Attachment #1495 for bug #1371

View | Details | Raw Unified | Return to bug 1371 | Differences between

and this patch




	/* NOTREACHED */
	return 0;
}

#ifdef ENABLE_PKCS11

int
ssh_pkcs11_add_provider(AuthenticationConnection *auth,
	const pkcs11_provider *const provider)
{
	Buffer msg;
	int type;

	buffer_init(&msg);
	buffer_put_char(&msg, SSH_AGENTC_PKCS11_ADD_PROVIDER);
	buffer_put_cstring(&msg, provider->provider);
	buffer_put_int(&msg, (unsigned)provider->protected_authentication);
	buffer_put_int(&msg, provider->private_mode);
	buffer_put_int(&msg, (unsigned)provider->cert_is_private);

	if (ssh_request_reply(auth, &msg, &msg) == 0) {
		buffer_free(&msg);
		return 0;
	}
	type = buffer_get_char(&msg);
	buffer_free(&msg);
	return decode_reply(type);
}

int
ssh_pkcs11_id(AuthenticationConnection *auth, const pkcs11_id *const id, int remove)
{
	Buffer msg;
	int type;

	buffer_init(&msg);
	buffer_put_char(&msg, remove ? SSH_AGENTC_PKCS11_REMOVE_ID : SSH_AGENTC_PKCS11_ADD_ID);
	buffer_put_cstring(&msg, id->id);
	buffer_put_int(&msg, (unsigned)id->pin_cache_period);
	buffer_put_cstring(&msg, id->cert_file == NULL ? "" : id->cert_file);

	if (ssh_request_reply(auth, &msg, &msg) == 0) {
		buffer_free(&msg);
		return 0;
	}
	type = buffer_get_char(&msg);
	buffer_free(&msg);
	return decode_reply(type);
}

#endif /* ENABLE_PKCS11 */

Lines 16-21 Link Here

(-)ssh/authfd.h (+12 lines)
16	#ifndef AUTHFD_H	16	#ifndef AUTHFD_H
17	#define AUTHFD_H	17	#define AUTHFD_H
18		18
		19	#include "pkcs11.h"
		20
19	/* Messages for the authentication agent connection. */	21	/* Messages for the authentication agent connection. */
20	#define SSH_AGENTC_REQUEST_RSA_IDENTITIES 1	22	#define SSH_AGENTC_REQUEST_RSA_IDENTITIES 1
21	#define SSH_AGENT_RSA_IDENTITIES_ANSWER 2	23	#define SSH_AGENT_RSA_IDENTITIES_ANSWER 2
Lines 49-54 Link Here
49	#define SSH2_AGENTC_ADD_ID_CONSTRAINED 25	51	#define SSH2_AGENTC_ADD_ID_CONSTRAINED 25
50	#define SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED 26	52	#define SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED 26
51		53
		54	#define SSH_AGENTC_PKCS11_ADD_PROVIDER 27
		55	#define SSH_AGENTC_PKCS11_ADD_ID 28
		56	#define SSH_AGENTC_PKCS11_REMOVE_ID 29
		57
52	#define SSH_AGENT_CONSTRAIN_LIFETIME 1	58	#define SSH_AGENT_CONSTRAIN_LIFETIME 1
53	#define SSH_AGENT_CONSTRAIN_CONFIRM 2	59	#define SSH_AGENT_CONSTRAIN_CONFIRM 2
54		60
Lines 92-95 int Link Here
92	ssh_agent_sign(AuthenticationConnection , Key , u_char *, u_int , u_char *,	98	ssh_agent_sign(AuthenticationConnection , Key , u_char *, u_int , u_char *,
93	u_int);	99	u_int);
94		100
		101	#ifdef ENABLE_PKCS11
		102	int ssh_pkcs11_add_provider(AuthenticationConnection *,
		103	const pkcs11_provider *const);
		104	int ssh_pkcs11_id(AuthenticationConnection , const pkcs11_id const, int remove);
		105	#endif /* ENABLE_PKCS11 */
		106
95	#endif /* AUTHFD_H */	107	#endif /* AUTHFD_H */




