Attachment 1547 Details for Bug 1371 – 2005_all_pkcs11-ssh.patch

[patch] 2005_all_pkcs11-ssh.patch

2005_all_pkcs11-ssh.patch (text/plain), 3.35 KB, created by Alon Bar-Lev on 2008-07-22 15:20:25 AEST

(hide)

Description:

Filename:

MIME Type:

Creator: Alon Bar-Lev

Created: 2008-07-22 15:20:25 AEST

Size: 3.35 KB

patch

obsolete

>[PATCH] PKCS#11 support in ssh
>
>Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
>
>---
>
>diff -urNp ssh/ssh.c ssh.new/ssh.c
>--- ssh/ssh.c	2008-01-19 22:51:26.000000000 +0200
>+++ ssh.new/ssh.c	2008-04-26 12:40:09.000000000 +0300
>@@ -84,6 +84,7 @@
> #include "readconf.h"
> #include "sshconnect.h"
> #include "misc.h"
>+#include "pkcs11.h"
> #include "kex.h"
> #include "mac.h"
> #include "sshpty.h"
>@@ -171,6 +172,11 @@ static u_int mux_command = 0;
> volatile sig_atomic_t control_client_terminate = 0;
> u_int control_server_pid = 0;
> 
>+#ifdef ENABLE_PKCS11
>+/* For PKCS#11 */
>+static pkcs11_provider *use_pkcs11_provider = NULL;
>+#endif
>+
> /* Prints a help message to the user.  This function never returns. */
> 
> static void
>@@ -183,6 +189,9 @@ usage(void)
> "           [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n"
> "           [-R [bind_address:]port:host:hostport] [-S ctl_path]\n"
> "           [-w local_tun[:remote_tun]] [user@]hostname [command]\n"
>+#ifdef ENABLE_PKCS11
>+"           [-# use_pkcs11_provider_info]\n"
>+#endif
> 	);
> 	exit(255);
> }
>@@ -259,8 +268,16 @@ main(int ac, char **av)
> 
>  again:
>	while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
>-	    "ACD:F:I:KL:MNO:PR:S:TVw:XY")) != -1) {
>+	    "ACD:F:I:KL:MNO:PR:S:TVw:XY#:")) != -1) {
> 		switch (opt) {
>+#ifdef ENABLE_PKCS11
>+		case '#':
>+			if ((use_pkcs11_provider = pkcs11_parse_provider(optarg)) == NULL) {
>+				fprintf(stderr, "Cannot parse PKCS#11 provider information.\n");
>+				exit(255);
>+			}
>+			break;
>+#endif
> 		case '1':
> 			options.protocol = SSH_PROTO_1;
> 			break;
>@@ -673,6 +690,16 @@ main(int ac, char **av)
> 
> 	timeout_ms = options.connection_timeout * 1000;
> 
>+#ifdef ENABLE_PKCS11
>+	if (use_pkcs11_provider != NULL) {
>+		if (!pkcs11_initialize (1, -1))
>+			fatal("Cannot initialize PKCS#11 interface.\n");
>+		if (!pkcs11_add_provider(use_pkcs11_provider))
>+			fatal("Cannot add PKCS#11 provider '%s'.\n",
>+				use_pkcs11_provider->provider);
>+	}
>+#endif
>+
> 	/* Open a connection to the remote host. */
> 	if (ssh_connect(host, &hostaddr, options.port,
> 	    options.address_family, options.connection_attempts, &timeout_ms,
>@@ -798,6 +825,14 @@ main(int ac, char **av)
> 	if (proxy_command_pid > 1)
> 		kill(proxy_command_pid, SIGHUP);
> 
>+#ifdef ENABLE_PKCS11
>+	if (use_pkcs11_provider != NULL) {
>+		pkcs11_terminate();
>+		pkcs11_free_provider(use_pkcs11_provider);
>+		use_pkcs11_provider = NULL;
>+	}
>+#endif
>+
> 	return exit_status;
> }
> 
>@@ -1238,6 +1273,31 @@ load_public_identity_files(void)
> 		xfree(keys);
> 	}
> #endif /* SMARTCARD */
>+#ifdef ENABLE_PKCS11
>+	if (use_pkcs11_provider != NULL) {
>+		Key **keys = NULL;
>+		char **comments = NULL;
>+
>+		if (pkcs11_get_keys(&keys, &comments)) {
>+			int count = 0;
>+			while (options.num_identity_files < SSH_MAX_IDENTITY_FILES &&
>+				keys[count] != NULL) {
>+				memmove(&options.identity_files[1], &options.identity_files[0],
>+				    sizeof(char *) * (SSH_MAX_IDENTITY_FILES - 1));
>+				memmove(&options.identity_keys[1], &options.identity_keys[0],
>+				    sizeof(Key *) * (SSH_MAX_IDENTITY_FILES - 1));
>+				options.num_identity_files++;
>+				options.identity_keys[0] = keys[count];
>+				options.identity_files[0] = comments[count];
>+				count++;
>+			}
>+			i += count;
>+			xfree(keys);
>+			xfree(comments);
>+		}
>+	
>+	}
>+#endif
> 	if ((pw = getpwuid(original_real_uid)) == NULL)
> 		fatal("load_public_identity_files: getpwuid failed");
> 	pwname = xstrdup(pw->pw_name);

Actions: View | Diff

Attachments on bug 1371: 1444 | 1463 | 1464 | 1465 | 1466 | 1467 | 1468 | 1469 | 1470 | 1471 | 1477 | 1478 | 1484 | 1485 | 1486 | 1487 | 1488 | 1489 | 1490 | 1491 | 1492 | 1493 | 1494 | 1495 | 1496 | 1497 | 1547 | 1557 | 1558