diff --git a/ssh-add.1 b/ssh-add.1 index 58d42138e..f3db1956e 100644 --- a/ssh-add.1 +++ b/ssh-add.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-add.1,v 1.79 2020/02/07 03:57:31 djm Exp $ +.\" $OpenBSD: ssh-add.1,v 1.80 2020/06/26 05:04:07 djm Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: February 7 2020 $ +.Dd $Mdocdate: June 26 2020 $ .Dt SSH-ADD 1 .Os .Sh NAME @@ -113,6 +113,11 @@ If no public key is found at a given path, will append .Pa .pub and retry. +If the argument list consists of +.Dq - +then +.Nm +will read public keys to be removed from standard input. .It Fl E Ar fingerprint_hash Specifies the hash algorithm used when displaying key fingerprints. Valid options are: diff --git a/ssh-add.c b/ssh-add.c index a40198ab5..931197474 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.155 2020/03/16 02:17:02 dtucker Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.156 2020/06/26 05:04:07 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -110,6 +110,54 @@ clear_pass(void) } } +static int +delete_one(int agent_fd, const struct sshkey *key, const char *comment, + const char *path, int qflag) +{ + int r; + + if ((r = ssh_remove_identity(agent_fd, key)) != 0) { + fprintf(stderr, "Could not remove identity \"%s\": %s\n", + path, ssh_err(r)); + return r; + } + if (!qflag) { + fprintf(stderr, "Identity removed: %s %s (%s)\n", path, + sshkey_type(key), comment); + } + return 0; +} + +static int +delete_stdin(int agent_fd, int qflag) +{ + char *line = NULL, *cp; + size_t linesize = 0; + struct sshkey *key = NULL; + int lnum = 0, r, ret = -1; + + while (getline(&line, &linesize, stdin) != -1) { + lnum++; + sshkey_free(key); + key = NULL; + line[strcspn(line, "\n")] = '\0'; + cp = line + strspn(line, " \t"); + if (*cp == '#' || *cp == '\0') + continue; + if ((key = sshkey_new(KEY_UNSPEC)) == NULL) + fatal("%s: sshkey_new", __func__); + if ((r = sshkey_read(key, &cp)) != 0) { + error("(stdin):%d: invalid key: %s", lnum, ssh_err(r)); + continue; + } + if (delete_one(agent_fd, key, cp, "(stdin)", qflag) == 0) + ret = 0; + } + sshkey_free(key); + free(line); + return ret; +} + static int delete_file(int agent_fd, const char *filename, int key_only, int qflag) { @@ -117,19 +165,15 @@ delete_file(int agent_fd, const char *filename, int key_only, int qflag) char *certpath = NULL, *comment = NULL; int r, ret = -1; + if (strcmp(filename, "-") == 0) + return delete_stdin(agent_fd, qflag); + if ((r = sshkey_load_public(filename, &public, &comment)) != 0) { printf("Bad key file %s: %s\n", filename, ssh_err(r)); return -1; } - if ((r = ssh_remove_identity(agent_fd, public)) == 0) { - if (!qflag) { - fprintf(stderr, "Identity removed: %s (%s)\n", - filename, comment); - } + if (delete_one(agent_fd, public, comment, filename, qflag) == 0) ret = 0; - } else - fprintf(stderr, "Could not remove identity \"%s\": %s\n", - filename, ssh_err(r)); if (key_only) goto out; @@ -149,15 +193,8 @@ delete_file(int agent_fd, const char *filename, int key_only, int qflag) fatal("Certificate %s does not match private key %s", certpath, filename); - if ((r = ssh_remove_identity(agent_fd, cert)) == 0) { - if (!qflag) { - fprintf(stderr, "Identity removed: %s (%s)\n", - certpath, comment); - } + if (delete_one(agent_fd, cert, comment, certpath, qflag) == 0) ret = 0; - } else - fprintf(stderr, "Could not remove identity \"%s\": %s\n", - certpath, ssh_err(r)); out: sshkey_free(cert);