#include "rsa.h"
#include "log.h"
#include "key.h"
#include "pkcs11.h"
#include "buffer.h"
#include "authfd.h"
#include "authfile.h"

	fprintf(stderr, "  -X          Unlock agent.\n");
	fprintf(stderr, "  -t life     Set lifetime (in seconds) when adding identities.\n");
	fprintf(stderr, "  -c          Require confirmation to sign using identities\n");
#ifdef ENABLE_PKCS11
	fprintf(stderr, "  -K provider Add PKCS#11 provider, format:\n");
	fprintf(stderr, "              lib[:prot_auth[:private_mode[:cert_is_private]]]\n");
	fprintf(stderr, "              prot_auth - 1 to allow protected mode authentication.\n");
	fprintf(stderr, "              private_mode - Private key mode, see man page.\n");
	fprintf(stderr, "              cert_is_private - 1 if login is required to access certificates.\n");
	fprintf(stderr, "  -I          Add PKCS#11 id, remainging arguments:\n");
	fprintf(stderr, "              pkcs11_id [session_cache [cert_file]]\n");
	fprintf(stderr, "              pkcs11_id - Serialized id, get from ssh-keygen -K.\n");
	fprintf(stderr, "              session_cache - Session cache timeout in seconds -1 for infinite.\n");
	fprintf(stderr, "              cert_file - Specify PEM file to load if token is unavailable.\n");
#endif
#ifdef SMARTCARD
	fprintf(stderr, "  -s reader   Add key in smartcard reader.\n");
	fprintf(stderr, "  -e reader   Remove key in smartcard reader.\n");

	AuthenticationConnection *ac = NULL;
	char *sc_reader_id = NULL;
	int i, ch, deleting = 0, ret = 0;
#ifdef ENABLE_PKCS11
	pkcs11_provider *pkcs11_provider = NULL;
	int doing_pkcs11 = 0;
#endif /* ENABLE_PKCS11 */

	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
	sanitise_stdfd();

		    "Could not open a connection to your authentication agent.\n");
		exit(2);
	}
	while ((ch = getopt(argc, argv, "lLcdDxXe:s:t:K:I")) != -1) {
		switch (ch) {
		case 'l':
		case 'L':

				goto done;
			}
			break;
#ifdef ENABLE_PKCS11
		case 'K':
			if ((pkcs11_provider = pkcs11_parse_provider(optarg)) == NULL) {
				fprintf(stderr, "Cannot parse PKCS#11 provider\n");
				ret = 1;
				goto done;
			}
			break;
		case 'I':
			doing_pkcs11 = 1;
			break;
#endif /* ENABLE_PKCS11 */
		default:
			usage();
			ret = 1;

	}
	argc -= optind;
	argv += optind;

#ifdef ENABLE_PKCS11
	if (pkcs11_provider != NULL) {
		if (!ssh_pkcs11_add_provider(ac, pkcs11_provider)) {
			fprintf(stderr,
				"Cannot add provider '%s'\n", pkcs11_provider->provider);
			ret = 1;
			goto done;
		}
		fprintf(stderr, "Provider '%s' added successfully.\n", pkcs11_provider->provider);
		pkcs11_free_provider(pkcs11_provider);
	}

	if (doing_pkcs11) {
		pkcs11_id *pkcs11_id = NULL;
		if (argc < 1 || argc > 3) {
			fprintf(stderr,
				"Invalid PKCS#11 id format\n");
			ret = 1;
			goto done;
		}
		if ((pkcs11_id = pkcs11_id_new()) == NULL) {
			fprintf(stderr, "Memory allocation error.\n");
			ret = 1;
			goto done;
		}
		pkcs11_id->id = argv[0];
		if (argc > 1)
			pkcs11_id->pin_cache_period = atoi(argv[1]);
		if (argc > 2)
			pkcs11_id->cert_file = xstrdup(argv[2]);

		if (!ssh_pkcs11_id(ac, pkcs11_id, deleting)) {
			fprintf(stderr,
				"Cannot %s id '%s'\n", deleting ? "remove" : "add", pkcs11_id->id);
			ret = 1;
			goto done;
		}
		pkcs11_id_free(pkcs11_id);
		fprintf(stderr, "Identity %s successfully.\n", deleting ? "removed" : "added");
		goto done;
	}
#endif /* ENABLE_PKCS11 */

	if (sc_reader_id != NULL) {
		if (update_card(ac, !deleting, sc_reader_id) == -1)
			ret = 1;




#include "buffer.h"
#include "key.h"
#include "authfd.h"
#include "pkcs11.h"
#include "compat.h"
#include "log.h"
#include "misc.h"

