diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2001-07-04 03:53:15 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-07-04 03:53:15 +0000 |
commit | 3f471630bbe2e75ab5db9368778551474770f78e (patch) | |
tree | 718c42a7bb85cbba81978a4e71e1661c58c0b947 | |
parent | db6b276f5a5c88e76bbe6705d19c938736248d54 (diff) |
- markus@cvs.openbsd.org 2001/06/26 05:33:34
[ssh-agent.c]
more smartcard support.
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | ssh-agent.c | 118 |
2 files changed, 120 insertions, 3 deletions
@@ -28,6 +28,9 @@ | |||
28 | - markus@cvs.openbsd.org 2001/06/26 05:07:43 | 28 | - markus@cvs.openbsd.org 2001/06/26 05:07:43 |
29 | [ssh-agent.c] | 29 | [ssh-agent.c] |
30 | update usage | 30 | update usage |
31 | - markus@cvs.openbsd.org 2001/06/26 05:33:34 | ||
32 | [ssh-agent.c] | ||
33 | more smartcard support. | ||
31 | 34 | ||
32 | 20010629 | 35 | 20010629 |
33 | - (bal) Removed net_aton() since we don't use it any more | 36 | - (bal) Removed net_aton() since we don't use it any more |
@@ -5855,4 +5858,4 @@ | |||
5855 | - Wrote replacements for strlcpy and mkdtemp | 5858 | - Wrote replacements for strlcpy and mkdtemp |
5856 | - Released 1.0pre1 | 5859 | - Released 1.0pre1 |
5857 | 5860 | ||
5858 | $Id: ChangeLog,v 1.1352 2001/07/04 03:51:35 mouring Exp $ | 5861 | $Id: ChangeLog,v 1.1353 2001/07/04 03:53:15 mouring Exp $ |
diff --git a/ssh-agent.c b/ssh-agent.c index 3b2934760..41dd777cb 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-agent.c,v 1.58 2001/06/26 05:07:43 markus Exp $ */ | 1 | /* $OpenBSD: ssh-agent.c,v 1.59 2001/06/26 05:33:34 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -36,7 +36,7 @@ | |||
36 | */ | 36 | */ |
37 | 37 | ||
38 | #include "includes.h" | 38 | #include "includes.h" |
39 | RCSID("$OpenBSD: ssh-agent.c,v 1.58 2001/06/26 05:07:43 markus Exp $"); | 39 | RCSID("$OpenBSD: ssh-agent.c,v 1.59 2001/06/26 05:33:34 markus Exp $"); |
40 | 40 | ||
41 | #include <openssl/evp.h> | 41 | #include <openssl/evp.h> |
42 | #include <openssl/md5.h> | 42 | #include <openssl/md5.h> |
@@ -56,6 +56,11 @@ RCSID("$OpenBSD: ssh-agent.c,v 1.58 2001/06/26 05:07:43 markus Exp $"); | |||
56 | #include "compat.h" | 56 | #include "compat.h" |
57 | #include "log.h" | 57 | #include "log.h" |
58 | 58 | ||
59 | #ifdef SMARTCARD | ||
60 | #include <openssl/engine.h> | ||
61 | #include "scard.h" | ||
62 | #endif | ||
63 | |||
59 | typedef struct { | 64 | typedef struct { |
60 | int fd; | 65 | int fd; |
61 | enum { | 66 | enum { |
@@ -439,6 +444,106 @@ send: | |||
439 | success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE); | 444 | success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE); |
440 | } | 445 | } |
441 | 446 | ||
447 | |||
448 | #ifdef SMARTCARD | ||
449 | static void | ||
450 | process_add_smartcard_key (SocketEntry *e) | ||
451 | { | ||
452 | Idtab *tab; | ||
453 | Key *n = NULL, *k = NULL; | ||
454 | int success = 0; | ||
455 | int sc_reader_num = 0; | ||
456 | |||
457 | sc_reader_num = buffer_get_int(&e->input); | ||
458 | |||
459 | k = sc_get_key(sc_reader_num); | ||
460 | if (k == NULL) { | ||
461 | error("sc_get_pubkey failed"); | ||
462 | goto send; | ||
463 | } | ||
464 | success = 1; | ||
465 | |||
466 | tab = idtab_lookup(1); | ||
467 | if (lookup_private_key(k, NULL, 1) == NULL) { | ||
468 | if (tab->nentries == 0) | ||
469 | tab->identities = xmalloc(sizeof(Identity)); | ||
470 | else | ||
471 | tab->identities = xrealloc(tab->identities, | ||
472 | (tab->nentries + 1) * sizeof(Identity)); | ||
473 | n = key_new(KEY_RSA1); | ||
474 | BN_copy(n->rsa->n, k->rsa->n); | ||
475 | BN_copy(n->rsa->e, k->rsa->e); | ||
476 | RSA_set_method(n->rsa, sc_get_engine()); | ||
477 | tab->identities[tab->nentries].key = n; | ||
