From 7ea845e48df6d34a333ebbe79380cba0938d02a5 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Fri, 12 Feb 2010 09:21:02 +1100
Subject:    - markus@cvs.openbsd.org 2010/02/08 10:50:20      [pathnames.h
 readconf.c readconf.h scp.1 sftp.1 ssh-add.1 ssh-add.c]      [ssh-agent.c
 ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config.5]      replace our obsolete
 smartcard code with PKCS#11.        
 ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf      ssh(1)
 and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11      provider
 (shared library) while ssh-agent(1) delegates PKCS#11 to      a forked a
 ssh-pkcs11-helper process.      PKCS#11 is currently a compile time option.  
    feedback and ok djm@; inspired by patches from Alon Bar-Lev `

---
 ssh-add.c | 20 +++++++++-----------
 1 file changed, 9 insertions(+), 11 deletions(-)

(limited to 'ssh-add.c')

diff --git a/ssh-add.c b/ssh-add.c
index 084478d78..90e5be20b 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.91 2009/08/27 17:44:52 djm Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.92 2010/02/08 10:50:20 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -211,7 +211,7 @@ update_card(AuthenticationConnection *ac, int add, const char *id)
 	char *pin;
 	int ret = -1;
 
-	pin = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN);
+	pin = read_passphrase("Enter passphrase for PKCS#11: ", RP_ALLOW_STDIN);
 	if (pin == NULL)
 		return -1;
 
@@ -317,10 +317,8 @@ usage(void)
 	fprintf(stderr, "  -X          Unlock agent.\n");
 	fprintf(stderr, "  -t life     Set lifetime (in seconds) when adding identities.\n");
 	fprintf(stderr, "  -c          Require confirmation to sign using identities\n");
-#ifdef SMARTCARD
-	fprintf(stderr, "  -s reader   Add key in smartcard reader.\n");
-	fprintf(stderr, "  -e reader   Remove key in smartcard reader.\n");
-#endif
+	fprintf(stderr, "  -s pkcs11   Add keys from PKCS#11 provider.\n");
+	fprintf(stderr, "  -e pkcs11   Remove keys provided by PKCS#11 provider.\n");
 }
 
 int
@@ -329,7 +327,7 @@ main(int argc, char **argv)
 	extern char *optarg;
 	extern int optind;
 	AuthenticationConnection *ac = NULL;
-	char *sc_reader_id = NULL;
+	char *pkcs11provider = NULL;
 	int i, ch, deleting = 0, ret = 0;
 
 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
@@ -371,11 +369,11 @@ main(int argc, char **argv)
 				ret = 1;
 			goto done;
 		case 's':
-			sc_reader_id = optarg;
+			pkcs11provider = optarg;
 			break;
 		case 'e':
 			deleting = 1;
-			sc_reader_id = optarg;
+			pkcs11provider = optarg;
 			break;
 		case 't':
 			if ((lifetime = convtime(optarg)) == -1) {
@@ -392,8 +390,8 @@ main(int argc, char **argv)
 	}
 	argc -= optind;
 	argv += optind;
-	if (sc_reader_id != NULL) {
-		if (update_card(ac, !deleting, sc_reader_id) == -1)
+	if (pkcs11provider != NULL) {
+		if (update_card(ac, !deleting, pkcs11provider) == -1)
 			ret = 1;
 		goto done;
 	}
-- 
cgit v1.2.3