diff options
Diffstat (limited to 'ssh-agent.c')
-rw-r--r-- | ssh-agent.c | 98 |
1 files changed, 41 insertions, 57 deletions
diff --git a/ssh-agent.c b/ssh-agent.c index 1874eb152..f8183b400 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
@@ -34,7 +34,7 @@ | |||
34 | */ | 34 | */ |
35 | 35 | ||
36 | #include "includes.h" | 36 | #include "includes.h" |
37 | RCSID("$OpenBSD: ssh-agent.c,v 1.83 2002/03/21 22:44:05 rees Exp $"); | 37 | RCSID("$OpenBSD: ssh-agent.c,v 1.84 2002/03/25 17:34:27 markus Exp $"); |
38 | 38 | ||
39 | #if defined(HAVE_SYS_QUEUE_H) && !defined(HAVE_BOGUS_SYS_QUEUE_H) | 39 | #if defined(HAVE_SYS_QUEUE_H) && !defined(HAVE_BOGUS_SYS_QUEUE_H) |
40 | #include <sys/queue.h> | 40 | #include <sys/queue.h> |
@@ -57,7 +57,6 @@ RCSID("$OpenBSD: ssh-agent.c,v 1.83 2002/03/21 22:44:05 rees Exp $"); | |||
57 | #include "log.h" | 57 | #include "log.h" |
58 | 58 | ||
59 | #ifdef SMARTCARD | 59 | #ifdef SMARTCARD |
60 | #include <openssl/engine.h> | ||
61 | #include "scard.h" | 60 | #include "scard.h" |
62 | #endif | 61 | #endif |
63 | 62 | ||
@@ -452,50 +451,39 @@ send: | |||
452 | static void | 451 | static void |
453 | process_add_smartcard_key (SocketEntry *e) | 452 | process_add_smartcard_key (SocketEntry *e) |
454 | { | 453 | { |
454 | Identity *id; | ||
455 | Idtab *tab; | 455 | Idtab *tab; |
456 | Key *n = NULL, *k = NULL; | 456 | Key **keys, *k; |
457 | char *sc_reader_id = NULL, *pin; | 457 | char *sc_reader_id = NULL, *pin; |
458 | int success = 0; | 458 | int i, version, success = 0; |
459 | 459 | ||
460 | sc_reader_id = buffer_get_string(&e->input, NULL); | 460 | sc_reader_id = buffer_get_string(&e->input, NULL); |
461 | pin = buffer_get_string(&e->input, NULL); | 461 | pin = buffer_get_string(&e->input, NULL); |
462 | k = sc_get_key(sc_reader_id, pin); | 462 | keys = sc_get_keys(sc_reader_id, pin); |
463 | xfree(sc_reader_id); | 463 | xfree(sc_reader_id); |
464 | xfree(pin); | 464 | xfree(pin); |
465 | 465 | ||
466 | if (k == NULL) { | 466 | if (keys == NULL || keys[0] == NULL) { |
467 | error("sc_get_pubkey failed"); | 467 | error("sc_get_keys failed"); |
468 | goto send; | 468 | goto send; |
469 | } | 469 | } |
470 | success = 1; | 470 | for (i = 0; keys[i] != NULL; i++) { |
471 | 471 | k = keys[i]; | |
472 | tab = idtab_lookup(1); | 472 | version = k->type == KEY_RSA1 ? 1 : 2; |
473 | k->type = KEY_RSA1; | 473 | tab = idtab_lookup(version); |
474 | if (lookup_identity(k, 1) == NULL) { | 474 | if (lookup_identity(k, version) == NULL) { |
475 | Identity *id = xmalloc(sizeof(Identity)); | 475 | id = xmalloc(sizeof(Identity)); |
476 | n = key_new(KEY_RSA1); | 476 | id->key = k; |
477 | BN_copy(n->rsa->n, k->rsa->n); | 477 | id->comment = xstrdup("smartcard key"); |
478 | BN_copy(n->rsa->e, k->rsa->e); | 478 | TAILQ_INSERT_TAIL(&tab->idlist, id, next); |
479 | RSA_set_method(n->rsa, sc_get_engine()); | 479 | tab->nentries++; |
480 | id->key = n; | 480 | success = 1; |
481 | id->comment = xstrdup("rsa1 smartcard"); | 481 | } else { |
482 | TAILQ_INSERT_TAIL(&tab->idlist, id, next); | 482 | key_free(k); |
483 | tab->nentries++; | 483 | } |
484 | } | 484 | keys[i] = NULL; |
