|
Lines 84-89
Link Here
|
| 84 |
#include "readconf.h" |
84 |
#include "readconf.h" |
| 85 |
#include "sshconnect.h" |
85 |
#include "sshconnect.h" |
| 86 |
#include "misc.h" |
86 |
#include "misc.h" |
|
|
87 |
#include "pkcs11.h" |
| 87 |
#include "kex.h" |
88 |
#include "kex.h" |
| 88 |
#include "mac.h" |
89 |
#include "mac.h" |
| 89 |
#include "sshpty.h" |
90 |
#include "sshpty.h" |
|
Lines 171-176
static u_int mux_command = 0;
Link Here
|
| 171 |
volatile sig_atomic_t control_client_terminate = 0; |
172 |
volatile sig_atomic_t control_client_terminate = 0; |
| 172 |
u_int control_server_pid = 0; |
173 |
u_int control_server_pid = 0; |
| 173 |
|
174 |
|
|
|
175 |
#ifdef ENABLE_PKCS11 |
| 176 |
/* For PKCS#11 */ |
| 177 |
static pkcs11_provider *use_pkcs11_provider = NULL; |
| 178 |
#endif |
| 179 |
|
| 174 |
/* Prints a help message to the user. This function never returns. */ |
180 |
/* Prints a help message to the user. This function never returns. */ |
| 175 |
|
181 |
|
| 176 |
static void |
182 |
static void |
|
Lines 183-188
usage(void)
Link Here
|
| 183 |
" [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n" |
189 |
" [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n" |
| 184 |
" [-R [bind_address:]port:host:hostport] [-S ctl_path]\n" |
190 |
" [-R [bind_address:]port:host:hostport] [-S ctl_path]\n" |
| 185 |
" [-w local_tun[:remote_tun]] [user@]hostname [command]\n" |
191 |
" [-w local_tun[:remote_tun]] [user@]hostname [command]\n" |
|
|
192 |
#ifdef ENABLE_PKCS11 |
| 193 |
" [-# use_pkcs11_provider_info]\n" |
| 194 |
#endif |
| 186 |
); |
195 |
); |
| 187 |
exit(255); |
196 |
exit(255); |
| 188 |
} |
197 |
} |
|
Lines 259-266
main(int ac, char **av)
Link Here
|
| 259 |
|
268 |
|
| 260 |
again: |
269 |
again: |
| 261 |
while ((opt = getopt(ac, av, |
270 |
while ((opt = getopt(ac, av, |
| 262 |
"1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:KL:MNO:PR:S:TVw:XY")) != -1) { |
271 |
"#:1246ab:c:e:fgi:k:l:m:no:p:qstvxACD:F:I:KL:MNO:PR:S:TVw:XY")) != -1) { |
| 263 |
switch (opt) { |
272 |
switch (opt) { |
|
|
273 |
#ifdef ENABLE_PKCS11 |
| 274 |
case '#': |
| 275 |
if ((use_pkcs11_provider = pkcs11_parse_provider(optarg)) == NULL) { |
| 276 |
fprintf(stderr, "Cannot parse PKCS#11 provider information.\n"); |
| 277 |
exit(255); |
| 278 |
} |
| 279 |
break; |
| 280 |
#endif |
| 264 |
case '1': |
281 |
case '1': |
| 265 |
options.protocol = SSH_PROTO_1; |
282 |
options.protocol = SSH_PROTO_1; |
| 266 |
break; |
283 |
break; |
|
Lines 673-678
main(int ac, char **av)
Link Here
|
| 673 |
|
690 |
|
| 674 |
timeout_ms = options.connection_timeout * 1000; |
691 |
timeout_ms = options.connection_timeout * 1000; |
| 675 |
|
692 |
|
|
|
693 |
#ifdef ENABLE_PKCS11 |
| 694 |
if (use_pkcs11_provider != NULL) { |
| 695 |
if (!pkcs11_initialize (1, -1)) |
| 696 |
fatal("Cannot initialize PKCS#11 interface.\n"); |
| 697 |
if (!pkcs11_add_provider(use_pkcs11_provider)) |
| 698 |
fatal("Cannot add PKCS#11 provider '%s'.\n", |
| 699 |
use_pkcs11_provider->provider); |
| 700 |
} |
| 701 |
#endif |
| 702 |
|
| 676 |
/* Open a connection to the remote host. */ |
703 |
/* Open a connection to the remote host. */ |
| 677 |
if (ssh_connect(host, &hostaddr, options.port, |
704 |
if (ssh_connect(host, &hostaddr, options.port, |
| 678 |
options.address_family, options.connection_attempts, &timeout_ms, |
705 |
options.address_family, options.connection_attempts, &timeout_ms, |
|
Lines 798-803
main(int ac, char **av)
Link Here
|
| 798 |
if (proxy_command_pid > 1) |
825 |
if (proxy_command_pid > 1) |
| 799 |
kill(proxy_command_pid, SIGHUP); |
826 |
kill(proxy_command_pid, SIGHUP); |
| 800 |
|
827 |
|
|
|
828 |
#ifdef ENABLE_PKCS11 |
| 829 |
if (use_pkcs11_provider != NULL) { |
| 830 |
pkcs11_terminate(); |
| 831 |
pkcs11_free_provider(use_pkcs11_provider); |
| 832 |
use_pkcs11_provider = NULL; |
| 833 |
} |
| 834 |
#endif |
| 835 |
|
| 801 |
return exit_status; |
836 |
return exit_status; |
| 802 |
} |
837 |
} |
| 803 |
|
838 |
|
|
Lines 1238-1243
load_public_identity_files(void)
Link Here
|
| 1238 |
xfree(keys); |
1273 |
xfree(keys); |
| 1239 |
} |
1274 |
} |
| 1240 |
#endif /* SMARTCARD */ |
1275 |
#endif /* SMARTCARD */ |
|
|
1276 |
#ifdef ENABLE_PKCS11 |
| 1277 |
if (use_pkcs11_provider != NULL) { |
| 1278 |
Key **keys = NULL; |
| 1279 |
char **comments = NULL; |
| 1280 |
|
| 1281 |
if (pkcs11_get_keys(&keys, &comments)) { |
| 1282 |
int count = 0; |
| 1283 |
while (options.num_identity_files < SSH_MAX_IDENTITY_FILES && |
| 1284 |
keys[count] != NULL) { |
| 1285 |
memmove(&options.identity_files[1], &options.identity_files[0], |
| 1286 |
sizeof(char *) * (SSH_MAX_IDENTITY_FILES - 1)); |
| 1287 |
memmove(&options.identity_keys[1], &options.identity_keys[0], |
| 1288 |
sizeof(Key *) * (SSH_MAX_IDENTITY_FILES - 1)); |
| 1289 |
options.num_identity_files++; |
| 1290 |
options.identity_keys[0] = keys[count]; |
| 1291 |
options.identity_files[0] = comments[count]; |
| 1292 |
count++; |
| 1293 |
} |
| 1294 |
i += count; |
| 1295 |
xfree(keys); |
| 1296 |
xfree(comments); |
| 1297 |
} |
| 1298 |
|
| 1299 |
} |
| 1300 |
#endif |
| 1241 |
if ((pw = getpwuid(original_real_uid)) == NULL) |
1301 |
if ((pw = getpwuid(original_real_uid)) == NULL) |
| 1242 |
fatal("load_public_identity_files: getpwuid failed"); |
1302 |
fatal("load_public_identity_files: getpwuid failed"); |
| 1243 |
pwname = xstrdup(pw->pw_name); |
1303 |
pwname = xstrdup(pw->pw_name); |