- markus@cvs.openbsd.org 2010/02/08 10:50:20

[pathnames.h readconf.c readconf.h scp.1 sftp.1 ssh-add.1 ssh-add.c] [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config.5] replace our obsolete smartcard code with PKCS#11. ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11 provider (shared library) while ssh-agent(1) delegates PKCS#11 to a forked a ssh-pkcs11-helper process. PKCS#11 is currently a compile time option. feedback and ok djm@; inspired by patches from Alon Bar-Lev `
author: Damien Miller <djm@mindrot.org> 2010-02-12 09:21:02 +1100
committer: Damien Miller <djm@mindrot.org> 2010-02-12 09:21:02 +1100
commit: 7ea845e48df6d34a333ebbe79380cba0938d02a5 (patch)
tree: 44ab0d3fdfe0560b7ca92f5747e9dd5d012aea18 /ssh-add.c
parent: 17751bcab25681d341442fdc2386a30a6bea345e (diff)
1 files changed, 9 insertions, 11 deletions
diff --git a/ssh-add.c b/ssh-add.c
index 084478d78..90e5be20b 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.91 2009/08/27 17:44:52 djm Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.92 2010/02/08 10:50:20 markus Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -211,7 +211,7 @@ update_card(AuthenticationConnection *ac, int add, const char *id)
        char *pin;
        int ret = -1;
-        pin = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN);
+        pin = read_passphrase("Enter passphrase for PKCS#11: ", RP_ALLOW_STDIN);
        if (pin == NULL)
                return -1;
@@ -317,10 +317,8 @@ usage(void)
        fprintf(stderr, "  -X          Unlock agent.\n");
        fprintf(stderr, "  -t life     Set lifetime (in seconds) when adding identities.\n");
        fprintf(stderr, "  -c          Require confirmation to sign using identities\n");
-#ifdef SMARTCARD
+        fprintf(stderr, "  -s pkcs11   Add keys from PKCS#11 provider.\n");
-        fprintf(stderr, "  -s reader   Add key in smartcard reader.\n");
+        fprintf(stderr, "  -e pkcs11   Remove keys provided by PKCS#11 provider.\n");
-        fprintf(stderr, "  -e reader   Remove key in smartcard reader.\n");
-#endif
 }
 int
@@ -329,7 +327,7 @@ main(int argc, char **argv)
        extern char *optarg;
        extern int optind;
        AuthenticationConnection *ac = NULL;
-        char *sc_reader_id = NULL;
+        char *pkcs11provider = NULL;
        int i, ch, deleting = 0, ret = 0;
        /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
@@ -371,11 +369,11 @@ main(int argc, char **argv)
                                ret = 1;
                        goto done;
                case 's':
-                        sc_reader_id = optarg;
+                        pkcs11provider = optarg;
                        break;
                case 'e':
                        deleting = 1;
-                        sc_reader_id = optarg;
+                        pkcs11provider = optarg;
                        break;
                case 't':
                        if ((lifetime = convtime(optarg)) == -1) {
@@ -392,8 +390,8 @@ main(int argc, char **argv)
        }
        argc -= optind;
        argv += optind;
-        if (sc_reader_id != NULL) {
+        if (pkcs11provider != NULL) {
-                if (update_card(ac, !deleting, sc_reader_id) == -1)
+                if (update_card(ac, !deleting, pkcs11provider) == -1)
                        ret = 1;
                goto done;
        }
author	Damien Miller <djm@mindrot.org>	2010-02-12 09:21:02 +1100
committer	Damien Miller <djm@mindrot.org>	2010-02-12 09:21:02 +1100
commit	7ea845e48df6d34a333ebbe79380cba0938d02a5 (patch)
tree	44ab0d3fdfe0560b7ca92f5747e9dd5d012aea18 /ssh-add.c
parent	17751bcab25681d341442fdc2386a30a6bea345e (diff)