From ae996bf7d1967c83a0e0d71e9e89fa9a27d839f9 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Mon, 6 Aug 2001 21:27:53 +0000 Subject: [PATCH] - jakob@cvs.openbsd.org 2001/07/31 09:28:44 [readconf.c readconf.h ssh.1 ssh.c] add 'SmartcardDevice' client option to specify which smartcard device is used to access a smartcard used for storing the user's private RSA key. ok markus@. --- ChangeLog | 7 ++++++- readconf.c | 10 ++++++++-- readconf.h | 3 ++- ssh.1 | 15 ++++++++++++++- ssh.c | 13 ++++--------- 5 files changed, 34 insertions(+), 14 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4ad73258c..c44eb959a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -75,6 +75,11 @@ - jakob@cvs.openbsd.org 2001/07/31 08:41:10 [scard.c] do not complain about missing smartcards. ok markus@ + - jakob@cvs.openbsd.org 2001/07/31 09:28:44 + [readconf.c readconf.h ssh.1 ssh.c] + add 'SmartcardDevice' client option to specify which smartcard device + is used to access a smartcard used for storing the user's private RSA + key. ok markus@. 20010803 - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on @@ -6185,4 +6190,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1445 2001/08/06 21:25:38 mouring Exp $ +$Id: ChangeLog,v 1.1446 2001/08/06 21:27:53 mouring Exp $ diff --git a/readconf.c b/readconf.c index 6519ec667..a4ae73333 100644 --- a/readconf.c +++ b/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.84 2001/07/25 14:35:18 markus Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.85 2001/07/31 09:28:44 jakob Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -114,7 +114,7 @@ typedef enum { oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, - oHostKeyAlgorithms, oBindAddress + oHostKeyAlgorithms, oBindAddress, oSmartcardDevice } OpCodes; /* Textual representations of the tokens. */ @@ -183,6 +183,7 @@ static struct { { "preferredauthentications", oPreferredAuthentications }, { "hostkeyalgorithms", oHostKeyAlgorithms }, { "bindaddress", oBindAddress }, + { "smartcarddevice", oSmartcardDevice }, { NULL, 0 } }; @@ -468,6 +469,10 @@ parse_string: charptr = &options->bind_address; goto parse_string; + case oSmartcardDevice: + intptr = &options->smartcard_device; + goto parse_int; + case oProxyCommand: charptr = &options->proxy_command; while ((arg = strdelim(&s)) != NULL && *arg != '\0') { @@ -772,6 +777,7 @@ initialize_options(Options * options) options->log_level = (LogLevel) - 1; options->preferred_authentications = NULL; options->bind_address = NULL; + options->smartcard_device = -1; } /* diff --git a/readconf.h b/readconf.h index f91dc3899..623a44810 100644 --- a/readconf.h +++ b/readconf.h @@ -11,7 +11,7 @@ * called by a name other than "ssh" or "Secure Shell". */ -/* RCSID("$OpenBSD: readconf.h,v 1.35 2001/06/26 17:27:24 markus Exp $"); */ +/* RCSID("$OpenBSD: readconf.h,v 1.36 2001/07/31 09:28:44 jakob Exp $"); */ #ifndef READCONF_H #define READCONF_H @@ -87,6 +87,7 @@ typedef struct { char *user_hostfile2; char *preferred_authentications; char *bind_address; /* local socket address for connection to sshd */ + int smartcard_device; /* Smartcard reader device */ int num_identity_files; /* Number of files for RSA/DSA identities. */ char *identity_files[SSH_MAX_IDENTITY_FILES]; diff --git a/ssh.1 b/ssh.1 index 32d54c37a..4e10ab109 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.124 2001/07/25 14:35:18 markus Exp $ +.\" $OpenBSD: ssh.1,v 1.125 2001/07/31 09:28:44 jakob Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -448,6 +448,12 @@ It is possible to have multiple .Fl i options (and multiple identities specified in configuration files). +.It Fl I Ar smartcard_device +Specifies which smartcard device to use. The argument is +the device +.Nm +should use to communicate with a smartcard used for storing the user's +private RSA key. .It Fl k Disables forwarding of Kerberos tickets and AFS tokens. This may also be specified on a per-host basis in the configuration file. @@ -1016,6 +1022,13 @@ or .Dq no . The default is .Dq yes . +.It Cm SmartcardDevice +Specifies which smartcard device to use. The argument to this keyword is +the device +.Nm +should use to communicate with a smartcard used for storing the user's +private RSA key. By default, no device is specified and smartcard support +is not activated. .It Cm StrictHostKeyChecking If this flag is set to .Dq yes , diff --git a/ssh.c b/ssh.c index d12d7580a..70eaa772b 100644 --- a/ssh.c +++ b/ssh.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.131 2001/07/27 14:50:45 millert Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.132 2001/07/31 09:28:44 jakob Exp $"); #include #include @@ -151,11 +151,6 @@ Buffer command; /* Should we execute a command or invoke a subsystem? */ int subsystem_flag = 0; -#ifdef SMARTCARD -/* Smartcard reader id */ -int sc_reader_num = -1; -#endif - /* Prints a help message to the user. This function never returns. */ static void @@ -377,7 +372,7 @@ again: break; case 'I': #ifdef SMARTCARD - sc_reader_num = atoi(optarg); + options.smartcard_device = atoi(optarg); #else fprintf(stderr, "no support for smartcards.\n"); #endif @@ -1156,9 +1151,9 @@ load_public_identity_files(void) int i = 0; #ifdef SMARTCARD - if (sc_reader_num != -1 && + if (options.smartcard_device >= 0 && options.num_identity_files + 1 < SSH_MAX_IDENTITY_FILES && - (public = sc_get_key(sc_reader_num)) != NULL ) { + (public = sc_get_key(options.smartcard_device)) != NULL ) { Key *new; if (options.num_identity_files + 2 > SSH_MAX_IDENTITY_FILES)