Say "hi" to the latest in the OpenSSH series, version 2.9!

Happy birthday to:	rwatson

1 files changed, 58 insertions, 120 deletions

diff --git a/crypto/openssh/ssh-add.c b/crypto/openssh/ssh-add.c
index 4b33f96..4377ab4 100644
--- a/crypto/openssh/ssh-add.c
+++ b/crypto/openssh/ssh-add.c
@@ -11,7 +11,7 @@
  * called by a name other than "ssh" or "Secure Shell".
  *
  * SSH2 implementation,
- * Copyright (c) 2000 Markus Friedl. All rights reserved.
+ * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -35,33 +35,42 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-add.c,v 1.22 2000/09/07 20:27:54 deraadt Exp $");
+RCSID("$OpenBSD: ssh-add.c,v 1.36 2001/04/18 21:57:42 markus Exp $");
 
 #include <openssl/evp.h>
-#include <openssl/rsa.h>
-#include <openssl/dsa.h>
 
-#include "rsa.h"
 #include "ssh.h"
+#include "rsa.h"
+#include "log.h"
 #include "xmalloc.h"
 #include "key.h"
 #include "authfd.h"
 #include "authfile.h"
+#include "pathnames.h"
+#include "readpass.h"
+
+/* we keep a cache of one passphrases */
+static char *pass = NULL;
+void
+clear_pass(void)
+{
+	if (pass) {
+		memset(pass, 0, strlen(pass));
+		xfree(pass);
+		pass = NULL;
+	}
+}
 
 void
 delete_file(AuthenticationConnection *ac, const char *filename)
 {
 	Key *public;
-	char *comment;
+	char *comment = NULL;
 
-	public = key_new(KEY_RSA);
-	if (!load_public_key(filename, public, &comment)) {
-		key_free(public);
-		public = key_new(KEY_DSA);
-		if (!try_load_public_key(filename, public, &comment)) {
-			printf("Bad key file %s\n", filename);
-			return;
-		}
+	public = key_load_public(filename, &comment);
+	if (public == NULL) {
+		printf("Bad key file %s\n", filename);
+		return;
 	}
 	if (ssh_remove_identity(ac, public))
 		fprintf(stderr, "Identity removed: %s (%s)\n", filename, comment);
@@ -85,127 +94,61 @@ delete_all(AuthenticationConnection *ac)
 	if (success)
 		fprintf(stderr, "All identities removed.\n");
 	else
-		fprintf(stderr, "Failed to remove all identitities.\n");
-}
-
-char *
-ssh_askpass(char *askpass, char *msg)
-{
-	pid_t pid;
-	size_t len;
-	char *nl, *pass;
-	int p[2], status;
-	char buf[1024];
-
-	if (askpass == NULL)
-		fatal("internal error: askpass undefined");
-	if (pipe(p) < 0)
-		fatal("ssh_askpass: pipe: %s", strerror(errno));
-	if ((pid = fork()) < 0)
-		fatal("ssh_askpass: fork: %s", strerror(errno));
-	if (pid == 0) {
-		close(p[0]);
-		if (dup2(p[1], STDOUT_FILENO) < 0)
-			fatal("ssh_askpass: dup2: %s", strerror(errno));
-		execlp(askpass, askpass, msg, (char *) 0);
-		fatal("ssh_askpass: exec(%s): %s", askpass, strerror(errno));
-	}
-	close(p[1]);
-	len = read(p[0], buf, sizeof buf);
-	close(p[0]);
-	while (waitpid(pid, &status, 0) < 0)
-		if (errno != EINTR)
-			break;
-	if (len <= 1)
-		return xstrdup("");
-	nl = strchr(buf, '\n');
-	if (nl)
-		*nl = '\0';
-	pass = xstrdup(buf);
-	memset(buf, 0, sizeof(buf));
-	return pass;
+		fprintf(stderr, "Failed to remove all identities.\n");
 }
 
 void
 add_file(AuthenticationConnection *ac, const char *filename)
 {
 	struct stat st;
-	Key *public;
 	Key *private;
-	char *saved_comment, *comment, *askpass = NULL;
-	char buf[1024], msg[1024];
-	int success;
-	int interactive = isatty(STDIN_FILENO);
-	int type = KEY_RSA;
+	char *comment = NULL;
+	char msg[1024];
 
