- jakob@cvs.openbsd.org 2001/07/31 08:41:10
[scard.c]
do not complain about missing smartcards. ok markus@
+ - jakob@cvs.openbsd.org 2001/07/31 09:28:44
+ [readconf.c readconf.h ssh.1 ssh.c]
+ add 'SmartcardDevice' client option to specify which smartcard device
+ is used to access a smartcard used for storing the user's private RSA
+ key. ok markus@.
20010803
- (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on
*/
#include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.84 2001/07/25 14:35:18 markus Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.85 2001/07/31 09:28:44 jakob Exp $");
#include "ssh.h"
#include "xmalloc.h"
oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
- oHostKeyAlgorithms, oBindAddress
+ oHostKeyAlgorithms, oBindAddress, oSmartcardDevice
} OpCodes;
/* Textual representations of the tokens. */
{ "preferredauthentications", oPreferredAuthentications },
{ "hostkeyalgorithms", oHostKeyAlgorithms },
{ "bindaddress", oBindAddress },
+ { "smartcarddevice", oSmartcardDevice },
{ NULL, 0 }
};
charptr = &options->bind_address;
goto parse_string;
+ case oSmartcardDevice:
+ intptr = &options->smartcard_device;
+ goto parse_int;
+
case oProxyCommand:
charptr = &options->proxy_command;
while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
options->log_level = (LogLevel) - 1;
options->preferred_authentications = NULL;
options->bind_address = NULL;
+ options->smartcard_device = -1;
}
/*
* called by a name other than "ssh" or "Secure Shell".
*/
-/* RCSID("$OpenBSD: readconf.h,v 1.35 2001/06/26 17:27:24 markus Exp $"); */
+/* RCSID("$OpenBSD: readconf.h,v 1.36 2001/07/31 09:28:44 jakob Exp $"); */
#ifndef READCONF_H
#define READCONF_H
char *user_hostfile2;
char *preferred_authentications;
char *bind_address; /* local socket address for connection to sshd */
+ int smartcard_device; /* Smartcard reader device */
int num_identity_files; /* Number of files for RSA/DSA identities. */
char *identity_files[SSH_MAX_IDENTITY_FILES];
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.124 2001/07/25 14:35:18 markus Exp $
+.\" $OpenBSD: ssh.1,v 1.125 2001/07/31 09:28:44 jakob Exp $
.Dd September 25, 1999
.Dt SSH 1
.Os
.Fl i
options (and multiple identities specified in
configuration files).
+.It Fl I Ar smartcard_device
+Specifies which smartcard device to use. The argument is
+the device
+.Nm
+should use to communicate with a smartcard used for storing the user's
+private RSA key.
.It Fl k
Disables forwarding of Kerberos tickets and AFS tokens.
This may also be specified on a per-host basis in the configuration file.
.Dq no .
The default is
.Dq yes .
+.It Cm SmartcardDevice
+Specifies which smartcard device to use. The argument to this keyword is
+the device
+.Nm
+should use to communicate with a smartcard used for storing the user's
+private RSA key. By default, no device is specified and smartcard support
+is not activated.
.It Cm StrictHostKeyChecking
If this flag is set to
.Dq yes ,
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.131 2001/07/27 14:50:45 millert Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.132 2001/07/31 09:28:44 jakob Exp $");
#include <openssl/evp.h>
#include <openssl/err.h>
/* Should we execute a command or invoke a subsystem? */
int subsystem_flag = 0;
-#ifdef SMARTCARD
-/* Smartcard reader id */
-int sc_reader_num = -1;
-#endif
-
/* Prints a help message to the user. This function never returns. */
static void
break;
case 'I':
#ifdef SMARTCARD
- sc_reader_num = atoi(optarg);
+ options.smartcard_device = atoi(optarg);
#else
fprintf(stderr, "no support for smartcards.\n");
#endif
int i = 0;
#ifdef SMARTCARD
- if (sc_reader_num != -1 &&
+ if (options.smartcard_device >= 0 &&
options.num_identity_files + 1 < SSH_MAX_IDENTITY_FILES &&
- (public = sc_get_key(sc_reader_num)) != NULL ) {
+ (public = sc_get_key(options.smartcard_device)) != NULL ) {
Key *new;
if (options.num_identity_files + 2 > SSH_MAX_IDENTITY_FILES)