diff options
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | authfd.c | 5 | ||||
-rw-r--r-- | authfd.h | 4 | ||||
-rw-r--r-- | ssh-add.c | 10 | ||||
-rw-r--r-- | ssh-agent.c | 14 | ||||
-rw-r--r-- | ssh.c | 4 |
6 files changed, 28 insertions, 14 deletions
@@ -139,6 +139,9 @@ | |||
139 | - rees@cvs.openbsd.org 2002/03/21 21:54:34 | 139 | - rees@cvs.openbsd.org 2002/03/21 21:54:34 |
140 | [scard.c scard.h ssh-keygen.c] | 140 | [scard.c scard.h ssh-keygen.c] |
141 | Add PIN-protection for secret key. | 141 | Add PIN-protection for secret key. |
142 | - rees@cvs.openbsd.org 2002/03/21 22:44:05 | ||
143 | [authfd.c authfd.h ssh-add.c ssh-agent.c ssh.c] | ||
144 | Add PIN-protection for secret key. | ||
142 | 145 | ||
143 | 20020317 | 146 | 20020317 |
144 | - (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is wanted, | 147 | - (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is wanted, |
@@ -7985,4 +7988,4 @@ | |||
7985 | - Wrote replacements for strlcpy and mkdtemp | 7988 | - Wrote replacements for strlcpy and mkdtemp |
7986 | - Released 1.0pre1 | 7989 | - Released 1.0pre1 |
7987 | 7990 | ||
7988 | $Id: ChangeLog,v 1.1964 2002/03/22 03:47:38 mouring Exp $ | 7991 | $Id: ChangeLog,v 1.1965 2002/03/22 03:51:06 mouring Exp $ |
@@ -35,7 +35,7 @@ | |||
35 | */ | 35 | */ |
36 | 36 | ||
37 | #include "includes.h" | 37 | #include "includes.h" |
38 | RCSID("$OpenBSD: authfd.c,v 1.48 2002/02/24 19:14:59 markus Exp $"); | 38 | RCSID("$OpenBSD: authfd.c,v 1.49 2002/03/21 22:44:05 rees Exp $"); |
39 | 39 | ||
40 | #include <openssl/evp.h> | 40 | #include <openssl/evp.h> |
41 | 41 | ||
@@ -532,7 +532,7 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key) | |||
532 | } | 532 | } |
533 | 533 | ||
534 | int | 534 | int |
535 | ssh_update_card(AuthenticationConnection *auth, int add, const char *reader_id) | 535 | ssh_update_card(AuthenticationConnection *auth, int add, const char *reader_id, const char *pin) |
536 | { | 536 | { |
537 | Buffer msg; | 537 | Buffer msg; |
538 | int type; | 538 | int type; |
@@ -541,6 +541,7 @@ ssh_update_card(AuthenticationConnection *auth, int add, const char *reader_id) | |||
541 | buffer_put_char(&msg, add ? SSH_AGENTC_ADD_SMARTCARD_KEY : | 541 | buffer_put_char(&msg, add ? SSH_AGENTC_ADD_SMARTCARD_KEY : |
542 | SSH_AGENTC_REMOVE_SMARTCARD_KEY); | 542 | SSH_AGENTC_REMOVE_SMARTCARD_KEY); |
543 | buffer_put_cstring(&msg, reader_id); | 543 | buffer_put_cstring(&msg, reader_id); |
544 | buffer_put_cstring(&msg, pin); | ||
544 | if (ssh_request_reply(auth, &msg, &msg) == 0) { | 545 | if (ssh_request_reply(auth, &msg, &msg) == 0) { |
545 | buffer_free(&msg); | 546 | buffer_free(&msg); |
546 | return 0; | 547 | return 0; |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: authfd.h,v 1.23 2002/03/04 17:27:39 stevesk Exp $ */ | 1 | /* $OpenBSD: authfd.h,v 1.24 2002/03/21 22:44:05 rees Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -67,7 +67,7 @@ Key *ssh_get_next_identity(AuthenticationConnection *, char **, int); | |||
67 | int ssh_add_identity(AuthenticationConnection *, Key *, const char *); | 67 | int ssh_add_identity(AuthenticationConnection *, Key *, const char *); |
68 | int ssh_remove_identity(AuthenticationConnection *, Key *); | 68 | int ssh_remove_identity(AuthenticationConnection *, Key *); |
69 | int ssh_remove_all_identities(AuthenticationConnection *, int); | 69 | int ssh_remove_all_identities(AuthenticationConnection *, int); |
70 | int ssh_update_card(AuthenticationConnection *, int, const char *); | 70 | int ssh_update_card(AuthenticationConnection *, int, const char *, const char *); |
71 | 71 | ||
72 | int | 72 | int |
73 | ssh_decrypt_challenge(AuthenticationConnection *, Key *, BIGNUM *, u_char[16], | 73 | ssh_decrypt_challenge(AuthenticationConnection *, Key *, BIGNUM *, u_char[16], |
@@ -35,7 +35,7 @@ | |||
35 | */ | 35 | */ |
36 | 36 | ||
37 | #include "includes.h" | 37 | #include "includes.h" |
38 | RCSID("$OpenBSD: ssh-add.c,v 1.52 2002/03/21 10:21:20 markus Exp $"); | 38 | RCSID("$OpenBSD: ssh-add.c,v 1.53 2002/03/21 22:44:05 rees Exp $"); |
39 | 39 | ||