 	if (stat(filename, &st) < 0) {
 		perror(filename);
 		exit(1);
 	}
-	/*
-	 * try to load the public key. right now this only works for RSA,
-	 * since DSA keys are fully encrypted
-	 */
-	public = key_new(KEY_RSA);
-	if (!load_public_key(filename, public, &saved_comment)) {
-		/* ok, so we will asume this is a DSA key */
-		type = KEY_DSA;
-		saved_comment = xstrdup(filename);
-	}
-	key_free(public);
-
-	if (!interactive && getenv("DISPLAY")) {
-		if (getenv(SSH_ASKPASS_ENV))
-			askpass = getenv(SSH_ASKPASS_ENV);
-		else
-			askpass = SSH_ASKPASS_DEFAULT;
-	}
-
 	/* At first, try empty passphrase */
-	private = key_new(type);
-	success = load_private_key(filename, "", private, &comment);
-	if (!success) {
+	private = key_load_private(filename, "", &comment);
+	if (comment == NULL)
+		comment = xstrdup(filename);
+	/* try last */
+	if (private == NULL && pass != NULL)
+		private = key_load_private(filename, pass, NULL);
+	if (private == NULL) {
+		/* clear passphrase since it did not work */
+		clear_pass();
 		printf("Need passphrase for %.200s\n", filename);
-		if (!interactive && askpass == NULL) {
-			xfree(saved_comment);
-			return;
-		}
-		snprintf(msg, sizeof msg, "Enter passphrase for %.200s", saved_comment);
+		snprintf(msg, sizeof msg, "Enter passphrase for %.200s ",
+		   comment);
 		for (;;) {
-			char *pass;
-			if (interactive) {
-				snprintf(buf, sizeof buf, "%s: ", msg);
-				pass = read_passphrase(buf, 1);
-			} else {
-				pass = ssh_askpass(askpass, msg);
-			}
+			pass = read_passphrase(msg, 1);
 			if (strcmp(pass, "") == 0) {
-				xfree(pass);
-				xfree(saved_comment);
+				clear_pass();
+				xfree(comment);
 				return;
 			}
-			success = load_private_key(filename, pass, private, &comment);
-			memset(pass, 0, strlen(pass));
-			xfree(pass);
-			if (success)
+			private = key_load_private(filename, pass, &comment);
+			if (private != NULL)
 				break;
-			strlcpy(msg, "Bad passphrase, try again", sizeof msg);
+			clear_pass();
+			strlcpy(msg, "Bad passphrase, try again ", sizeof msg);
 		}
 	}
-	xfree(comment);
-	if (ssh_add_identity(ac, private, saved_comment))
-		fprintf(stderr, "Identity added: %s (%s)\n", filename, saved_comment);
+	if (ssh_add_identity(ac, private, comment))
+		fprintf(stderr, "Identity added: %s (%s)\n", filename, comment);
 	else
 		fprintf(stderr, "Could not add identity: %s\n", filename);
+	xfree(comment);
 	key_free(private);
-	xfree(saved_comment);
 }
 
 void
-list_identities(AuthenticationConnection *ac, int fp)
+list_identities(AuthenticationConnection *ac, int do_fp)
 {
 	Key *key;
-	char *comment;
+	char *comment, *fp;
 	int had_identities = 0;
 	int version;
 
@@ -214,9 +157,12 @@ list_identities(AuthenticationConnection *ac, int fp)
 		     key != NULL;
 		     key = ssh_get_next_identity(ac, &comment, version)) {
 			had_identities = 1;
-			if (fp) {
-				printf("%d %s %s\n",
-				    key_size(key), key_fingerprint(key), comment);
+			if (do_fp) {
+				fp = key_fingerprint(key, SSH_FP_MD5,
+				    SSH_FP_HEX);
+				printf("%d %s %s (%s)\n",
+				    key_size(key), fp, comment, key_type(key));
+				xfree(fp);
 			} else {
 				if (!key_write(key, stdout))
 					fprintf(stderr, "key_write failed");
@@ -240,16 +186,7 @@ main(int argc, char **argv)
 	int i;
 	int deleting = 0;
 
-	/* check if RSA support exists */
-	if (rsa_alive() == 0) {
-		extern char *__progname;
-
-		fprintf(stderr,
-			"%s: no RSA support in libssl and libcrypto.  See ssl(8).\n",
-			__progname);
-		exit(1);
-	}
-        SSLeay_add_all_algorithms();
+	SSLeay_add_all_algorithms();
 
 	/* At first, get a connection to the authentication agent. */
 	ac = ssh_get_authentication_connection();
@@ -288,12 +225,13 @@ main(int argc, char **argv)
 			ssh_close_authentication_connection(ac);
 			exit(1);
 		}
-		snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, SSH_CLIENT_IDENTITY);
+		snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, _PATH_SSH_CLIENT_IDENTITY);
 		if (deleting)
 			delete_file(ac, buf);
 		else
 			add_file(ac, buf);
 	}
+	clear_pass();
 	ssh_close_authentication_connection(ac);
 	exit(0);
 }