- jakob@cvs.openbsd.org 2001/07/31 09:28:44

     [readconf.c readconf.h ssh.1 ssh.c]
     add 'SmartcardDevice' client option to specify which smartcard device
     is used to access a smartcard used for storing the user's private RSA
     key. ok markus@.

diff --git a/ChangeLog b/ChangeLog
index 0fbccdbe722a3c9106f1ee8d860f2a38f51ab977..313fa07db73c523730473757d5895f26045922d1 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -75,6 +75,11 @@
    - jakob@cvs.openbsd.org 2001/07/31 08:41:10
      [scard.c]
      do not complain about missing smartcards. ok markus@
+   - jakob@cvs.openbsd.org 2001/07/31 09:28:44
+     [readconf.c readconf.h ssh.1 ssh.c]
+     add 'SmartcardDevice' client option to specify which smartcard device 
+     is used to access a smartcard used for storing the user's private RSA 
+     key. ok markus@.
 
 20010803
  - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on

diff --git a/readconf.c b/readconf.c
index 6519ec667adbebaa86fc7b14899b6e20e02cb620..a4ae733331490318f2a368a053bb070ab1309a1e 100644 (file)
--- a/readconf.c
+++ b/readconf.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.84 2001/07/25 14:35:18 markus Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.85 2001/07/31 09:28:44 jakob Exp $");
 
 #include "ssh.h"
 #include "xmalloc.h"
@@ -114,7 +114,7 @@ typedef enum {
        oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
        oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
        oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
-       oHostKeyAlgorithms, oBindAddress
+       oHostKeyAlgorithms, oBindAddress, oSmartcardDevice
 } OpCodes;
 
 /* Textual representations of the tokens. */
@@ -183,6 +183,7 @@ static struct {
        { "preferredauthentications", oPreferredAuthentications },
        { "hostkeyalgorithms", oHostKeyAlgorithms },
        { "bindaddress", oBindAddress },
+       { "smartcarddevice", oSmartcardDevice },
        { NULL, 0 }
 };
 
@@ -468,6 +469,10 @@ parse_string:
                charptr = &options->bind_address;
                goto parse_string;
 
+       case oSmartcardDevice:
+               intptr = &options->smartcard_device;
+               goto parse_int;
+
        case oProxyCommand:
                charptr = &options->proxy_command;
                while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
@@ -772,6 +777,7 @@ initialize_options(Options * options)
        options->log_level = (LogLevel) - 1;
        options->preferred_authentications = NULL;
        options->bind_address = NULL;
+       options->smartcard_device = -1;
 }
 
 /*

diff --git a/readconf.h b/readconf.h
index f91dc3899e64f4e5cda410b9a13c8ca66a28f2f9..623a448108b2ae64015cf288a0228f170adc0b2e 100644 (file)
--- a/readconf.h
+++ b/readconf.h
@@ -11,7 +11,7 @@
  * called by a name other than "ssh" or "Secure Shell".
  */
 
-/* RCSID("$OpenBSD: readconf.h,v 1.35 2001/06/26 17:27:24 markus Exp $"); */
+/* RCSID("$OpenBSD: readconf.h,v 1.36 2001/07/31 09:28:44 jakob Exp $"); */
 
 #ifndef READCONF_H
 #define READCONF_H
@@ -87,6 +87,7 @@ typedef struct {
        char   *user_hostfile2;
        char   *preferred_authentications;
        char   *bind_address;   /* local socket address for connection to sshd */
+       int     smartcard_device; /* Smartcard reader device */
 
        int     num_identity_files;     /* Number of files for RSA/DSA identities. */
        char   *identity_files[SSH_MAX_IDENTITY_FILES];

diff --git a/ssh.1 b/ssh.1
index 32d54c37ad95d1f1fc60179b13c7917cdead020f..4e10ab109deba79734be0a45bf5ae8587d8c19a6 100644 (file)
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.124 2001/07/25 14:35:18 markus Exp $
+.\" $OpenBSD: ssh.1,v 1.125 2001/07/31 09:28:44 jakob Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -448,6 +448,12 @@ It is possible to have multiple
 .Fl i
 options (and multiple identities specified in
 configuration files).
+.It Fl I Ar smartcard_device
+Specifies which smartcard device to use. The argument is
+the device
+.Nm
+should use to communicate with a smartcard used for storing the user's
+private RSA key.
 .It Fl k
 Disables forwarding of Kerberos tickets and AFS tokens.
 This may also be specified on a per-host basis in the configuration file.
@@ -1016,6 +1022,13 @@ or
 .Dq no .
 The default is
 .Dq yes .
+.It Cm SmartcardDevice
+Specifies which smartcard device to use. The argument to this keyword is
+the device
+.Nm
+should use to communicate with a smartcard used for storing the user's
+private RSA key. By default, no device is specified and smartcard support
+is not activated.
 .It Cm StrictHostKeyChecking
 If this flag is set to
 .Dq yes ,

diff --git a/ssh.c b/ssh.c
index d12d7580ac722f45e21ae1de045480f696626451..70eaa772b86cf8f4c3cc447d8fdfa35d5313dd48 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -39,7 +39,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.131 2001/07/27 14:50:45 millert Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.132 2001/07/31 09:28:44 jakob Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -151,11 +151,6 @@ Buffer command;
 /* Should we execute a command or invoke a subsystem? */
 int subsystem_flag = 0;
 
-#ifdef SMARTCARD
-/* Smartcard reader id */
-int sc_reader_num = -1;
-#endif
-
 /* Prints a help message to the user.  This function never returns. */
 
 static void
@@ -377,7 +372,7 @@ again:
                        break;
                case 'I':
 #ifdef SMARTCARD
-                       sc_reader_num = atoi(optarg);
+                       options.smartcard_device = atoi(optarg);
 #else
                        fprintf(stderr, "no support for smartcards.\n");
 #endif
@@ -1156,9 +1151,9 @@ load_public_identity_files(void)
        int i = 0;
 
 #ifdef SMARTCARD
-       if (sc_reader_num != -1 &&
+       if (options.smartcard_device >= 0 &&
            options.num_identity_files + 1 < SSH_MAX_IDENTITY_FILES &&
-           (public = sc_get_key(sc_reader_num)) != NULL ) {
+           (public = sc_get_key(options.smartcard_device)) != NULL ) {
                Key *new;
 
                if (options.num_identity_files + 2 > SSH_MAX_IDENTITY_FILES)