diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2001-06-26 05:00:00 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2001-06-26 05:00:00 +0000 |
| commit | e7badc12a8fd48358a2fd9740d50db697b1880b7 (patch) | |
| tree | ffb9c9c6a2f503469b53782189b37dce2b077c76 /usr.bin/ssh | |
| parent | 5dd90aa4527c92a41b35cb213e76451fc5598a2e (diff) | |
initial support for smartcards in the agent
Diffstat (limited to 'usr.bin/ssh')
| -rw-r--r-- | usr.bin/ssh/authfd.c | 21 | ||||
| -rw-r--r-- | usr.bin/ssh/authfd.h | 10 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh-add.c | 52 |
3 files changed, 79 insertions, 4 deletions
diff --git a/usr.bin/ssh/authfd.c b/usr.bin/ssh/authfd.c index ca84c6c66a0..fab44e07f5c 100644 --- a/usr.bin/ssh/authfd.c +++ b/usr.bin/ssh/authfd.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfd.c,v 1.41 2001/06/23 15:12:17 itojun Exp $"); +RCSID("$OpenBSD: authfd.c,v 1.42 2001/06/26 04:59:59 markus Exp $"); #include <openssl/evp.h> @@ -532,6 +532,25 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key) return decode_reply(type); } +int +ssh_update_card(AuthenticationConnection *auth, int add, int reader_id) +{ + Buffer msg; + int type; + + buffer_init(&msg); + buffer_put_char(&msg, add ? SSH_AGENTC_ADD_SMARTCARD_KEY : + SSH_AGENTC_REMOVE_SMARTCARD_KEY); + buffer_put_int(&msg, reader_id); + if (ssh_request_reply(auth, &msg, &msg) == 0) { + buffer_free(&msg); + return 0; + } + type = buffer_get_char(&msg); + buffer_free(&msg); + return decode_reply(type); +} + /* * Removes all identities from the agent. This call is not meant to be used * by normal applications. diff --git a/usr.bin/ssh/authfd.h b/usr.bin/ssh/authfd.h index 29d1847b5ee..04439fd07e4 100644 --- a/usr.bin/ssh/authfd.h +++ b/usr.bin/ssh/authfd.h @@ -11,7 +11,7 @@ * called by a name other than "ssh" or "Secure Shell". */ -/* RCSID("$OpenBSD: authfd.h,v 1.16 2000/12/20 19:37:21 markus Exp $"); */ +/* RCSID("$OpenBSD: authfd.h,v 1.17 2001/06/26 04:59:59 markus Exp $"); */ #ifndef AUTHFD_H #define AUTHFD_H @@ -38,6 +38,10 @@ #define SSH2_AGENTC_REMOVE_IDENTITY 18 #define SSH2_AGENTC_REMOVE_ALL_IDENTITIES 19 +/* smartcard */ +#define SSH_AGENTC_ADD_SMARTCARD_KEY 20 +#define SSH_AGENTC_REMOVE_SMARTCARD_KEY 21 + /* additional error code for ssh.com's ssh-agent2 */ #define SSH_COM_AGENT2_FAILURE 102 @@ -133,6 +137,8 @@ int ssh_remove_identity(AuthenticationConnection *auth, Key *key); * meant to be used by normal applications. This returns true if the * operation was successful. */ -int ssh_remove_all_identities(AuthenticationConnection *auth, int version); +int ssh_remove_all_identities(AuthenticationConnection *auth, int version); + +int ssh_update_card(AuthenticationConnection *auth, int add, int reader_id); #endif /* AUTHFD_H */ diff --git a/usr.bin/ssh/ssh-add.c b/usr.bin/ssh/ssh-add.c index c168d906386..0cf7031d95b 100644 --- a/usr.bin/ssh/ssh-add.c +++ b/usr.bin/ssh/ssh-add.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-add.c,v 1.41 2001/06/25 08:25:40 markus Exp $"); +RCSID("$OpenBSD: ssh-add.c,v 1.42 2001/06/26 04:59:59 markus Exp $"); #include <openssl/evp.h> @@ -144,6 +144,17 @@ add_file(AuthenticationConnection *ac, const char *filename) } static void +update_card(AuthenticationConnection *ac, int add, int id) +{ + if (ssh_update_card(ac, add, id)) + fprintf(stderr, "Card %s: %d\n", + add ? "added" : "removed", id); + else + fprintf(stderr, "Could not %s card: %d\n", + add ? "add" : "remove", id); +} + +static void list_identities(AuthenticationConnection *ac, int do_fp) { Key *key; @@ -175,6 +186,18 @@ list_identities(AuthenticationConnection *ac, int do_fp) printf("The agent has no identities.\n"); } +static void +usage(void) +{ + printf("Usage: ssh-add [options]\n"); + printf(" -l, -L : list identities\n"); + printf(" -d : delete identity\n"); + printf(" -D : delete all identities\n"); + printf(" -s reader_num : add key in the smartcard in reader_num.\n"); + printf(" -e reader_num : remove key in the smartcard in reader_num.\n"); + exit (1); +} + int main(int argc, char **argv) { @@ -184,6 +207,8 @@ main(int argc, char **argv) int no_files = 1; int i; int deleting = 0; + int sc_mode = 0; + int sc_reader_num = 0; SSLeay_add_all_algorithms(); @@ -210,12 +235,37 @@ main(int argc, char **argv) no_files = 0; continue; } + if (strcmp(argv[i], "-s") == 0) { + sc_mode = 1; + deleting = 0; + i++; + if (i >= argc) + usage(); + sc_reader_num = atoi(argv[i]); + continue; + } + if (strcmp(argv[i], "-e") == 0) { + sc_mode = 1; + deleting = 1; + i++; + if (i >= argc) + usage(); + sc_reader_num = atoi(argv[i]); + continue; + } + if (sc_mode == 1) + update_card(ac, !deleting, sc_reader_num); no_files = 0; if (deleting) delete_file(ac, argv[i]); else add_file(ac, argv[i]); } + if (sc_mode == 1) { + update_card(ac, !deleting, sc_reader_num); + ssh_close_authentication_connection(ac); + exit(0); + } if (no_files) { pw = getpwuid(getuid()); if (!pw) { |