summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarkus Friedl <markus@cvs.openbsd.org>2001-06-26 05:00:00 +0000
committerMarkus Friedl <markus@cvs.openbsd.org>2001-06-26 05:00:00 +0000
commite7badc12a8fd48358a2fd9740d50db697b1880b7 (patch)
treeffb9c9c6a2f503469b53782189b37dce2b077c76
parent5dd90aa4527c92a41b35cb213e76451fc5598a2e (diff)
initial support for smartcards in the agent
-rw-r--r--usr.bin/ssh/authfd.c21
-rw-r--r--usr.bin/ssh/authfd.h10
-rw-r--r--usr.bin/ssh/ssh-add.c52
3 files changed, 79 insertions, 4 deletions
diff --git a/usr.bin/ssh/authfd.c b/usr.bin/ssh/authfd.c
index ca84c6c66a0..fab44e07f5c 100644
--- a/usr.bin/ssh/authfd.c
+++ b/usr.bin/ssh/authfd.c
@@ -35,7 +35,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: authfd.c,v 1.41 2001/06/23 15:12:17 itojun Exp $");
+RCSID("$OpenBSD: authfd.c,v 1.42 2001/06/26 04:59:59 markus Exp $");
#include <openssl/evp.h>
@@ -532,6 +532,25 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key)
return decode_reply(type);
}
+int
+ssh_update_card(AuthenticationConnection *auth, int add, int reader_id)
+{
+ Buffer msg;
+ int type;
+
+ buffer_init(&msg);
+ buffer_put_char(&msg, add ? SSH_AGENTC_ADD_SMARTCARD_KEY :
+ SSH_AGENTC_REMOVE_SMARTCARD_KEY);
+ buffer_put_int(&msg, reader_id);
+ if (ssh_request_reply(auth, &msg, &msg) == 0) {
+ buffer_free(&msg);
+ return 0;
+ }
+ type = buffer_get_char(&msg);
+ buffer_free(&msg);
+ return decode_reply(type);
+}
+
/*
* Removes all identities from the agent. This call is not meant to be used
* by normal applications.
diff --git a/usr.bin/ssh/authfd.h b/usr.bin/ssh/authfd.h
index 29d1847b5ee..04439fd07e4 100644
--- a/usr.bin/ssh/authfd.h
+++ b/usr.bin/ssh/authfd.h
@@ -11,7 +11,7 @@
* called by a name other than "ssh" or "Secure Shell".
*/
-/* RCSID("$OpenBSD: authfd.h,v 1.16 2000/12/20 19:37:21 markus Exp $"); */
+/* RCSID("$OpenBSD: authfd.h,v 1.17 2001/06/26 04:59:59 markus Exp $"); */
#ifndef AUTHFD_H
#define AUTHFD_H
@@ -38,6 +38,10 @@
#define SSH2_AGENTC_REMOVE_IDENTITY 18
#define SSH2_AGENTC_REMOVE_ALL_IDENTITIES 19
+/* smartcard */
+#define SSH_AGENTC_ADD_SMARTCARD_KEY 20
+#define SSH_AGENTC_REMOVE_SMARTCARD_KEY 21
+
/* additional error code for ssh.com's ssh-agent2 */
#define SSH_COM_AGENT2_FAILURE 102
@@ -133,6 +137,8 @@ int ssh_remove_identity(AuthenticationConnection *auth, Key *key);
* meant to be used by normal applications. This returns true if the
* operation was successful.
*/
-int ssh_remove_all_identities(AuthenticationConnection *auth, int version);
+int ssh_remove_all_identities(AuthenticationConnection *auth, int version);
+
+int ssh_update_card(AuthenticationConnection *auth, int add, int reader_id);
#endif /* AUTHFD_H */
diff --git a/usr.bin/ssh/ssh-add.c b/usr.bin/ssh/ssh-add.c
index c168d906386..0cf7031d95b 100644
--- a/usr.bin/ssh/ssh-add.c
+++ b/usr.bin/ssh/ssh-add.c
@@ -35,7 +35,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-add.c,v 1.41 2001/06/25 08:25:40 markus Exp $");
+RCSID("$OpenBSD: ssh-add.c,v 1.42 2001/06/26 04:59:59 markus Exp $");
#include <openssl/evp.h>
@@ -144,6 +144,17 @@ add_file(AuthenticationConnection *ac, const char *filename)
}
static void
+update_card(AuthenticationConnection *ac, int add, int id)
+{
+ if (ssh_update_card(ac, add, id))
+ fprintf(stderr, "Card %s: %d\n",
+ add ? "added" : "removed", id);
+ else
+ fprintf(stderr, "Could not %s card: %d\n",
+ add ? "add" : "remove", id);
+}
+
+static void
list_identities(AuthenticationConnection *ac, int do_fp)
{
Key *key;
@@ -175,6 +186,18 @@ list_identities(AuthenticationConnection *ac, int do_fp)
printf("The agent has no identities.\n");
}
+static void
+usage(void)
+{
+ printf("Usage: ssh-add [options]\n");
+ printf(" -l, -L : list identities\n");
+ printf(" -d : delete identity\n");
+ printf(" -D : delete all identities\n");
+ printf(" -s reader_num : add key in the smartcard in reader_num.\n");
+ printf(" -e reader_num : remove key in the smartcard in reader_num.\n");
+ exit (1);
+}
+
int
main(int argc, char **argv)
{
@@ -184,6 +207,8 @@ main(int argc, char **argv)
int no_files = 1;
int i;
int deleting = 0;
+ int sc_mode = 0;
+ int sc_reader_num = 0;
SSLeay_add_all_algorithms();
@@ -210,12 +235,37 @@ main(int argc, char **argv)
no_files = 0;
continue;
}
+ if (strcmp(argv[i], "-s") == 0) {
+ sc_mode = 1;
+ deleting = 0;
+ i++;
+ if (i >= argc)
+ usage();
+ sc_reader_num = atoi(argv[i]);
+ continue;
+ }
+ if (strcmp(argv[i], "-e") == 0) {
+ sc_mode = 1;
+ deleting = 1;
+ i++;
+ if (i >= argc)
+ usage();
+ sc_reader_num = atoi(argv[i]);
+ continue;
+ }
+ if (sc_mode == 1)
+ update_card(ac, !deleting, sc_reader_num);
no_files = 0;
if (deleting)
delete_file(ac, argv[i]);
else
add_file(ac, argv[i]);
}
+ if (sc_mode == 1) {
+ update_card(ac, !deleting, sc_reader_num);
+ ssh_close_authentication_connection(ac);
+ exit(0);
+ }
if (no_files) {
pw = getpwuid(getuid());
if (!pw) {