diff options
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | authfd.c | 5 | ||||
-rw-r--r-- | authfd.h | 4 | ||||
-rw-r--r-- | ssh-add.c | 10 | ||||
-rw-r--r-- | ssh-agent.c | 14 | ||||
-rw-r--r-- | ssh.c | 4 |
6 files changed, 28 insertions, 14 deletions
@@ -139,6 +139,9 @@ - rees@cvs.openbsd.org 2002/03/21 21:54:34 [scard.c scard.h ssh-keygen.c] Add PIN-protection for secret key. + - rees@cvs.openbsd.org 2002/03/21 22:44:05 + [authfd.c authfd.h ssh-add.c ssh-agent.c ssh.c] + Add PIN-protection for secret key. 20020317 - (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is wanted, @@ -7985,4 +7988,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1964 2002/03/22 03:47:38 mouring Exp $ +$Id: ChangeLog,v 1.1965 2002/03/22 03:51:06 mouring Exp $ @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfd.c,v 1.48 2002/02/24 19:14:59 markus Exp $"); +RCSID("$OpenBSD: authfd.c,v 1.49 2002/03/21 22:44:05 rees Exp $"); #include <openssl/evp.h> @@ -532,7 +532,7 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key) } int -ssh_update_card(AuthenticationConnection *auth, int add, const char *reader_id) +ssh_update_card(AuthenticationConnection *auth, int add, const char *reader_id, const char *pin) { Buffer msg; int type; @@ -541,6 +541,7 @@ ssh_update_card(AuthenticationConnection *auth, int add, const char *reader_id) buffer_put_char(&msg, add ? SSH_AGENTC_ADD_SMARTCARD_KEY : SSH_AGENTC_REMOVE_SMARTCARD_KEY); buffer_put_cstring(&msg, reader_id); + buffer_put_cstring(&msg, pin); if (ssh_request_reply(auth, &msg, &msg) == 0) { buffer_free(&msg); return 0; @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.h,v 1.23 2002/03/04 17:27:39 stevesk Exp $ */ +/* $OpenBSD: authfd.h,v 1.24 2002/03/21 22:44:05 rees Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -67,7 +67,7 @@ Key *ssh_get_next_identity(AuthenticationConnection *, char **, int); int ssh_add_identity(AuthenticationConnection *, Key *, const char *); int ssh_remove_identity(AuthenticationConnection *, Key *); int ssh_remove_all_identities(AuthenticationConnection *, int); -int ssh_update_card(AuthenticationConnection *, int, const char *); +int ssh_update_card(AuthenticationConnection *, int, const char *, const char *); int ssh_decrypt_challenge(AuthenticationConnection *, Key *, BIGNUM *, u_char[16], @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-add.c,v 1.52 2002/03/21 10:21:20 markus Exp $"); +RCSID("$OpenBSD: ssh-add.c,v 1.53 2002/03/21 22:44:05 rees Exp $"); #include <openssl/evp.h> @@ -176,7 +176,13 @@ add_file(AuthenticationConnection *ac, const char *filename) static int update_card(AuthenticationConnection *ac, int add, const char *id) { - if (ssh_update_card(ac, add, id)) { + char *pin; + + pin = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN); + if (pin == NULL) + return -1; + + if (ssh_update_card(ac, add, id, pin)) { fprintf(stderr, "Card %s: %s\n", add ? "added" : "removed", id); return 0; diff --git a/ssh-agent.c b/ssh-agent.c index 555396fc..1874eb15 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -34,7 +34,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.82 2002/03/04 17:27:39 stevesk Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.83 2002/03/21 22:44:05 rees Exp $"); #if defined(HAVE_SYS_QUEUE_H) && !defined(HAVE_BOGUS_SYS_QUEUE_H) #include <sys/queue.h> @@ -454,12 +454,14 @@ process_add_smartcard_key (SocketEntry *e) { Idtab *tab; Key *n = NULL, *k = NULL; - char *sc_reader_id = NULL; + char *sc_reader_id = NULL, *pin; int success = 0; sc_reader_id = buffer_get_string(&e->input, NULL); - k = sc_get_key(sc_reader_id); + pin = buffer_get_string(&e->input, NULL); + k = sc_get_key(sc_reader_id, pin); xfree(sc_reader_id); + xfree(pin); if (k == NULL) { error("sc_get_pubkey failed"); @@ -505,11 +507,13 @@ process_remove_smartcard_key(SocketEntry *e) { Key *k = NULL; int success = 0; - char *sc_reader_id = NULL; + char *sc_reader_id = NULL, *pin; sc_reader_id = buffer_get_string(&e->input, NULL); - k = sc_get_key(sc_reader_id); + pin = buffer_get_string(&e->input, NULL); + k = sc_get_key(sc_reader_id, pin); xfree(sc_reader_id); + xfree(pin); if (k == NULL) { error("sc_get_pubkey failed"); @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.165 2002/03/19 10:49:35 markus Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.166 2002/03/21 22:44:05 rees Exp $"); #include <openssl/evp.h> #include <openssl/err.h> @@ -1193,7 +1193,7 @@ load_public_identity_files(void) #ifdef SMARTCARD if (options.smartcard_device != NULL && options.num_identity_files + 1 < SSH_MAX_IDENTITY_FILES && - (public = sc_get_key(options.smartcard_device)) != NULL ) { + (public = sc_get_key(options.smartcard_device, NULL)) != NULL ) { Key *new; if (options.num_identity_files + 2 > SSH_MAX_IDENTITY_FILES) |