summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog7
-rw-r--r--readconf.c10
-rw-r--r--readconf.h3
-rw-r--r--ssh.115
-rw-r--r--ssh.c13
5 files changed, 34 insertions, 14 deletions
diff --git a/ChangeLog b/ChangeLog
index 4ad73258..c44eb959 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -75,6 +75,11 @@
- jakob@cvs.openbsd.org 2001/07/31 08:41:10
[scard.c]
do not complain about missing smartcards. ok markus@
+ - jakob@cvs.openbsd.org 2001/07/31 09:28:44
+ [readconf.c readconf.h ssh.1 ssh.c]
+ add 'SmartcardDevice' client option to specify which smartcard device
+ is used to access a smartcard used for storing the user's private RSA
+ key. ok markus@.
20010803
- (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on
@@ -6185,4 +6190,4 @@
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1
-$Id: ChangeLog,v 1.1445 2001/08/06 21:25:38 mouring Exp $
+$Id: ChangeLog,v 1.1446 2001/08/06 21:27:53 mouring Exp $
diff --git a/readconf.c b/readconf.c
index 6519ec66..a4ae7333 100644
--- a/readconf.c
+++ b/readconf.c
@@ -12,7 +12,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.84 2001/07/25 14:35:18 markus Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.85 2001/07/31 09:28:44 jakob Exp $");
#include "ssh.h"
#include "xmalloc.h"
@@ -114,7 +114,7 @@ typedef enum {
oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
- oHostKeyAlgorithms, oBindAddress
+ oHostKeyAlgorithms, oBindAddress, oSmartcardDevice
} OpCodes;
/* Textual representations of the tokens. */
@@ -183,6 +183,7 @@ static struct {
{ "preferredauthentications", oPreferredAuthentications },
{ "hostkeyalgorithms", oHostKeyAlgorithms },
{ "bindaddress", oBindAddress },
+ { "smartcarddevice", oSmartcardDevice },
{ NULL, 0 }
};
@@ -468,6 +469,10 @@ parse_string:
charptr = &options->bind_address;
goto parse_string;
+ case oSmartcardDevice:
+ intptr = &options->smartcard_device;
+ goto parse_int;
+
case oProxyCommand:
charptr = &options->proxy_command;
while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
@@ -772,6 +777,7 @@ initialize_options(Options * options)
options->log_level = (LogLevel) - 1;
options->preferred_authentications = NULL;
options->bind_address = NULL;
+ options->smartcard_device = -1;
}
/*
diff --git a/readconf.h b/readconf.h
index f91dc389..623a4481 100644
--- a/readconf.h
+++ b/readconf.h
@@ -11,7 +11,7 @@
* called by a name other than "ssh" or "Secure Shell".
*/
-/* RCSID("$OpenBSD: readconf.h,v 1.35 2001/06/26 17:27:24 markus Exp $"); */
+/* RCSID("$OpenBSD: readconf.h,v 1.36 2001/07/31 09:28:44 jakob Exp $"); */
#ifndef READCONF_H
#define READCONF_H
@@ -87,6 +87,7 @@ typedef struct {
char *user_hostfile2;
char *preferred_authentications;
char *bind_address; /* local socket address for connection to sshd */
+ int smartcard_device; /* Smartcard reader device */
int num_identity_files; /* Number of files for RSA/DSA identities. */
char *identity_files[SSH_MAX_IDENTITY_FILES];
diff --git a/ssh.1 b/ssh.1
index 32d54c37..4e10ab10 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.124 2001/07/25 14:35:18 markus Exp $
+.\" $OpenBSD: ssh.1,v 1.125 2001/07/31 09:28:44 jakob Exp $
.Dd September 25, 1999
.Dt SSH 1
.Os
@@ -448,6 +448,12 @@ It is possible to have multiple
.Fl i
options (and multiple identities specified in
configuration files).
+.It Fl I Ar smartcard_device
+Specifies which smartcard device to use. The argument is
+the device
+.Nm
+should use to communicate with a smartcard used for storing the user's
+private RSA key.
.It Fl k
Disables forwarding of Kerberos tickets and AFS tokens.
This may also be specified on a per-host basis in the configuration file.
@@ -1016,6 +1022,13 @@ or
.Dq no .
The default is
.Dq yes .
+.It Cm SmartcardDevice
+Specifies which smartcard device to use. The argument to this keyword is
+the device
+.Nm
+should use to communicate with a smartcard used for storing the user's
+private RSA key. By default, no device is specified and smartcard support
+is not activated.
.It Cm StrictHostKeyChecking
If this flag is set to
.Dq yes ,
diff --git a/ssh.c b/ssh.c
index d12d7580..70eaa772 100644
--- a/ssh.c
+++ b/ssh.c
@@ -39,7 +39,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.131 2001/07/27 14:50:45 millert Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.132 2001/07/31 09:28:44 jakob Exp $");
#include <openssl/evp.h>
#include <openssl/err.h>
@@ -151,11 +151,6 @@ Buffer command;
/* Should we execute a command or invoke a subsystem? */
int subsystem_flag = 0;
-#ifdef SMARTCARD
-/* Smartcard reader id */
-int sc_reader_num = -1;
-#endif
-
/* Prints a help message to the user. This function never returns. */
static void
@@ -377,7 +372,7 @@ again:
break;
case 'I':
#ifdef SMARTCARD
- sc_reader_num = atoi(optarg);
+ options.smartcard_device = atoi(optarg);
#else
fprintf(stderr, "no support for smartcards.\n");
#endif
@@ -1156,9 +1151,9 @@ load_public_identity_files(void)
int i = 0;
#ifdef SMARTCARD
- if (sc_reader_num != -1 &&
+ if (options.smartcard_device >= 0 &&
options.num_identity_files + 1 < SSH_MAX_IDENTITY_FILES &&
- (public = sc_get_key(sc_reader_num)) != NULL ) {
+ (public = sc_get_key(options.smartcard_device)) != NULL ) {
Key *new;
if (options.num_identity_files + 2 > SSH_MAX_IDENTITY_FILES)