- djm@cvs.openbsd.org 2012/12/02 20:42:15
[ssh-add.1 ssh-add.c] make deleting explicit keys "ssh-add -d" symmetric with adding keys - try to delete the corresponding certificate too and respect the -k option to allow deleting of the key only; feedback and ok markus@
This commit is contained in:
parent
cb6b68b209
commit
33a813613a
|
@ -7,6 +7,11 @@
|
|||
Make IdentitiesOnly apply to keys obtained from a PKCS11Provider.
|
||||
This allows control of which keys are offered from tokens using
|
||||
IdentityFile. ok markus@
|
||||
- djm@cvs.openbsd.org 2012/12/02 20:42:15
|
||||
[ssh-add.1 ssh-add.c]
|
||||
make deleting explicit keys "ssh-add -d" symmetric with adding keys -
|
||||
try to delete the corresponding certificate too and respect the -k option
|
||||
to allow deleting of the key only; feedback and ok markus@
|
||||
|
||||
20121114
|
||||
- (djm) OpenBSD CVS Sync
|
||||
|
|
14
ssh-add.1
14
ssh-add.1
|
@ -1,4 +1,4 @@
|
|||
.\" $OpenBSD: ssh-add.1,v 1.56 2011/10/18 05:00:48 djm Exp $
|
||||
.\" $OpenBSD: ssh-add.1,v 1.57 2012/12/02 20:42:15 djm Exp $
|
||||
.\"
|
||||
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -35,7 +35,7 @@
|
|||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd $Mdocdate: October 18 2011 $
|
||||
.Dd $Mdocdate: December 2 2012 $
|
||||
.Dt SSH-ADD 1
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
@ -98,10 +98,10 @@ Deletes all identities from the agent.
|
|||
Instead of adding identities, removes identities from the agent.
|
||||
If
|
||||
.Nm
|
||||
has been run without arguments, the keys for the default identities will
|
||||
be removed.
|
||||
has been run without arguments, the keys for the default identities and
|
||||
their corresponding certificateswill be removed.
|
||||
Otherwise, the argument list will be interpreted as a list of paths to
|
||||
public key files and matching keys will be removed from the agent.
|
||||
public key files to specify keys and certificates to be removed from the agent.
|
||||
If no public key is found at a given path,
|
||||
.Nm
|
||||
will append
|
||||
|
@ -111,8 +111,8 @@ and retry.
|
|||
Remove keys provided by the PKCS#11 shared library
|
||||
.Ar pkcs11 .
|
||||
.It Fl k
|
||||
When loading keys into the agent, load plain private keys only and skip
|
||||
certificates.
|
||||
When loading keys into or deleting keys from the agent, process plain private
|
||||
keys only and skip certificates.
|
||||
.It Fl L
|
||||
Lists public key parameters of all identities currently represented
|
||||
by the agent.
|
||||
|
|
36
ssh-add.c
36
ssh-add.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssh-add.c,v 1.103 2011/10/18 23:37:42 djm Exp $ */
|
||||
/* $OpenBSD: ssh-add.c,v 1.104 2012/12/02 20:42:15 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -96,10 +96,10 @@ clear_pass(void)
|
|||
}
|
||||
|
||||
static int
|
||||
delete_file(AuthenticationConnection *ac, const char *filename)
|
||||
delete_file(AuthenticationConnection *ac, const char *filename, int key_only)
|
||||
{
|
||||
Key *public;
|
||||
char *comment = NULL;
|
||||
Key *public = NULL, *cert = NULL;
|
||||
char *certpath = NULL, *comment = NULL;
|
||||
int ret = -1;
|
||||
|
||||
public = key_load_public(filename, &comment);
|
||||
|
@ -113,8 +113,32 @@ delete_file(AuthenticationConnection *ac, const char *filename)
|
|||
} else
|
||||
fprintf(stderr, "Could not remove identity: %s\n", filename);
|
||||
|
||||
if (key_only)
|
||||
goto out;
|
||||
|
||||
/* Now try to delete the corresponding certificate too */
|
||||
free(comment);
|
||||
xasprintf(&certpath, "%s-cert.pub", filename);
|
||||
if ((cert = key_load_public(certpath, &comment)) == NULL)
|
||||
goto out;
|
||||
if (!key_equal_public(cert, public))
|
||||
fatal("Certificate %s does not match private key %s",
|
||||
certpath, filename);
|
||||
|
||||
if (ssh_remove_identity(ac, cert)) {
|
||||
fprintf(stderr, "Identity removed: %s (%s)\n", certpath,
|
||||
comment);
|
||||
ret = 0;
|
||||
} else
|
||||
fprintf(stderr, "Could not remove identity: %s\n", certpath);
|
||||
|
||||
out:
|
||||
if (cert != NULL)
|
||||
key_free(cert);
|
||||
if (public != NULL)
|
||||
key_free(public);
|
||||
xfree(comment);
|
||||
free(certpath);
|
||||
free(comment);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
@ -354,7 +378,7 @@ static int
|
|||
do_file(AuthenticationConnection *ac, int deleting, int key_only, char *file)
|
||||
{
|
||||
if (deleting) {
|
||||
if (delete_file(ac, file) == -1)
|
||||
if (delete_file(ac, file, key_only) == -1)
|
||||
return -1;
|
||||
} else {
|
||||
if (add_file(ac, file, key_only) == -1)
|
||||
|
|
Loading…
Reference in New Issue