- markus@cvs.openbsd.org 2001/06/26 04:07:06
[ssh-agent.1 ssh-agent.c]
add debug flag
+ - markus@cvs.openbsd.org 2001/06/26 04:59:59
+ [authfd.c authfd.h ssh-add.c]
+ initial support for smartcards in the agent
20010629
- (bal) Removed net_aton() since we don't use it any more
*/
#include "includes.h"
-RCSID("$OpenBSD: authfd.c,v 1.41 2001/06/23 15:12:17 itojun Exp $");
+RCSID("$OpenBSD: authfd.c,v 1.42 2001/06/26 04:59:59 markus Exp $");
#include <openssl/evp.h>
return decode_reply(type);
}
+int
+ssh_update_card(AuthenticationConnection *auth, int add, int reader_id)
+{
+ Buffer msg;
+ int type;
+
+ buffer_init(&msg);
+ buffer_put_char(&msg, add ? SSH_AGENTC_ADD_SMARTCARD_KEY :
+ SSH_AGENTC_REMOVE_SMARTCARD_KEY);
+ buffer_put_int(&msg, reader_id);
+ if (ssh_request_reply(auth, &msg, &msg) == 0) {
+ buffer_free(&msg);
+ return 0;
+ }
+ type = buffer_get_char(&msg);
+ buffer_free(&msg);
+ return decode_reply(type);
+}
+
/*
* Removes all identities from the agent. This call is not meant to be used
* by normal applications.
* called by a name other than "ssh" or "Secure Shell".
*/
-/* RCSID("$OpenBSD: authfd.h,v 1.16 2000/12/20 19:37:21 markus Exp $"); */
+/* RCSID("$OpenBSD: authfd.h,v 1.17 2001/06/26 04:59:59 markus Exp $"); */
#ifndef AUTHFD_H
#define AUTHFD_H
#define SSH2_AGENTC_REMOVE_IDENTITY 18
#define SSH2_AGENTC_REMOVE_ALL_IDENTITIES 19
+/* smartcard */
+#define SSH_AGENTC_ADD_SMARTCARD_KEY 20
+#define SSH_AGENTC_REMOVE_SMARTCARD_KEY 21
+
/* additional error code for ssh.com's ssh-agent2 */
#define SSH_COM_AGENT2_FAILURE 102
* meant to be used by normal applications. This returns true if the
* operation was successful.
*/
-int ssh_remove_all_identities(AuthenticationConnection *auth, int version);
+int ssh_remove_all_identities(AuthenticationConnection *auth, int version);
+
+int ssh_update_card(AuthenticationConnection *auth, int add, int reader_id);
#endif /* AUTHFD_H */
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-add.c,v 1.41 2001/06/25 08:25:40 markus Exp $");
+RCSID("$OpenBSD: ssh-add.c,v 1.42 2001/06/26 04:59:59 markus Exp $");
#include <openssl/evp.h>
key_free(private);
}
+static void
+update_card(AuthenticationConnection *ac, int add, int id)
+{
+ if (ssh_update_card(ac, add, id))
+ fprintf(stderr, "Card %s: %d\n",
+ add ? "added" : "removed", id);
+ else
+ fprintf(stderr, "Could not %s card: %d\n",
+ add ? "add" : "remove", id);
+}
+
static void
list_identities(AuthenticationConnection *ac, int do_fp)
{
printf("The agent has no identities.\n");
}
+static void
+usage(void)
+{
+ printf("Usage: ssh-add [options]\n");
+ printf(" -l, -L : list identities\n");
+ printf(" -d : delete identity\n");
+ printf(" -D : delete all identities\n");
+ printf(" -s reader_num : add key in the smartcard in reader_num.\n");
+ printf(" -e reader_num : remove key in the smartcard in reader_num.\n");
+ exit (1);
+}
+
int
main(int argc, char **argv)
{
int no_files = 1;
int i;
int deleting = 0;
+ int sc_mode = 0;
+ int sc_reader_num = 0;
__progname = get_progname(argv[0]);
init_rng();
no_files = 0;
continue;
}
+ if (strcmp(argv[i], "-s") == 0) {
+ sc_mode = 1;
+ deleting = 0;
+ i++;
+ if (i >= argc)
+ usage();
+ sc_reader_num = atoi(argv[i]);
+ continue;
+ }
+ if (strcmp(argv[i], "-e") == 0) {
+ sc_mode = 1;
+ deleting = 1;
+ i++;
+ if (i >= argc)
+ usage();
+ sc_reader_num = atoi(argv[i]);
+ continue;
+ }
+ if (sc_mode == 1)
+ update_card(ac, !deleting, sc_reader_num);
no_files = 0;
if (deleting)
delete_file(ac, argv[i]);
else
add_file(ac, argv[i]);
}
+ if (sc_mode == 1) {
+ update_card(ac, !deleting, sc_reader_num);
+ ssh_close_authentication_connection(ac);
+ exit(0);
+ }
if (no_files) {
pw = getpwuid(getuid());
if (!pw) {