- markus@cvs.openbsd.org 2001/06/26 04:59:59

[authfd.c authfd.h ssh-add.c] initial support for smartcards in the agent
2001-07-04 03:50:02 +00:00 · 2001-07-04 03:50:02 +00:00 · 036a6b28c9
parent d94580c708
commit 036a6b28c9
4 changed files with 83 additions and 5 deletions
--- a/5
+++ b/5
@ -22,6 +22,9 @@
   - markus@cvs.openbsd.org 2001/06/26 04:07:06
     [ssh-agent.1 ssh-agent.c]
     add debug flag
+   - markus@cvs.openbsd.org 2001/06/26 04:59:59
+     [authfd.c authfd.h ssh-add.c]
+     initial support for smartcards in the agent

 20010629
 - (bal) Removed net_aton() since we don't use it any more
@ -5849,4 +5852,4 @@
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1

-$Id: ChangeLog,v 1.1350 2001/07/04 03:48:02 mouring Exp $
+$Id: ChangeLog,v 1.1351 2001/07/04 03:50:02 mouring Exp $
--- a/authfd.c
+++ b/authfd.c
@ -35,7 +35,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: authfd.c,v 1.41 2001/06/23 15:12:17 itojun Exp $");
+RCSID("$OpenBSD: authfd.c,v 1.42 2001/06/26 04:59:59 markus Exp $");

 #include <openssl/evp.h>

@ -534,6 +534,25 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key)
 	return decode_reply(type);
 }

+int
+ssh_update_card(AuthenticationConnection *auth, int add, int reader_id)
+{
+	Buffer msg;
+	int type;
+
+	buffer_init(&msg);
+	buffer_put_char(&msg, add ? SSH_AGENTC_ADD_SMARTCARD_KEY :
+	    SSH_AGENTC_REMOVE_SMARTCARD_KEY);
+	buffer_put_int(&msg, reader_id);
+	if (ssh_request_reply(auth, &msg, &msg) == 0) {
+		buffer_free(&msg);
+		return 0;
+	}
+	type = buffer_get_char(&msg);
+	buffer_free(&msg);
+	return decode_reply(type);
+}
+
 /*
 * Removes all identities from the agent.  This call is not meant to be used
 * by normal applications.
--- a/authfd.h
+++ b/authfd.h
@ -11,7 +11,7 @@
 * called by a name other than "ssh" or "Secure Shell".
 */

-/* RCSID("$OpenBSD: authfd.h,v 1.16 2000/12/20 19:37:21 markus Exp $"); */
+/* RCSID("$OpenBSD: authfd.h,v 1.17 2001/06/26 04:59:59 markus Exp $"); */

 #ifndef AUTHFD_H
 #define AUTHFD_H
@ -38,6 +38,10 @@
 #define SSH2_AGENTC_REMOVE_IDENTITY		18
 #define SSH2_AGENTC_REMOVE_ALL_IDENTITIES	19

+/* smartcard */
+#define SSH_AGENTC_ADD_SMARTCARD_KEY		20
+#define SSH_AGENTC_REMOVE_SMARTCARD_KEY	        21
+
 /* additional error code for ssh.com's ssh-agent2 */
 #define SSH_COM_AGENT2_FAILURE                   102

@ -133,6 +137,8 @@ int     ssh_remove_identity(AuthenticationConnection *auth, Key *key);
 * meant to be used by normal applications.  This returns true if the
 * operation was successful.
 */
-int     ssh_remove_all_identities(AuthenticationConnection *auth, int version);
+int	ssh_remove_all_identities(AuthenticationConnection *auth, int version);
+
+int	ssh_update_card(AuthenticationConnection *auth, int add, int reader_id);

 #endif				/* AUTHFD_H */
--- a/ssh-add.c
+++ b/ssh-add.c
@ -35,7 +35,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: ssh-add.c,v 1.41 2001/06/25 08:25:40 markus Exp $");
+RCSID("$OpenBSD: ssh-add.c,v 1.42 2001/06/26 04:59:59 markus Exp $");

 #include <openssl/evp.h>

@ -149,6 +149,17 @@ add_file(AuthenticationConnection *ac, const char *filename)
 	key_free(private);
 }

+static void
+update_card(AuthenticationConnection *ac, int add, int id)
+{
+	if (ssh_update_card(ac, add, id))
+		fprintf(stderr, "Card %s: %d\n",
+		     add ? "added" : "removed", id);
+	else
+		fprintf(stderr, "Could not %s card: %d\n",
+		     add ? "add" : "remove", id);
+}
+
 static void
 list_identities(AuthenticationConnection *ac, int do_fp)
 {
@ -181,6 +192,18 @@ list_identities(AuthenticationConnection *ac, int do_fp)
 		printf("The agent has no identities.\n");
 }

+static void
+usage(void)
+{
+	printf("Usage: ssh-add [options]\n");
+	printf("    -l, -L        : list identities\n");
+	printf("    -d            : delete identity\n");
+	printf("    -D            : delete all identities\n");
+	printf("    -s reader_num : add key in the smartcard in reader_num.\n");
+	printf("    -e reader_num : remove key in the smartcard in reader_num.\n");
+	exit (1);
+}
+
 int
 main(int argc, char **argv)
 {
@ -190,6 +213,8 @@ main(int argc, char **argv)
 	int no_files = 1;
 	int i;
 	int deleting = 0;
+	int sc_mode = 0;
+	int sc_reader_num = 0;

 	__progname = get_progname(argv[0]);
 	init_rng();
@ -220,12 +245,37 @@ main(int argc, char **argv)
 			no_files = 0;
 			continue;
 		}
+		if (strcmp(argv[i], "-s") == 0) {
+			sc_mode = 1;
+			deleting = 0; 
+			i++;
+			if (i >= argc)
+				usage();
+			sc_reader_num = atoi(argv[i]);
+			continue; 
+		}
+		if (strcmp(argv[i], "-e") == 0) {
+			sc_mode = 1;
+			deleting = 1; 
+			i++;
+			if (i >= argc)
+				usage();
+			sc_reader_num = atoi(argv[i]);
+			continue; 
+		}
+		if (sc_mode == 1)
+			update_card(ac, !deleting, sc_reader_num);
 		no_files = 0;
 		if (deleting)
 			delete_file(ac, argv[i]);
 		else
 			add_file(ac, argv[i]);
 	}
+	if (sc_mode == 1) {
+		update_card(ac, !deleting, sc_reader_num);
+		ssh_close_authentication_connection(ac);
+		exit(0);
+	}
 	if (no_files) {
 		pw = getpwuid(getuid());
 		if (!pw) {