- jakob@cvs.openbsd.org 2001/07/31 09:28:44

[readconf.c readconf.h ssh.1 ssh.c]
     add 'SmartcardDevice' client option to specify which smartcard device
     is used to access a smartcard used for storing the user's private RSA
     key. ok markus@.

ChangeLog

@@ -75,6 +75,11 @@
    - jakob@cvs.openbsd.org 2001/07/31 08:41:10
      [scard.c]
      do not complain about missing smartcards. ok markus@
+   - jakob@cvs.openbsd.org 2001/07/31 09:28:44
+     [readconf.c readconf.h ssh.1 ssh.c]
+     add 'SmartcardDevice' client option to specify which smartcard device 
+     is used to access a smartcard used for storing the user's private RSA 
+     key. ok markus@.
 
 20010803
  - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on
@@ -6185,4 +6190,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.1445 2001/08/06 21:25:38 mouring Exp $
+$Id: ChangeLog,v 1.1446 2001/08/06 21:27:53 mouring Exp $

readconf.c

@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.84 2001/07/25 14:35:18 markus Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.85 2001/07/31 09:28:44 jakob Exp $");
 
 #include "ssh.h"
 #include "xmalloc.h"
@@ -114,7 +114,7 @@ typedef enum {
 	oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
 	oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
 	oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
-	oHostKeyAlgorithms, oBindAddress
+	oHostKeyAlgorithms, oBindAddress, oSmartcardDevice
 } OpCodes;
 
 /* Textual representations of the tokens. */
@@ -183,6 +183,7 @@ static struct {
 	{ "preferredauthentications", oPreferredAuthentications },
 	{ "hostkeyalgorithms", oHostKeyAlgorithms },
 	{ "bindaddress", oBindAddress },
+	{ "smartcarddevice", oSmartcardDevice },
 	{ NULL, 0 }
 };
 
@@ -468,6 +469,10 @@ parse_string:
 		charptr = &options->bind_address;
 		goto parse_string;
 
+	case oSmartcardDevice:
+		intptr = &options->smartcard_device;
+		goto parse_int;
+
 	case oProxyCommand:
 		charptr = &options->proxy_command;
 		while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
@@ -772,6 +777,7 @@ initialize_options(Options * options)
 	options->log_level = (LogLevel) - 1;
 	options->preferred_authentications = NULL;
 	options->bind_address = NULL;
+	options->smartcard_device = -1;
 }
 
 /*

readconf.h

@@ -11,7 +11,7 @@
  * called by a name other than "ssh" or "Secure Shell".
  */
 
-/* RCSID("$OpenBSD: readconf.h,v 1.35 2001/06/26 17:27:24 markus Exp $"); */
+/* RCSID("$OpenBSD: readconf.h,v 1.36 2001/07/31 09:28:44 jakob Exp $"); */
 
 #ifndef READCONF_H
 #define READCONF_H
@@ -87,6 +87,7 @@ typedef struct {
 	char   *user_hostfile2;
 	char   *preferred_authentications;
 	char   *bind_address;	/* local socket address for connection to sshd */
+	int	smartcard_device; /* Smartcard reader device */
 
 	int     num_identity_files;	/* Number of files for RSA/DSA identities. */
 	char   *identity_files[SSH_MAX_IDENTITY_FILES];

ssh.1

@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.124 2001/07/25 14:35:18 markus Exp $
+.\" $OpenBSD: ssh.1,v 1.125 2001/07/31 09:28:44 jakob Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -448,6 +448,12 @@ It is possible to have multiple
 .Fl i
 options (and multiple identities specified in
 configuration files).
+.It Fl I Ar smartcard_device
+Specifies which smartcard device to use. The argument is
+the device
+.Nm
+should use to communicate with a smartcard used for storing the user's
+private RSA key.
 .It Fl k
 Disables forwarding of Kerberos tickets and AFS tokens.
 This may also be specified on a per-host basis in the configuration file.
@@ -1016,6 +1022,13 @@ or
 .Dq no .
 The default is
 .Dq yes .
+.It Cm SmartcardDevice
+Specifies which smartcard device to use. The argument to this keyword is
+the device
+.Nm
+should use to communicate with a smartcard used for storing the user's
+private RSA key. By default, no device is specified and smartcard support
+is not activated.
 .It Cm StrictHostKeyChecking
 If this flag is set to
 .Dq yes ,

ssh.c

@@ -39,7 +39,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.131 2001/07/27 14:50:45 millert Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.132 2001/07/31 09:28:44 jakob Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -151,11 +151,6 @@ Buffer command;
 /* Should we execute a command or invoke a subsystem? */
 int subsystem_flag = 0;
 
-#ifdef SMARTCARD
-/* Smartcard reader id */
-int sc_reader_num = -1;
-#endif
-
 /* Prints a help message to the user.  This function never returns. */
 
 static void
@@ -377,7 +372,7 @@ again:
 			break;
 		case 'I':
 #ifdef SMARTCARD
-			sc_reader_num = atoi(optarg);
+			options.smartcard_device = atoi(optarg);
 #else
 			fprintf(stderr, "no support for smartcards.\n");
 #endif
@@ -1156,9 +1151,9 @@ load_public_identity_files(void)
 	int i = 0;
 
 #ifdef SMARTCARD
-	if (sc_reader_num != -1 &&
+	if (options.smartcard_device >= 0 &&
 	    options.num_identity_files + 1 < SSH_MAX_IDENTITY_FILES &&
-	    (public = sc_get_key(sc_reader_num)) != NULL ) {
+	    (public = sc_get_key(options.smartcard_device)) != NULL ) {
 		Key *new;
 
 		if (options.num_identity_files + 2 > SSH_MAX_IDENTITY_FILES)