}
#endif /* SMARTCARD */

#ifdef ENABLE_PKCS11

static void
process_pkcs11_add_provider (SocketEntry *e)
{
	pkcs11_provider provider;
	int success = 0;

	provider.provider = buffer_get_string(&e->request, NULL);
	provider.protected_authentication = buffer_get_int(&e->request);
	provider.private_mode = (unsigned)buffer_get_int(&e->request);
	provider.cert_is_private = buffer_get_int(&e->request);

	success = pkcs11_add_provider(&provider);

	buffer_put_int(&e->output, 1);
	buffer_put_char(&e->output,
	    success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE);
}

static
void
process_pkcs11_add_id (SocketEntry *e)
{
	pkcs11_id *pkcs11_id = NULL;
	Key *k = NULL;
	char *comment = NULL;
	int success = 0;
	int version = 2;

	pkcs11_id = pkcs11_id_new();
	if (pkcs11_id != NULL) {
		pkcs11_id->id = strdup (buffer_get_string(&e->request, NULL));
		pkcs11_id->pin_cache_period = buffer_get_int(&e->request);
		pkcs11_id->cert_file = strdup (buffer_get_string(&e->request, NULL));

		if (pkcs11_get_key (pkcs11_id, &k, &comment)) {
			if (lookup_identity(k, version) == NULL) {
				Identity *id = xmalloc(sizeof(Identity));
				Idtab *tab = NULL;
	
				id->key = k;
				k = NULL;
				id->comment = comment;
				id->death = 0;		/* handled by pkcs#11 helper */
				id->confirm = 0;
	
				tab = idtab_lookup(version);
				TAILQ_INSERT_TAIL(&tab->idlist, id, next);
				/* Increment the number of identities. */
				tab->nentries++;
				success = 1;
			}
		}
	}

	if (k != NULL)
		key_free(k);

	if (pkcs11_id != NULL)
		pkcs11_id_free(pkcs11_id);

	buffer_put_int(&e->output, 1);
	buffer_put_char(&e->output,
	    success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE);
}

static
void
process_pkcs11_remove_id (SocketEntry *e)
{
	Identity *id = NULL;
	char *comment = NULL;
	pkcs11_id *pkcs11_id = NULL;
	Key *k = NULL;
	int version = 2;
	int success = 0;

	pkcs11_id = pkcs11_id_new();
	if (pkcs11_id != NULL) {
		pkcs11_id->id = strdup(buffer_get_string(&e->request, NULL));
		pkcs11_id->pin_cache_period = buffer_get_int(&e->request);
		pkcs11_id->cert_file = strdup(buffer_get_string(&e->request, NULL));

		if (pkcs11_get_key(pkcs11_id, &k, &comment)) {
			id = lookup_identity (k, version);
			xfree(comment);
			comment = NULL;
		}

		if (id != NULL) {
			Idtab *tab = NULL;

			tab = idtab_lookup(version);
			TAILQ_REMOVE(&tab->idlist, id, next);
			tab->nentries--;
			free_identity(id);
			id = NULL;
			success = 1;
		}
	}

	if (k != NULL)
		key_free(k);

	if (pkcs11_id != NULL)
		pkcs11_id_free(pkcs11_id);

	buffer_put_int(&e->output, 1);
	buffer_put_char(&e->output,
	    success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE);
}

#endif /* ENABLE_PKCS11 */

/* dispatch incoming messages */

static void

		process_remove_smartcard_key(e);
		break;
#endif /* SMARTCARD */

#ifdef ENABLE_PKCS11
	case SSH_AGENTC_PKCS11_ADD_PROVIDER:
		process_pkcs11_add_provider(e);
		break;
	case SSH_AGENTC_PKCS11_ADD_ID:
		process_pkcs11_add_id(e);
		break;
	case SSH_AGENTC_PKCS11_REMOVE_ID:
		process_pkcs11_remove_id(e);
		break;
#endif /* ENABLE_PKCS11 */
	default:
		/* Unknown message.  Respond with failure. */
		error("Unknown message %d", type);

cleanup_handler(int sig)
{
	cleanup_socket();
#ifdef ENABLE_PKCS11
	pkcs11_terminate ();
#endif /* ENABLE_PKCS11 */
	_exit(2);
}


	}

skip:

#ifdef ENABLE_PKCS11
	pkcs11_initialize (1, -1);
#endif /* ENABLE_PKCS11 */

	new_socket(AUTH_SOCKET, sock);
	if (ac > 0)
		parent_alive_interval = 10;

Return to bug 1371

Lines 667-669 decode_reply(int type) Link Here

(-)ssh/authfd.c (+48 lines)
667	/* NOTREACHED */	667	/* NOTREACHED */
668	return 0;	668	return 0;
669	}	669	}
		670
		671	#ifdef ENABLE_PKCS11
		672
		673	int
		674	ssh_pkcs11_add_provider(AuthenticationConnection *auth,
		675	const pkcs11_provider *const provider)
		676	{
		677	Buffer msg;
		678	int type;
		679
		680	buffer_init(&msg);
		681	buffer_put_char(&msg, SSH_AGENTC_PKCS11_ADD_PROVIDER);
		682	buffer_put_cstring(&msg, provider->provider);
		683	buffer_put_int(&msg, (unsigned)provider->protected_authentication);
		684	buffer_put_int(&msg, provider->private_mode);
		685	buffer_put_int(&msg, (unsigned)provider->cert_is_private);
		686
		687	if (ssh_request_reply(auth, &msg, &msg) == 0) {
		688	buffer_free(&msg);
		689	return 0;
		690	}
		691	type = buffer_get_char(&msg);
		692	buffer_free(&msg);
		693	return decode_reply(type);
		694	}
		695
		696	int
		697	ssh_pkcs11_id(AuthenticationConnection auth, const pkcs11_id const id, int remove)
		698	{
		699	Buffer msg;
		700	int type;
		701
		702	buffer_init(&msg);
		703	buffer_put_char(&msg, remove ? SSH_AGENTC_PKCS11_REMOVE_ID : SSH_AGENTC_PKCS11_ADD_ID);
		704	buffer_put_cstring(&msg, id->id);
		705	buffer_put_int(&msg, (unsigned)id->pin_cache_period);
		706	buffer_put_cstring(&msg, id->cert_file == NULL ? "" : id->cert_file);
		707
		708	if (ssh_request_reply(auth, &msg, &msg) == 0) {
		709	buffer_free(&msg);
		710	return 0;
		711	}
		712	type = buffer_get_char(&msg);
		713	buffer_free(&msg);
		714	return decode_reply(type);
		715	}
		716
		717	#endif /* ENABLE_PKCS11 */

