diff options
Diffstat (limited to 'crypto/openssh/ssh-add.c')
| -rw-r--r-- | crypto/openssh/ssh-add.c | 37 |
1 files changed, 28 insertions, 9 deletions
diff --git a/crypto/openssh/ssh-add.c b/crypto/openssh/ssh-add.c index 2b01e6f..4dc46f6 100644 --- a/crypto/openssh/ssh-add.c +++ b/crypto/openssh/ssh-add.c @@ -1,3 +1,4 @@ +/* $OpenBSD: ssh-add.c,v 1.89 2006/08/03 03:34:42 deraadt Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -35,15 +36,27 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-add.c,v 1.74 2005/11/12 18:37:59 deraadt Exp $"); + +#include <sys/types.h> +#include <sys/stat.h> +#include <sys/param.h> #include <openssl/evp.h> +#include <fcntl.h> +#include <pwd.h> +#include <stdarg.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#include "xmalloc.h" #include "ssh.h" #include "rsa.h" #include "log.h" -#include "xmalloc.h" #include "key.h" +#include "buffer.h" #include "authfd.h" #include "authfile.h" #include "pathnames.h" @@ -124,16 +137,25 @@ delete_all(AuthenticationConnection *ac) static int add_file(AuthenticationConnection *ac, const char *filename) { - struct stat st; Key *private; char *comment = NULL; char msg[1024]; - int ret = -1; + int fd, perms_ok, ret = -1; - if (stat(filename, &st) < 0) { + if ((fd = open(filename, O_RDONLY)) < 0) { perror(filename); return -1; } + + /* + * Since we'll try to load a keyfile multiple times, permission errors + * will occur multiple times, so check perms first and bail if wrong. + */ + perms_ok = key_perm_ok(fd, filename); + close(fd); + if (!perms_ok) + return -1; + /* At first, try empty passphrase */ private = key_load_private(filename, "", &comment); if (comment == NULL) @@ -287,7 +309,7 @@ do_file(AuthenticationConnection *ac, int deleting, char *file) static void usage(void) { - fprintf(stderr, "Usage: %s [options]\n", __progname); + fprintf(stderr, "Usage: %s [options] [file ...]\n", __progname); fprintf(stderr, "Options:\n"); fprintf(stderr, " -l List fingerprints of all identities.\n"); fprintf(stderr, " -L List public key parameters of all identities.\n"); @@ -335,13 +357,11 @@ main(int argc, char **argv) if (list_identities(ac, ch == 'l' ? 1 : 0) == -1) ret = 1; goto done; - break; case 'x': case 'X': if (lock_agent(ac, ch == 'x' ? 1 : 0) == -1) ret = 1; goto done; - break; case 'c': confirm = 1; break; @@ -352,7 +372,6 @@ main(int argc, char **argv) if (delete_all(ac) == -1) ret = 1; goto done; - break; case 's': sc_reader_id = optarg; break; |
