From: mouring <mouring>
Date: Wed, 4 Jul 2001 03:50:02 +0000 (+0000)
Subject:    - markus@cvs.openbsd.org 2001/06/26 04:59:59
X-Git-Tag: V_2_9_9_P1~234
X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/commitdiff_plain/983def13fe0569789adc2639e1a917d1b329efce

   - markus@cvs.openbsd.org 2001/06/26 04:59:59
     [authfd.c authfd.h ssh-add.c]
     initial support for smartcards in the agent
---

diff --git a/ChangeLog b/ChangeLog
index e7f4acce..443bf537 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -22,6 +22,9 @@
    - markus@cvs.openbsd.org 2001/06/26 04:07:06
      [ssh-agent.1 ssh-agent.c]
      add debug flag
+   - markus@cvs.openbsd.org 2001/06/26 04:59:59
+     [authfd.c authfd.h ssh-add.c]
+     initial support for smartcards in the agent
 
 20010629
  - (bal) Removed net_aton() since we don't use it any more
diff --git a/authfd.c b/authfd.c
index dfa33a97..b3c0d9d8 100644
--- a/authfd.c
+++ b/authfd.c
@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: authfd.c,v 1.41 2001/06/23 15:12:17 itojun Exp $");
+RCSID("$OpenBSD: authfd.c,v 1.42 2001/06/26 04:59:59 markus Exp $");
 
 #include <openssl/evp.h>
 
@@ -534,6 +534,25 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key)
 	return decode_reply(type);
 }
 
+int
+ssh_update_card(AuthenticationConnection *auth, int add, int reader_id)
+{
+	Buffer msg;
+	int type;
+
+	buffer_init(&msg);
+	buffer_put_char(&msg, add ? SSH_AGENTC_ADD_SMARTCARD_KEY :
+	    SSH_AGENTC_REMOVE_SMARTCARD_KEY);
+	buffer_put_int(&msg, reader_id);
+	if (ssh_request_reply(auth, &msg, &msg) == 0) {
+		buffer_free(&msg);
+		return 0;
+	}
+	type = buffer_get_char(&msg);
+	buffer_free(&msg);
+	return decode_reply(type);
+}
+
 /*
  * Removes all identities from the agent.  This call is not meant to be used
  * by normal applications.
diff --git a/authfd.h b/authfd.h
index 29d1847b..04439fd0 100644
--- a/authfd.h
+++ b/authfd.h
@@ -11,7 +11,7 @@
  * called by a name other than "ssh" or "Secure Shell".
  */
 
-/* RCSID("$OpenBSD: authfd.h,v 1.16 2000/12/20 19:37:21 markus Exp $"); */
+/* RCSID("$OpenBSD: authfd.h,v 1.17 2001/06/26 04:59:59 markus Exp $"); */
 
 #ifndef AUTHFD_H
 #define AUTHFD_H
@@ -38,6 +38,10 @@
 #define SSH2_AGENTC_REMOVE_IDENTITY		18
 #define SSH2_AGENTC_REMOVE_ALL_IDENTITIES	19
 
+/* smartcard */
+#define SSH_AGENTC_ADD_SMARTCARD_KEY		20
+#define SSH_AGENTC_REMOVE_SMARTCARD_KEY	        21
+
 /* additional error code for ssh.com's ssh-agent2 */
 #define SSH_COM_AGENT2_FAILURE                   102
 
@@ -133,6 +137,8 @@ int     ssh_remove_identity(AuthenticationConnection *auth, Key *key);
  * meant to be used by normal applications.  This returns true if the
  * operation was successful.
  */
-int     ssh_remove_all_identities(AuthenticationConnection *auth, int version);
+int	ssh_remove_all_identities(AuthenticationConnection *auth, int version);
+
+int	ssh_update_card(AuthenticationConnection *auth, int add, int reader_id);
 
 #endif				/* AUTHFD_H */
diff --git a/ssh-add.c b/ssh-add.c
index d6a55446..dad8beb4 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-add.c,v 1.41 2001/06/25 08:25:40 markus Exp $");
+RCSID("$OpenBSD: ssh-add.c,v 1.42 2001/06/26 04:59:59 markus Exp $");
 
 #include <openssl/evp.h>
 
@@ -149,6 +149,17 @@ add_file(AuthenticationConnection *ac, const char *filename)
 	key_free(private);
 }
 
+static void
+update_card(AuthenticationConnection *ac, int add, int id)
+{
+	if (ssh_update_card(ac, add, id))
+		fprintf(stderr, "Card %s: %d\n",
+		     add ? "added" : "removed", id);
+	else
+		fprintf(stderr, "Could not %s card: %d\n",
+		     add ? "add" : "remove", id);
+}
+
 static void
 list_identities(AuthenticationConnection *ac, int do_fp)
 {
@@ -181,6 +192,18 @@ list_identities(AuthenticationConnection *ac, int do_fp)
 		printf("The agent has no identities.\n");
 }
 
+static void
+usage(void)
+{
+	printf("Usage: ssh-add [options]\n");
+	printf("    -l, -L        : list identities\n");
+	printf("    -d            : delete identity\n");
+	printf("    -D            : delete all identities\n");
+	printf("    -s reader_num : add key in the smartcard in reader_num.\n");
+	printf("    -e reader_num : remove key in the smartcard in reader_num.\n");
+	exit (1);
+}
+
 int
 main(int argc, char **argv)
 {
@@ -190,6 +213,8 @@ main(int argc, char **argv)
 	int no_files = 1;
 	int i;
 	int deleting = 0;
+	int sc_mode = 0;
+	int sc_reader_num = 0;
 
 	__progname = get_progname(argv[0]);
 	init_rng();
@@ -220,12 +245,37 @@ main(int argc, char **argv)
 			no_files = 0;
 			continue;
 		}
+		if (strcmp(argv[i], "-s") == 0) {
+			sc_mode = 1;
+			deleting = 0; 
+			i++;
+			if (i >= argc)
+				usage();
+			sc_reader_num = atoi(argv[i]);
+			continue; 
+		}
+		if (strcmp(argv[i], "-e") == 0) {
+			sc_mode = 1;
+			deleting = 1; 
+			i++;
+			if (i >= argc)
+				usage();
+			sc_reader_num = atoi(argv[i]);
+			continue; 
+		}
+		if (sc_mode == 1)
+			update_card(ac, !deleting, sc_reader_num);
 		no_files = 0;
 		if (deleting)
 			delete_file(ac, argv[i]);
 		else
 			add_file(ac, argv[i]);
 	}
+	if (sc_mode == 1) {
+		update_card(ac, !deleting, sc_reader_num);
+		ssh_close_authentication_connection(ac);
+		exit(0);
+	}
 	if (no_files) {
 		pw = getpwuid(getuid());
 		if (!pw) {