40 | #include <openssl/evp.h> | 40 | #include <openssl/evp.h> |
41 | 41 | ||
@@ -176,7 +176,13 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
176 | static int | 176 | static int |
177 | update_card(AuthenticationConnection *ac, int add, const char *id) | 177 | update_card(AuthenticationConnection *ac, int add, const char *id) |
178 | { | 178 | { |
179 | if (ssh_update_card(ac, add, id)) { | 179 | char *pin; |
180 | |||
181 | pin = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN); | ||
182 | if (pin == NULL) | ||
183 | return -1; | ||
184 | |||
185 | if (ssh_update_card(ac, add, id, pin)) { | ||
180 | fprintf(stderr, "Card %s: %s\n", | 186 | fprintf(stderr, "Card %s: %s\n", |
181 | add ? "added" : "removed", id); | 187 | add ? "added" : "removed", id); |
182 | return 0; | 188 | return 0; |
diff --git a/ssh-agent.c b/ssh-agent.c index 555396fc5..1874eb152 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
@@ -34,7 +34,7 @@ | |||
34 | */ | 34 | */ |
35 | 35 | ||
36 | #include "includes.h" | 36 | #include "includes.h" |
37 | RCSID("$OpenBSD: ssh-agent.c,v 1.82 2002/03/04 17:27:39 stevesk Exp $"); | 37 | RCSID("$OpenBSD: ssh-agent.c,v 1.83 2002/03/21 22:44:05 rees Exp $"); |
38 | 38 | ||
39 | #if defined(HAVE_SYS_QUEUE_H) && !defined(HAVE_BOGUS_SYS_QUEUE_H) | 39 | #if defined(HAVE_SYS_QUEUE_H) && !defined(HAVE_BOGUS_SYS_QUEUE_H) |
40 | #include <sys/queue.h> | 40 | #include <sys/queue.h> |
@@ -454,12 +454,14 @@ process_add_smartcard_key (SocketEntry *e) | |||
454 | { | 454 | { |
455 | Idtab *tab; | 455 | Idtab *tab; |
456 | Key *n = NULL, *k = NULL; | 456 | Key *n = NULL, *k = NULL; |
457 | char *sc_reader_id = NULL; | 457 | char *sc_reader_id = NULL, *pin; |
458 | int success = 0; | 458 | int success = 0; |
459 | 459 | ||
460 | sc_reader_id = buffer_get_string(&e->input, NULL); | 460 | sc_reader_id = buffer_get_string(&e->input, NULL); |
461 | k = sc_get_key(sc_reader_id); | 461 | pin = buffer_get_string(&e->input, NULL); |
462 | k = sc_get_key(sc_reader_id, pin); | ||
462 | xfree(sc_reader_id); | 463 | xfree(sc_reader_id); |
464 | xfree(pin); | ||
463 | 465 | ||
464 | if (k == NULL) { | 466 | if (k == NULL) { |
465 | error("sc_get_pubkey failed"); | 467 | error("sc_get_pubkey failed"); |
@@ -505,11 +507,13 @@ process_remove_smartcard_key(SocketEntry *e) | |||
505 | { | 507 | { |
506 | Key *k = NULL; | 508 | Key *k = NULL; |
507 | int success = 0; | 509 | int success = 0; |
508 | char *sc_reader_id = NULL; | 510 | char *sc_reader_id = NULL, *pin; |
509 | 511 | ||
510 | sc_reader_id = buffer_get_string(&e->input, NULL); | 512 | sc_reader_id = buffer_get_string(&e->input, NULL); |
511 | k = sc_get_key(sc_reader_id); | 513 | pin = buffer_get_string(&e->input, NULL); |
514 | k = sc_get_key(sc_reader_id, pin); | ||
512 | xfree(sc_reader_id); | 515 | xfree(sc_reader_id); |
516 | xfree(pin); | ||
513 | 517 | ||
514 | if (k == NULL) { | 518 | if (k == NULL) { |
515 | error("sc_get_pubkey failed"); | 519 | error("sc_get_pubkey failed"); |
@@ -39,7 +39,7 @@ | |||
39 | */ | 39 | */ |
40 | 40 | ||
41 | #include "includes.h" | 41 | #include "includes.h" |
42 | RCSID("$OpenBSD: ssh.c,v 1.165 2002/03/19 10:49:35 markus Exp $"); | 42 | RCSID("$OpenBSD: ssh.c,v 1.166 2002/03/21 22:44:05 rees Exp $"); |
43 | 43 | ||
44 | #include <openssl/evp.h> | 44 | #include <openssl/evp.h> |
45 | #include <openssl/err.h> | 45 | #include <openssl/err.h> |
@@ -1193,7 +1193,7 @@ load_public_identity_files(void) | |||
1193 | #ifdef SMARTCARD | 1193 | #ifdef SMARTCARD |
1194 | if (options.smartcard_device != NULL && | 1194 | if (options.smartcard_device != NULL && |
1195 | options.num_identity_files + 1 < SSH_MAX_IDENTITY_FILES && | 1195 | options.num_identity_files + 1 < SSH_MAX_IDENTITY_FILES && |
1196 | (public = sc_get_key(options.smartcard_device)) != NULL ) { | 1196 | (public = sc_get_key(options.smartcard_device, NULL)) != NULL ) { |
1197 | Key *new; | 1197 | Key *new; |
1198 | 1198 | ||
1199 | if (options.num_identity_files + 2 > SSH_MAX_IDENTITY_FILES) | 1199 | if (options.num_identity_files + 2 > SSH_MAX_IDENTITY_FILES) |