diff options
| author |   djm <djm@openbsd.org> | 2012-12-02 20:42:15 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2012-12-02 20:42:15 +0000 |
| commit | 1663e249d97adca8f027658af6e1bf437480a1e5 (patch) | |
| tree | b1d84d3f84d037ac46c13db9a4157454b9530bfa /usr.bin/ssh/ssh-add.c | |
| parent | Fixes logging of partial authentication when privsep is enabled (diff) | |
| download | wireguard-openbsd-1663e249d97adca8f027658af6e1bf437480a1e5.tar.xz wireguard-openbsd-1663e249d97adca8f027658af6e1bf437480a1e5.zip | |
make deleting explicit keys "ssh-add -d" symmetric with adding keys -
try to delete the corresponding certificate too and respect the -k option
to allow deleting of the key only; feedback and ok markus@
Diffstat (limited to 'usr.bin/ssh/ssh-add.c')
| -rw-r--r-- | usr.bin/ssh/ssh-add.c | 38 |
1 files changed, 31 insertions, 7 deletions
diff --git a/usr.bin/ssh/ssh-add.c b/usr.bin/ssh/ssh-add.c index ab6ed511529..4045efc0297 100644 --- a/usr.bin/ssh/ssh-add.c +++ b/usr.bin/ssh/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.103 2011/10/18 23:37:42 djm Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.104 2012/12/02 20:42:15 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -90,10 +90,10 @@ clear_pass(void) } static int -delete_file(AuthenticationConnection *ac, const char *filename) +delete_file(AuthenticationConnection *ac, const char *filename, int key_only) { - Key *public; - char *comment = NULL; + Key *public = NULL, *cert = NULL; + char *certpath = NULL, *comment = NULL; int ret = -1; public = key_load_public(filename, &comment); @@ -107,8 +107,32 @@ delete_file(AuthenticationConnection *ac, const char *filename) } else fprintf(stderr, "Could not remove identity: %s\n", filename); - key_free(public); - xfree(comment); + if (key_only) + goto out; + + /* Now try to delete the corresponding certificate too */ + free(comment); + xasprintf(&certpath, "%s-cert.pub", filename); + if ((cert = key_load_public(certpath, &comment)) == NULL) + goto out; + if (!key_equal_public(cert, public)) + fatal("Certificate %s does not match private key %s", + certpath, filename); + + if (ssh_remove_identity(ac, cert)) { + fprintf(stderr, "Identity removed: %s (%s)\n", certpath, + comment); + ret = 0; + } else + fprintf(stderr, "Could not remove identity: %s\n", certpath); + + out: + if (cert != NULL) + key_free(cert); + if (public != NULL) + key_free(public); + free(certpath); + free(comment); return ret; } @@ -348,7 +372,7 @@ static int do_file(AuthenticationConnection *ac, int deleting, int key_only, char *file) { if (deleting) { - if (delete_file(ac, file) == -1) + if (delete_file(ac, file, key_only) == -1) return -1; } else { if (add_file(ac, file, key_only) == -1) |