diff options
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | readconf.c | 10 | ||||
-rw-r--r-- | readconf.h | 3 | ||||
-rw-r--r-- | ssh.1 | 15 | ||||
-rw-r--r-- | ssh.c | 13 |
5 files changed, 34 insertions, 14 deletions
@@ -75,6 +75,11 @@ | |||
75 | - jakob@cvs.openbsd.org 2001/07/31 08:41:10 | 75 | - jakob@cvs.openbsd.org 2001/07/31 08:41:10 |
76 | [scard.c] | 76 | [scard.c] |
77 | do not complain about missing smartcards. ok markus@ | 77 | do not complain about missing smartcards. ok markus@ |
78 | - jakob@cvs.openbsd.org 2001/07/31 09:28:44 | ||
79 | [readconf.c readconf.h ssh.1 ssh.c] | ||
80 | add 'SmartcardDevice' client option to specify which smartcard device | ||
81 | is used to access a smartcard used for storing the user's private RSA | ||
82 | key. ok markus@. | ||
78 | 83 | ||
79 | 20010803 | 84 | 20010803 |
80 | - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on | 85 | - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on |
@@ -6185,4 +6190,4 @@ | |||
6185 | - Wrote replacements for strlcpy and mkdtemp | 6190 | - Wrote replacements for strlcpy and mkdtemp |
6186 | - Released 1.0pre1 | 6191 | - Released 1.0pre1 |
6187 | 6192 | ||
6188 | $Id: ChangeLog,v 1.1445 2001/08/06 21:25:38 mouring Exp $ | 6193 | $Id: ChangeLog,v 1.1446 2001/08/06 21:27:53 mouring Exp $ |
diff --git a/readconf.c b/readconf.c index 6519ec667..a4ae73333 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -12,7 +12,7 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: readconf.c,v 1.84 2001/07/25 14:35:18 markus Exp $"); | 15 | RCSID("$OpenBSD: readconf.c,v 1.85 2001/07/31 09:28:44 jakob Exp $"); |
16 | 16 | ||
17 | #include "ssh.h" | 17 | #include "ssh.h" |
18 | #include "xmalloc.h" | 18 | #include "xmalloc.h" |
@@ -114,7 +114,7 @@ typedef enum { | |||
114 | oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, | 114 | oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, |
115 | oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, | 115 | oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, |
116 | oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, | 116 | oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, |
117 | oHostKeyAlgorithms, oBindAddress | 117 | oHostKeyAlgorithms, oBindAddress, oSmartcardDevice |
118 | } OpCodes; | 118 | } OpCodes; |
119 | 119 | ||
120 | /* Textual representations of the tokens. */ | 120 | /* Textual representations of the tokens. */ |
@@ -183,6 +183,7 @@ static struct { | |||
183 | { "preferredauthentications", oPreferredAuthentications }, | 183 | { "preferredauthentications", oPreferredAuthentications }, |
184 | { "hostkeyalgorithms", oHostKeyAlgorithms }, | 184 | { "hostkeyalgorithms", oHostKeyAlgorithms }, |
185 | { "bindaddress", oBindAddress }, | 185 | { "bindaddress", oBindAddress }, |
186 | { "smartcarddevice", oSmartcardDevice }, | ||
186 | { NULL, 0 } | 187 | { NULL, 0 } |
187 | }; | 188 | }; |
188 | 189 | ||
@@ -468,6 +469,10 @@ parse_string: | |||
468 | charptr = &options->bind_address; | 469 | charptr = &options->bind_address; |
469 | goto parse_string; | 470 | goto parse_string; |
470 | 471 | ||
472 | case oSmartcardDevice: | ||
473 | intptr = &options->smartcard_device; | ||
474 | goto parse_int; | ||
475 | |||
471 | case oProxyCommand: | 476 | case oProxyCommand: |
472 | charptr = &options->proxy_command; | 477 | charptr = &options->proxy_command; |
473 | while ((arg = strdelim(&s)) != NULL && *arg != '\0') { | 478 | while ((arg = strdelim(&s)) != NULL && *arg != '\0') { |
@@ -772,6 +777,7 @@ initialize_options(Options * options) | |||
772 | options->log_level = (LogLevel) - 1; | 777 | options->log_level = (LogLevel) - 1; |
773 | options->preferred_authentications = NULL; | 778 | options->preferred_authentications = NULL; |
774 | options->bind_address = NULL; | 779 | options->bind_address = NULL; |
780 | options->smartcard_device = -1; | ||
775 | } | 781 | } |
776 | 782 | ||
777 | /* | 783 | /* |
diff --git a/readconf.h b/readconf.h index f91dc3899..623a44810 100644 --- a/readconf.h +++ b/readconf.h | |||
@@ -11,7 +11,7 @@ | |||
11 | * called by a name other than "ssh" or "Secure Shell". | 11 | * called by a name other than "ssh" or "Secure Shell". |
12 | */ | 12 | */ |
13 | 13 | ||
14 | /* RCSID("$OpenBSD: readconf.h,v 1.35 2001/06/26 17:27:24 markus Exp $"); */ | 14 | /* RCSID("$OpenBSD: readconf.h,v 1.36 2001/07/31 09:28:44 jakob Exp $"); */ |
15 | 15 | ||
16 | #ifndef READCONF_H | 16 | #ifndef READCONF_H |
17 | #define READCONF_H | 17 | #define READCONF_H |
@@ -87,6 +87,7 @@ typedef struct { | |||