485 | k->type = KEY_RSA; | ||
486 | tab = idtab_lookup(2); | ||
487 | if (lookup_identity(k, 2) == NULL) { | ||
488 | Identity *id = xmalloc(sizeof(Identity)); | ||
489 | n = key_new(KEY_RSA); | ||
490 | BN_copy(n->rsa->n, k->rsa->n); | ||
491 | BN_copy(n->rsa->e, k->rsa->e); | ||
492 | RSA_set_method(n->rsa, sc_get_engine()); | ||
493 | id->key = n; | ||
494 | id->comment = xstrdup("rsa smartcard"); | ||
495 | TAILQ_INSERT_TAIL(&tab->idlist, id, next); | ||
496 | tab->nentries++; | ||
497 | } | 485 | } |
498 | key_free(k); | 486 | xfree(keys); |
499 | send: | 487 | send: |
500 | buffer_put_int(&e->output, 1); | 488 | buffer_put_int(&e->output, 1); |
501 | buffer_put_char(&e->output, | 489 | buffer_put_char(&e->output, |
@@ -505,41 +493,37 @@ send: | |||
505 | static void | 493 | static void |
506 | process_remove_smartcard_key(SocketEntry *e) | 494 | process_remove_smartcard_key(SocketEntry *e) |
507 | { | 495 | { |
508 | Key *k = NULL; | 496 | Identity *id; |
509 | int success = 0; | 497 | Idtab *tab; |
498 | Key **keys, *k = NULL; | ||
510 | char *sc_reader_id = NULL, *pin; | 499 | char *sc_reader_id = NULL, *pin; |
500 | int i, version, success = 0; | ||
511 | 501 | ||
512 | sc_reader_id = buffer_get_string(&e->input, NULL); | 502 | sc_reader_id = buffer_get_string(&e->input, NULL); |
513 | pin = buffer_get_string(&e->input, NULL); | 503 | pin = buffer_get_string(&e->input, NULL); |
514 | k = sc_get_key(sc_reader_id, pin); | 504 | keys = sc_get_keys(sc_reader_id, pin); |
515 | xfree(sc_reader_id); | 505 | xfree(sc_reader_id); |
516 | xfree(pin); | 506 | xfree(pin); |
517 | 507 | ||
518 | if (k == NULL) { | 508 | if (keys == NULL || keys[0] == NULL) { |
519 | error("sc_get_pubkey failed"); | 509 | error("sc_get_keys failed"); |
520 | } else { | 510 | goto send; |
521 | Identity *id; | 511 | } |
522 | k->type = KEY_RSA1; | 512 | for (i = 0; keys[i] != NULL; i++) { |
523 | id = lookup_identity(k, 1); | 513 | k = keys[i]; |
524 | if (id != NULL) { | 514 | version = k->type == KEY_RSA1 ? 1 : 2; |
525 | Idtab *tab = idtab_lookup(1); | 515 | if ((id = lookup_identity(k, version)) != NULL) { |
526 | TAILQ_REMOVE(&tab->idlist, id, next); | 516 | tab = idtab_lookup(version); |
527 | free_identity(id); | 517 | TAILQ_REMOVE(&tab->idlist, id, next); |
528 | tab->nentries--; | 518 | tab->nentries--; |
529 | success = 1; | ||
530 | } | ||
531 | k->type = KEY_RSA; | ||
532 | id = lookup_identity(k, 2); | ||
533 | if (id != NULL) { | ||
534 | Idtab *tab = idtab_lookup(2); | ||
535 | TAILQ_REMOVE(&tab->idlist, id, next); | ||
536 | free_identity(id); | 519 | free_identity(id); |
537 | tab->nentries--; | ||
538 | success = 1; | 520 | success = 1; |
539 | } | 521 | } |
540 | key_free(k); | 522 | key_free(k); |
523 | keys[i] = NULL; | ||
541 | } | 524 | } |
542 | 525 | xfree(keys); | |
526 | send: | ||
543 | buffer_put_int(&e->output, 1); | 527 | buffer_put_int(&e->output, 1); |
544 | buffer_put_char(&e->output, | 528 | buffer_put_char(&e->output, |
545 | success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE); | 529 | success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE); |