diff options
| -rw-r--r-- | usr.bin/ssh/readconf.c | 10 | ||||
| -rw-r--r-- | usr.bin/ssh/readconf.h | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh.1 | 15 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh.c | 13 |
4 files changed, 28 insertions, 13 deletions
diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c index b8c31bbdbda..eadb4a50207 100644 --- a/usr.bin/ssh/readconf.c +++ b/usr.bin/ssh/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.84 2001/07/25 14:35:18 markus Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.85 2001/07/31 09:28:44 jakob Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -114,7 +114,7 @@ typedef enum { oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, - oHostKeyAlgorithms, oBindAddress + oHostKeyAlgorithms, oBindAddress, oSmartcardDevice } OpCodes; /* Textual representations of the tokens. */ @@ -183,6 +183,7 @@ static struct { { "preferredauthentications", oPreferredAuthentications }, { "hostkeyalgorithms", oHostKeyAlgorithms }, { "bindaddress", oBindAddress }, + { "smartcarddevice", oSmartcardDevice }, { NULL, 0 } }; @@ -465,6 +466,10 @@ parse_string: charptr = &options->bind_address; goto parse_string; + case oSmartcardDevice: + intptr = &options->smartcard_device; + goto parse_int; + case oProxyCommand: charptr = &options->proxy_command; string = xstrdup(""); @@ -770,6 +775,7 @@ initialize_options(Options * options) options->log_level = (LogLevel) - 1; options->preferred_authentications = NULL; options->bind_address = NULL; + options->smartcard_device = -1; } /* diff --git a/usr.bin/ssh/readconf.h b/usr.bin/ssh/readconf.h index f91dc3899e6..623a448108b 100644 --- a/usr.bin/ssh/readconf.h +++ b/usr.bin/ssh/readconf.h @@ -11,7 +11,7 @@ * called by a name other than "ssh" or "Secure Shell". */ -/* RCSID("$OpenBSD: readconf.h,v 1.35 2001/06/26 17:27:24 markus Exp $"); */ +/* RCSID("$OpenBSD: readconf.h,v 1.36 2001/07/31 09:28:44 jakob Exp $"); */ #ifndef READCONF_H #define READCONF_H @@ -87,6 +87,7 @@ typedef struct { char *user_hostfile2; char *preferred_authentications; char *bind_address; /* local socket address for connection to sshd */ + int smartcard_device; /* Smartcard reader device */ int num_identity_files; /* Number of files for RSA/DSA identities. */ char *identity_files[SSH_MAX_IDENTITY_FILES]; diff --git a/usr.bin/ssh/ssh.1 b/usr.bin/ssh/ssh.1 index 32d54c37ad9..4e10ab109de 100644 --- a/usr.bin/ssh/ssh.1 +++ b/usr.bin/ssh/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.124 2001/07/25 14:35:18 markus Exp $ +.\" $OpenBSD: ssh.1,v 1.125 2001/07/31 09:28:44 jakob Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -448,6 +448,12 @@ It is possible to have multiple .Fl i options (and multiple identities specified in configuration files). +.It Fl I Ar smartcard_device +Specifies which smartcard device to use. The argument is +the device +.Nm +should use to communicate with a smartcard used for storing the user's +private RSA key. .It Fl k Disables forwarding of Kerberos tickets and AFS tokens. This may also be specified on a per-host basis in the configuration file. @@ -1016,6 +1022,13 @@ or .Dq no . The default is .Dq yes . +.It Cm SmartcardDevice +Specifies which smartcard device to use. The argument to this keyword is +the device +.Nm +should use to communicate with a smartcard used for storing the user's +private RSA key. By default, no device is specified and smartcard support +is not activated. .It Cm StrictHostKeyChecking If this flag is set to .Dq yes , diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index dd29b329350..dbadd4dc31e 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.131 2001/07/27 14:50:45 millert Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.132 2001/07/31 09:28:44 jakob Exp $"); #include <openssl/evp.h> #include <openssl/err.h> @@ -143,11 +143,6 @@ Buffer command; /* Should we execute a command or invoke a subsystem? */ int subsystem_flag = 0; -#ifdef SMARTCARD -/* Smartcard reader id */ -int sc_reader_num = -1; -#endif - /* Prints a help message to the user. This function never returns. */ static void @@ -360,7 +355,7 @@ again: break; case 'I': #ifdef SMARTCARD - sc_reader_num = atoi(optarg); + options.smartcard_device = atoi(optarg); #else fprintf(stderr, "no support for smartcards.\n"); #endif @@ -1132,9 +1127,9 @@ load_public_identity_files(void) int i = 0; #ifdef SMARTCARD - if (sc_reader_num != -1 && + if (options.smartcard_device >= 0 && options.num_identity_files + 1 < SSH_MAX_IDENTITY_FILES && - (public = sc_get_key(sc_reader_num)) != NULL ) { + (public = sc_get_key(options.smartcard_device)) != NULL ) { Key *new; if (options.num_identity_files + 2 > SSH_MAX_IDENTITY_FILES) |