478 | tab->identities[tab->nentries].comment = | ||
479 | xstrdup("rsa1 smartcard"); | ||
480 | tab->nentries++; | ||
481 | } | ||
482 | tab = idtab_lookup(2); | ||
483 | if (lookup_private_key(k, NULL, 2) == NULL) { | ||
484 | if (tab->nentries == 0) | ||
485 | tab->identities = xmalloc(sizeof(Identity)); | ||
486 | else | ||
487 | tab->identities = xrealloc(tab->identities, | ||
488 | (tab->nentries + 1) * sizeof(Identity)); | ||
489 | n = key_new(KEY_RSA); | ||
490 | BN_copy(n->rsa->n, k->rsa->n); | ||
491 | BN_copy(n->rsa->e, k->rsa->e); | ||
492 | RSA_set_method(n->rsa, sc_get_engine()); | ||
493 | tab->identities[tab->nentries].key = n; | ||
494 | tab->identities[tab->nentries].comment = | ||
495 | xstrdup("rsa smartcard"); | ||
496 | tab->nentries++; | ||
497 | } | ||
498 | key_free(k); | ||
499 | send: | ||
500 | buffer_put_int(&e->output, 1); | ||
501 | buffer_put_char(&e->output, | ||
502 | success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE); | ||
503 | } | ||
504 | |||
505 | static void | ||
506 | process_remove_smartcard_key(SocketEntry *e) | ||
507 | { | ||
508 | Key *k = NULL, *private; | ||
509 | int idx; | ||
510 | int success = 0; | ||
511 | int sc_reader_num = 0; | ||
512 | |||
513 | sc_reader_num = buffer_get_int(&e->input); | ||
514 | |||
515 | if ((k = sc_get_key(sc_reader_num)) == NULL) { | ||
516 | error("sc_get_pubkey failed"); | ||
517 | } else { | ||
518 | private = lookup_private_key(k, &idx, 1); | ||
519 | if (private != NULL) { | ||
520 | Idtab *tab = idtab_lookup(1); | ||
521 | key_free(tab->identities[idx].key); | ||
522 | xfree(tab->identities[idx].comment); | ||
523 | if (idx != tab->nentries) | ||
524 | tab->identities[idx] = tab->identities[tab->nentries]; | ||
525 | tab->nentries--; | ||
526 | success = 1; | ||
527 | } | ||
528 | private = lookup_private_key(k, &idx, 2); | ||
529 | if (private != NULL) { | ||
530 | Idtab *tab = idtab_lookup(2); | ||
531 | key_free(tab->identities[idx].key); | ||
532 | xfree(tab->identities[idx].comment); | ||
533 | if (idx != tab->nentries) | ||
534 | tab->identities[idx] = tab->identities[tab->nentries]; | ||
535 | tab->nentries--; | ||
536 | success = 1; | ||
537 | } | ||
538 | key_free(k); | ||
539 | } | ||
540 | |||
541 | buffer_put_int(&e->output, 1); | ||
542 | buffer_put_char(&e->output, | ||
543 | success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE); | ||
544 | } | ||
545 | #endif | ||
546 | |||
442 | /* dispatch incoming messages */ | 547 | /* dispatch incoming messages */ |
443 | 548 | ||
444 | static void | 549 | static void |
@@ -462,6 +567,7 @@ process_message(SocketEntry *e) | |||
462 | buffer_consume(&e->input, 4); | 567 | buffer_consume(&e->input, 4); |
463 | type = buffer_get_char(&e->input); | 568 | type = buffer_get_char(&e->input); |
464 | 569 | ||
570 | debug("type %d", type); | ||
465 | switch (type) { | 571 | switch (type) { |
466 | /* ssh1 */ | 572 | /* ssh1 */ |
467 | case SSH_AGENTC_RSA_CHALLENGE: | 573 | case SSH_AGENTC_RSA_CHALLENGE: |
@@ -495,6 +601,14 @@ process_message(SocketEntry *e) | |||
495 | case SSH2_AGENTC_REMOVE_ALL_IDENTITIES: | 601 | case SSH2_AGENTC_REMOVE_ALL_IDENTITIES: |
496 | process_remove_all_identities(e, 2); | 602 | process_remove_all_identities(e, 2); |
497 | break; | 603 | break; |
604 | #ifdef SMARTCARD | ||
605 | case SSH_AGENTC_ADD_SMARTCARD_KEY: | ||
606 | process_add_smartcard_key(e); | ||
607 | break; | ||
608 | case SSH_AGENTC_REMOVE_SMARTCARD_KEY: | ||
609 | process_remove_smartcard_key(e); | ||
610 | break; | ||
611 | #endif | ||
498 | default: | 612 | default: |
499 | /* Unknown message. Respond with failure. */ | 613 | /* Unknown message. Respond with failure. */ |
500 | error("Unknown message %d", type); | 614 | error("Unknown message %d", type); |