From e7badc12a8fd48358a2fd9740d50db697b1880b7 Mon Sep 17 00:00:00 2001
From: Markus Friedl <markus@cvs.openbsd.org>
Date: Tue, 26 Jun 2001 05:00:00 +0000
Subject: initial support for smartcards in the agent

---
 usr.bin/ssh/authfd.c  | 21 ++++++++++++++++++++-
 usr.bin/ssh/authfd.h  | 10 ++++++++--
 usr.bin/ssh/ssh-add.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++-
 3 files changed, 79 insertions(+), 4 deletions(-)

(limited to 'usr.bin')

diff --git a/usr.bin/ssh/authfd.c b/usr.bin/ssh/authfd.c
index ca84c6c66a0..fab44e07f5c 100644
--- a/usr.bin/ssh/authfd.c
+++ b/usr.bin/ssh/authfd.c
@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: authfd.c,v 1.41 2001/06/23 15:12:17 itojun Exp $");
+RCSID("$OpenBSD: authfd.c,v 1.42 2001/06/26 04:59:59 markus Exp $");
 
 #include <openssl/evp.h>
 
@@ -532,6 +532,25 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key)
 	return decode_reply(type);
 }
 
+int
+ssh_update_card(AuthenticationConnection *auth, int add, int reader_id)
+{
+	Buffer msg;
+	int type;
+
+	buffer_init(&msg);
+	buffer_put_char(&msg, add ? SSH_AGENTC_ADD_SMARTCARD_KEY :
+	    SSH_AGENTC_REMOVE_SMARTCARD_KEY);
+	buffer_put_int(&msg, reader_id);
+	if (ssh_request_reply(auth, &msg, &msg) == 0) {
+		buffer_free(&msg);
+		return 0;
+	}
+	type = buffer_get_char(&msg);
+	buffer_free(&msg);
+	return decode_reply(type);
+}
+
 /*
  * Removes all identities from the agent.  This call is not meant to be used
  * by normal applications.
diff --git a/usr.bin/ssh/authfd.h b/usr.bin/ssh/authfd.h
index 29d1847b5ee..04439fd07e4 100644
--- a/usr.bin/ssh/authfd.h
+++ b/usr.bin/ssh/authfd.h
@@ -11,7 +11,7 @@
  * called by a name other than "ssh" or "Secure Shell".
  */
 
-/* RCSID("$OpenBSD: authfd.h,v 1.16 2000/12/20 19:37:21 markus Exp $"); */
+/* RCSID("$OpenBSD: authfd.h,v 1.17 2001/06/26 04:59:59 markus Exp $"); */
 
 #ifndef AUTHFD_H
 #define AUTHFD_H
@@ -38,6 +38,10 @@
 #define SSH2_AGENTC_REMOVE_IDENTITY		18
 #define SSH2_AGENTC_REMOVE_ALL_IDENTITIES	19
 
+/* smartcard */
+#define SSH_AGENTC_ADD_SMARTCARD_KEY		20
+#define SSH_AGENTC_REMOVE_SMARTCARD_KEY	        21
+
 /* additional error code for ssh.com's ssh-agent2 */
 #define SSH_COM_AGENT2_FAILURE                   102
 
@@ -133,6 +137,8 @@ int     ssh_remove_identity(AuthenticationConnection *auth, Key *key);
  * meant to be used by normal applications.  This returns true if the
  * operation was successful.
  */
-int     ssh_remove_all_identities(AuthenticationConnection *auth, int version);
+int	ssh_remove_all_identities(AuthenticationConnection *auth, int version);
+
+int	ssh_update_card(AuthenticationConnection *auth, int add, int reader_id);
 
 #endif				/* AUTHFD_H */
diff --git a/usr.bin/ssh/ssh-add.c b/usr.bin/ssh/ssh-add.c
index c168d906386..0cf7031d95b 100644
--- a/usr.bin/ssh/ssh-add.c
+++ b/usr.bin/ssh/ssh-add.c
@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-add.c,v 1.41 2001/06/25 08:25:40 markus Exp $");
+RCSID("$OpenBSD: ssh-add.c,v 1.42 2001/06/26 04:59:59 markus Exp $");
 
 #include <openssl/evp.h>
 
@@ -143,6 +143,17 @@ add_file(AuthenticationConnection *ac, const char *filename)
 	key_free(private);
 }
 
+static void
+update_card(AuthenticationConnection *ac, int add, int id)
+{
+	if (ssh_update_card(ac, add, id))
+		fprintf(stderr, "Card %s: %d\n",
+		     add ? "added" : "removed", id);
+	else
+		fprintf(stderr, "Could not %s card: %d\n",
+		     add ? "add" : "remove", id);
+}
+
 static void
 list_identities(AuthenticationConnection *ac, int do_fp)
 {
@@ -175,6 +186,18 @@ list_identities(AuthenticationConnection *ac, int do_fp)
 		printf("The agent has no identities.\n");
 }
 
+static void
+usage(void)
+{
+	printf("Usage: ssh-add [options]\n");
+	printf("    -l, -L        : list identities\n");
+	printf("    -d            : delete identity\n");
+	printf("    -D            : delete all identities\n");
+	printf("    -s reader_num : add key in the smartcard in reader_num.\n");
+	printf("    -e reader_num : remove key in the smartcard in reader_num.\n");
+	exit (1);
+}
+
 int
 main(int argc, char **argv)
 {
@@ -184,6 +207,8 @@ main(int argc, char **argv)
 	int no_files = 1;
 	int i;
 	int deleting = 0;
+	int sc_mode = 0;
+	int sc_reader_num = 0;
 
 	SSLeay_add_all_algorithms();
 
@@ -210,12 +235,37 @@ main(int argc, char **argv)
 			no_files = 0;
 			continue;
 		}
+		if (strcmp(argv[i], "-s") == 0) {
+			sc_mode = 1;
+			deleting = 0; 
+			i++;
+			if (i >= argc)
+				usage();
+			sc_reader_num = atoi(argv[i]);
+			continue; 
+		}
+		if (strcmp(argv[i], "-e") == 0) {
+			sc_mode = 1;
+			deleting = 1; 
+			i++;
+			if (i >= argc)
+				usage();
+			sc_reader_num = atoi(argv[i]);
+			continue; 
+		}
+		if (sc_mode == 1)
+			update_card(ac, !deleting, sc_reader_num);
 		no_files = 0;
 		if (deleting)
 			delete_file(ac, argv[i]);
 		else
 			add_file(ac, argv[i]);
 	}
+	if (sc_mode == 1) {
+		update_card(ac, !deleting, sc_reader_num);
+		ssh_close_authentication_connection(ac);
+		exit(0);
+	}
 	if (no_files) {
 		pw = getpwuid(getuid());
 		if (!pw) {
-- 
cgit v1.2.3