RepoMirrors/openssh
1
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2025-01-09 11:09:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

- djm@cvs.openbsd.org 2012/12/02 20:42:15

Browse Source 
[ssh-add.1 ssh-add.c]
     make deleting explicit keys "ssh-add -d" symmetric with adding keys -
     try to delete the corresponding certificate too and respect the -k option
     to allow deleting of the key only; feedback and ok markus@
This commit is contained in:
Damien Miller 2012-12-03 09:50:24 +11:00
parent cb6b68b209
commit 33a813613a
3 changed files with 43 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@ -7,6 +7,11 @@
Make IdentitiesOnly apply to keys obtained from a PKCS11Provider. Make IdentitiesOnly apply to keys obtained from a PKCS11Provider.
This allows control of which keys are offered from tokens using This allows control of which keys are offered from tokens using
IdentityFile. ok markus@ IdentityFile. ok markus@
- djm@cvs.openbsd.org 2012/12/02 20:42:15
[ssh-add.1 ssh-add.c]
make deleting explicit keys "ssh-add -d" symmetric with adding keys -
try to delete the corresponding certificate too and respect the -k option
to allow deleting of the key only; feedback and ok markus@
20121114 20121114
- (djm) OpenBSD CVS Sync - (djm) OpenBSD CVS Sync

14
ssh-add.1
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-add.1,v 1.56 2011/10/18 05:00:48 djm Exp $ .\" $OpenBSD: ssh-add.1,v 1.57 2012/12/02 20:42:15 djm Exp $
.\" .\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi> .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -35,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.Dd $Mdocdate: October 18 2011 $ .Dd $Mdocdate: December 2 2012 $
.Dt SSH-ADD 1 .Dt SSH-ADD 1
.Os .Os
.Sh NAME .Sh NAME
@ -98,10 +98,10 @@ Deletes all identities from the agent.
Instead of adding identities, removes identities from the agent. Instead of adding identities, removes identities from the agent.
If If
.Nm .Nm
has been run without arguments, the keys for the default identities will has been run without arguments, the keys for the default identities and
be removed. their corresponding certificateswill be removed.
Otherwise, the argument list will be interpreted as a list of paths to Otherwise, the argument list will be interpreted as a list of paths to
public key files and matching keys will be removed from the agent. public key files to specify keys and certificates to be removed from the agent.
If no public key is found at a given path, If no public key is found at a given path,
.Nm .Nm
will append will append
@ -111,8 +111,8 @@ and retry.
Remove keys provided by the PKCS#11 shared library Remove keys provided by the PKCS#11 shared library
.Ar pkcs11 . .Ar pkcs11 .
.It Fl k .It Fl k
When loading keys into the agent, load plain private keys only and skip When loading keys into or deleting keys from the agent, process plain private
certificates. keys only and skip certificates.
.It Fl L .It Fl L
Lists public key parameters of all identities currently represented Lists public key parameters of all identities currently represented
by the agent. by the agent.

38
ssh-add.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-add.c,v 1.103 2011/10/18 23:37:42 djm Exp $ */ /* $OpenBSD: ssh-add.c,v 1.104 2012/12/02 20:42:15 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -96,10 +96,10 @@ clear_pass(void)
} }
static int static int
delete_file(AuthenticationConnection *ac, const char *filename) delete_file(AuthenticationConnection *ac, const char *filename, int key_only)
{ {
Key *public; Key *public = NULL, *cert = NULL;
char *comment = NULL; char *certpath = NULL, *comment = NULL;
int ret = -1; int ret = -1;
public = key_load_public(filename, &comment); public = key_load_public(filename, &comment);
@ -113,8 +113,32 @@ delete_file(AuthenticationConnection *ac, const char *filename)
} else } else
fprintf(stderr, "Could not remove identity: %s\n", filename); fprintf(stderr, "Could not remove identity: %s\n", filename);
key_free(public); if (key_only)
xfree(comment); goto out;
/* Now try to delete the corresponding certificate too */
free(comment);
xasprintf(&certpath, "%s-cert.pub", filename);
if ((cert = key_load_public(certpath, &comment)) == NULL)
goto out;
if (!key_equal_public(cert, public))
fatal("Certificate %s does not match private key %s",
certpath, filename);
if (ssh_remove_identity(ac, cert)) {
fprintf(stderr, "Identity removed: %s (%s)\n", certpath,
comment);
ret = 0;
} else
fprintf(stderr, "Could not remove identity: %s\n", certpath);
out:
if (cert != NULL)
key_free(cert);
if (public != NULL)
key_free(public);
free(certpath);
free(comment);
return ret; return ret;
} }
@ -354,7 +378,7 @@ static int
do_file(AuthenticationConnection *ac, int deleting, int key_only, char *file) do_file(AuthenticationConnection *ac, int deleting, int key_only, char *file)
{ {
if (deleting) { if (deleting) {
if (delete_file(ac, file) == -1) if (delete_file(ac, file, key_only) == -1)
return -1; return -1;
} else { } else {
if (add_file(ac, file, key_only) == -1) if (add_file(ac, file, key_only) == -1)