87 | char *user_hostfile2; | 87 | char *user_hostfile2; |
88 | char *preferred_authentications; | 88 | char *preferred_authentications; |
89 | char *bind_address; /* local socket address for connection to sshd */ | 89 | char *bind_address; /* local socket address for connection to sshd */ |
90 | int smartcard_device; /* Smartcard reader device */ | ||
90 | 91 | ||
91 | int num_identity_files; /* Number of files for RSA/DSA identities. */ | 92 | int num_identity_files; /* Number of files for RSA/DSA identities. */ |
92 | char *identity_files[SSH_MAX_IDENTITY_FILES]; | 93 | char *identity_files[SSH_MAX_IDENTITY_FILES]; |
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh.1,v 1.124 2001/07/25 14:35:18 markus Exp $ | 37 | .\" $OpenBSD: ssh.1,v 1.125 2001/07/31 09:28:44 jakob Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSH 1 | 39 | .Dt SSH 1 |
40 | .Os | 40 | .Os |
@@ -448,6 +448,12 @@ It is possible to have multiple | |||
448 | .Fl i | 448 | .Fl i |
449 | options (and multiple identities specified in | 449 | options (and multiple identities specified in |
450 | configuration files). | 450 | configuration files). |
451 | .It Fl I Ar smartcard_device | ||
452 | Specifies which smartcard device to use. The argument is | ||
453 | the device | ||
454 | .Nm | ||
455 | should use to communicate with a smartcard used for storing the user's | ||
456 | private RSA key. | ||
451 | .It Fl k | 457 | .It Fl k |
452 | Disables forwarding of Kerberos tickets and AFS tokens. | 458 | Disables forwarding of Kerberos tickets and AFS tokens. |
453 | This may also be specified on a per-host basis in the configuration file. | 459 | This may also be specified on a per-host basis in the configuration file. |
@@ -1016,6 +1022,13 @@ or | |||
1016 | .Dq no . | 1022 | .Dq no . |
1017 | The default is | 1023 | The default is |
1018 | .Dq yes . | 1024 | .Dq yes . |
1025 | .It Cm SmartcardDevice | ||
1026 | Specifies which smartcard device to use. The argument to this keyword is | ||
1027 | the device | ||
1028 | .Nm | ||
1029 | should use to communicate with a smartcard used for storing the user's | ||
1030 | private RSA key. By default, no device is specified and smartcard support | ||
1031 | is not activated. | ||
1019 | .It Cm StrictHostKeyChecking | 1032 | .It Cm StrictHostKeyChecking |
1020 | If this flag is set to | 1033 | If this flag is set to |
1021 | .Dq yes , | 1034 | .Dq yes , |
@@ -39,7 +39,7 @@ | |||
39 | */ | 39 | */ |
40 | 40 | ||
41 | #include "includes.h" | 41 | #include "includes.h" |
42 | RCSID("$OpenBSD: ssh.c,v 1.131 2001/07/27 14:50:45 millert Exp $"); | 42 | RCSID("$OpenBSD: ssh.c,v 1.132 2001/07/31 09:28:44 jakob Exp $"); |
43 | 43 | ||
44 | #include <openssl/evp.h> | 44 | #include <openssl/evp.h> |
45 | #include <openssl/err.h> | 45 | #include <openssl/err.h> |
@@ -151,11 +151,6 @@ Buffer command; | |||
151 | /* Should we execute a command or invoke a subsystem? */ | 151 | /* Should we execute a command or invoke a subsystem? */ |
152 | int subsystem_flag = 0; | 152 | int subsystem_flag = 0; |
153 | 153 | ||
154 | #ifdef SMARTCARD | ||
155 | /* Smartcard reader id */ | ||
156 | int sc_reader_num = -1; | ||
157 | #endif | ||
158 | |||
159 | /* Prints a help message to the user. This function never returns. */ | 154 | /* Prints a help message to the user. This function never returns. */ |
160 | 155 | ||
161 | static void | 156 | static void |
@@ -377,7 +372,7 @@ again: | |||
377 | break; | 372 | break; |
378 | case 'I': | 373 | case 'I': |
379 | #ifdef SMARTCARD | 374 | #ifdef SMARTCARD |
380 | sc_reader_num = atoi(optarg); | 375 | options.smartcard_device = atoi(optarg); |
381 | #else | 376 | #else |
382 | fprintf(stderr, "no support for smartcards.\n"); | 377 | fprintf(stderr, "no support for smartcards.\n"); |
383 | #endif | 378 | #endif |
@@ -1156,9 +1151,9 @@ load_public_identity_files(void) | |||
1156 | int i = 0; | 1151 | int i = 0; |
1157 | 1152 | ||
1158 | #ifdef SMARTCARD | 1153 | #ifdef SMARTCARD |
1159 | if (sc_reader_num != -1 && | 1154 | if (options.smartcard_device >= 0 && |
1160 | options.num_identity_files + 1 < SSH_MAX_IDENTITY_FILES && | 1155 | options.num_identity_files + 1 < SSH_MAX_IDENTITY_FILES && |
1161 | (public = sc_get_key(sc_reader_num)) != NULL ) { | 1156 | (public = sc_get_key(options.smartcard_device)) != NULL ) { |
1162 | Key *new; | 1157 | Key *new; |
1163 | 1158 | ||
1164 | if (options.num_identity_files + 2 > SSH_MAX_IDENTITY_FILES) | 1159 | if (options.num_identity_files + 2 > SSH_MAX_IDENTITY_FILES) |