h" 47 #include "authfd.h" 48 #include "authfile.h" 49 #include "pathnames.h" 50 #include "readpass.h" 51 52 /* argv0 */ 53 extern char *__progname; 54 55 /* we keep a cache of one passphrases */ 56 static char *pass = NULL; 57 static void 58 clear_pass(void) 59 { 60 if (pass) { 61 memset(pass, 0, strlen(pass)); 62 xfree(pass); 63 pass = NULL; 64 } 65 } 66 67 static void 68 delete_file(AuthenticationConnection *ac, const char *filename) 69 { 70 Key *public; 71 char *comment = NULL; 72 73 public = key_load_public(filename, &comment); 74 if (public == NULL) { 75 printf("Bad key file %s\n", filename); 76 return; 77 } 78 if (ssh_remove_identity(ac, public)) 79 fprintf(stderr, "Identity removed: %s (%s)\n", filename, comment); 80 else 81 fprintf(stderr, "Could not remove identity: %s\n", filename); 82 key_free(public); 83 xfree(comment); 84 } 85 86 /* Send a request to remove all identities. */ 87 static void 88 delete_all(AuthenticationConnection *ac) 89 { 90 int success = 1; 91 92 if (!ssh_remove_all_identities(ac, 1)) 93 success = 0; 94 /* ignore error-code for ssh2 */ 95 ssh_remove_all_identities(ac, 2); 96 97 if (success) 98 fprintf(stderr, "All identities removed.\n"); 99 else 100 fprintf(stderr, "Failed to remove all identities.\n"); 101 } 102 103 static void 104 add_file(AuthenticationConnection *ac, const char *filename) 105 { 106 struct stat st; 107 Key *private; 108 char *comment = NULL; 109 char msg[1024]; 110 111 if (stat(filename, &st) < 0) { 112 perror(filename); 113 exit(1); 114 } 115 /* At first, try empty passphrase */ 116 private = key_load_private(filename, "", &comment); 117 if (comment == NULL) 118 comment = xstrdup(filename); 119 /* try last */ 120 if (private == NULL && pass != NULL) 121 private = key_load_private(filename, pass, NULL); 122 if (private == NULL) { 123 /* clear passphrase since it did not work */ 124 clear_pass(); 125 snprintf(msg, sizeof msg, "Enter passphrase for %.200s: ", 126 comment); 127 for (;;) { 128 pass = read_passphrase(msg, RP_ALLOW_STDIN); 129 if (strcmp(pass, "") == 0) { 130 clear_pass(); 131 xfree(comment); 132 return; 133 } 134 private = key_load_private(filename, pass, &comment); 135 if (private != NULL) 136 break; 137 clear_pass(); 138 strlcpy(msg, "Bad passphrase, try again: ", sizeof msg); 139 } 140 } 141 if (ssh_add_identity(ac, private, comment)) 142 fprintf(stderr, "Identity added: %s (%s)\n", filename, comment); 143 else 144 fprintf(stderr, "Could not add identity: %s\n", filename); 145 xfree(comment); 146 key_free(private); 147 } 148 149 static void 150 update_card(AuthenticationConnection *ac, int add, const char *id) 151 { 152 if (ssh_update_card(ac, add, id)) 153 fprintf(stderr, "Card %s: %s\n", 154 add ? "added" : "removed", id); 155 else 156 fprintf(stderr, "Could not %s card: %s\n", 157 add ? "add" : "remove", id); 158 } 159 160 static void 161 list_identities(AuthenticationConnection *ac, int do_fp) 162 { 163 Key *key; 164 char *comment, *fp; 165 int had_identities = 0; 166 int version; 167 168 for (version = 1; version <= 2; version++) { 169 for (key = ssh_get_first_identity(ac, &comment, version); 170 key != NULL; 171 key = ssh_get_next_identity(ac, &comment, version)) { 172 had_identities = 1; 173 if (do_fp) { 174 fp = key_fingerprint(key, SSH_FP_MD5, 175 SSH_FP_HEX); 176 printf("%d %s %s (%s)\n", 177 key_size(key), fp, comment, key_type(key)); 178 xfree(fp); 179 } else { 180 if (!key_write(key, stdout)) 181 fprintf(stderr, "key_write failed"); 182 fprintf(stdout, " %s\n", comment); 183 } 184 key_free(key); 185 xfree(comment); 186 } 187 } 188 if (!had_identities) 189 printf("The agent has no identities.\n"); 190 } 191 192 static void 193 usage(void) 194 { 195 fprintf(stderr, "Usage: %s [options]\n", __progname); 196 fprintf(stderr, "Options:\n"); 197 fprintf(stderr, " -l List fingerprints of all identities.\n"); 198 fprintf(stderr, " -L List public key parameters of all identities.\n"); 199 fprintf(stderr, " -d Delete identity.\n"); 200 fprintf(stderr, " -D Delete all identities.\n"); 201 #ifdef SMARTCARD 202 fprintf(stderr, " -s reader Add key in smartcard reader.\n"); 203 fprintf(stderr, " -e reader Remove key in smartcard reader.\n"); 204 #endif 205 } 206 207 int 208 main(int argc, char **argv) 209 { 210 extern char *optarg; 211 extern int optind; 212 AuthenticationConnection *ac = NULL; 213 struct passwd *pw; 214 char buf[1024]; 215 char *sc_reader_id = NULL; 216 int i, ch, deleting = 0; 217 218 SSLeay_add_all_algorithms(); 219 220 /* At first, get a connection to the authentication agent. */ 221 ac = ssh_get_authentication_connection(); 222 if (ac == NULL) { 223 fprintf(stderr, "Could not open a connection to your authentication agent.\n"); 224 exit(1); 225 } 226 while ((ch = getopt(argc, argv, "lLdDe:s:")) != -1) { 227 switch (ch) { 228 case 'l': 229 case 'L': 230 list_identities(ac, ch == 'l' ? 1 : 0); 231 goto done; 232 break; 233 case 'd': 234 deleting = 1; 235 break; 236 case 'D': 237 delete_all(ac); 238 goto done; 239 break; 240 case 's': 241 sc_reader_id = optarg; 242 break; 243 case 'e': 244 deleting = 1; 245 sc_reader_id = optarg; 246 break; 247 default: 248 usage(); 249 exit(1); 250 break; 251 } 252 } 253 argc -= optind; 254 argv += optind; 255 if (sc_reader_id != NULL) { 256 update_card(ac, !deleting, sc_reader_id); 257 goto done; 258 } 259 if (argc == 0) { 260 pw = getpwuid(getuid()); 261 if (!pw) { 262 fprintf(stderr, "No user found with uid %u\n", 263 (u_int)getuid()); 264 ssh_close_authentication_connection(ac); 265 exit(1); 266 } 267 snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, _PATH_SSH_CLIENT_IDENTITY); 268 if (deleting) 269 delete_file(ac, buf); 270 else 271 add_file(ac, buf); 272 } else { 273 for (i = 0; i < argc; i++) { 274 if (deleting) 275 delete_file(ac, argv[i]); 276 else 277 add_file(ac, argv[i]); 278 } 279 } 280 clear_pass(); 281 282 done: 283 ssh_close_authentication_connection(ac); 284 exit(0); 285 } 286