Lines 53-58 Link Here

(-)ssh/ssh-add.c (-1 / +74 lines)
53	#include "rsa.h"	53	#include "rsa.h"
54	#include "log.h"	54	#include "log.h"
55	#include "key.h"	55	#include "key.h"
		56	#include "pkcs11.h"
56	#include "buffer.h"	57	#include "buffer.h"
57	#include "authfd.h"	58	#include "authfd.h"
58	#include "authfile.h"	59	#include "authfile.h"
Lines 316-321 usage(void) Link Here
316	fprintf(stderr, " -X Unlock agent.\n");	317	fprintf(stderr, " -X Unlock agent.\n");
317	fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n");	318	fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n");
318	fprintf(stderr, " -c Require confirmation to sign using identities\n");	319	fprintf(stderr, " -c Require confirmation to sign using identities\n");
		320	#ifdef ENABLE_PKCS11
		321	fprintf(stderr, " -K provider Add PKCS#11 provider, format:\n");
		322	fprintf(stderr, " lib[:prot_auth[:private_mode[:cert_is_private]]]\n");
		323	fprintf(stderr, " prot_auth - 1 to allow protected mode authentication.\n");
		324	fprintf(stderr, " private_mode - Private key mode, see man page.\n");
		325	fprintf(stderr, " cert_is_private - 1 if login is required to access certificates.\n");
		326	fprintf(stderr, " -I Add PKCS#11 id, remainging arguments:\n");
		327	fprintf(stderr, " pkcs11_id [session_cache [cert_file]]\n");
		328	fprintf(stderr, " pkcs11_id - Serialized id, get from ssh-keygen -K.\n");
		329	fprintf(stderr, " session_cache - Session cache timeout in seconds -1 for infinite.\n");
		330	fprintf(stderr, " cert_file - Specify PEM file to load if token is unavailable.\n");
		331	#endif
319	#ifdef SMARTCARD	332	#ifdef SMARTCARD
320	fprintf(stderr, " -s reader Add key in smartcard reader.\n");	333	fprintf(stderr, " -s reader Add key in smartcard reader.\n");
321	fprintf(stderr, " -e reader Remove key in smartcard reader.\n");	334	fprintf(stderr, " -e reader Remove key in smartcard reader.\n");
Lines 330-335 main(int argc, char **argv) Link Here
330	AuthenticationConnection *ac = NULL;	343	AuthenticationConnection *ac = NULL;
331	char *sc_reader_id = NULL;	344	char *sc_reader_id = NULL;
332	int i, ch, deleting = 0, ret = 0;	345	int i, ch, deleting = 0, ret = 0;
		346	#ifdef ENABLE_PKCS11
		347	pkcs11_provider *pkcs11_provider = NULL;
		348	int doing_pkcs11 = 0;
		349	#endif /* ENABLE_PKCS11 */
333		350
334	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */	351	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
335	sanitise_stdfd();	352	sanitise_stdfd();
Lines 343-349 main(int argc, char **argv) Link Here
343	"Could not open a connection to your authentication agent.\n");	360	"Could not open a connection to your authentication agent.\n");
344	exit(2);	361	exit(2);
345	}	362	}
346	while ((ch = getopt(argc, argv, "lLcdDxXe:s:t:")) != -1) {	363	while ((ch = getopt(argc, argv, "lLcdDxXe:s:t:K:I")) != -1) {
347	switch (ch) {	364	switch (ch) {
348	case 'l':	365	case 'l':
349	case 'L':	366	case 'L':
Lines 379-384 main(int argc, char **argv) Link Here
379	goto done;	396	goto done;
380	}	397	}
381	break;	398	break;
		399	#ifdef ENABLE_PKCS11
		400	case 'K':
		401	if ((pkcs11_provider = pkcs11_parse_provider(optarg)) == NULL) {
		402	fprintf(stderr, "Cannot parse PKCS#11 provider\n");
		403	ret = 1;
		404	goto done;
		405	}
		406	break;
		407	case 'I':
		408	doing_pkcs11 = 1;
		409	break;
		410	#endif /* ENABLE_PKCS11 */
382	default:	411	default:
383	usage();	412	usage();
384	ret = 1;	413	ret = 1;
Lines 387-392 main(int argc, char **argv) Link Here
387	}	416	}
388	argc -= optind;	417	argc -= optind;
389	argv += optind;	418	argv += optind;
		419
		420	#ifdef ENABLE_PKCS11
		421	if (pkcs11_provider != NULL) {
		422	if (!ssh_pkcs11_add_provider(ac, pkcs11_provider)) {
		423	fprintf(stderr,
		424	"Cannot add provider '%s'\n", pkcs11_provider->provider);
		425	ret = 1;
		426	goto done;
		427	}
		428	fprintf(stderr, "Provider '%s' added successfully.\n", pkcs11_provider->provider);
		429	pkcs11_free_provider(pkcs11_provider);
		430	}
		431
		432	if (doing_pkcs11) {
		433	pkcs11_id *pkcs11_id = NULL;
		434	if (argc < 1 \|\| argc > 3) {
		435	fprintf(stderr,
		436	"Invalid PKCS#11 id format\n");
		437	ret = 1;
		438	goto done;
		439	}
		440	if ((pkcs11_id = pkcs11_id_new()) == NULL) {
		441	fprintf(stderr, "Memory allocation error.\n");
		442	ret = 1;
		443	goto done;
		444	}
		445	pkcs11_id->id = argv[0];
		446	if (argc > 1)
		447	pkcs11_id->pin_cache_period = atoi(argv[1]);
		448	if (argc > 2)
		449	pkcs11_id->cert_file = xstrdup(argv[2]);
		450
		451	if (!ssh_pkcs11_id(ac, pkcs11_id, deleting)) {
		452	fprintf(stderr,
		453	"Cannot %s id '%s'\n", deleting ? "remove" : "add", pkcs11_id->id);
		454	ret = 1;
		455	goto done;
		456	}
		457	pkcs11_id_free(pkcs11_id);
		458	fprintf(stderr, "Identity %s successfully.\n", deleting ? "removed" : "added");
		459	goto done;
		460	}
		461	#endif /* ENABLE_PKCS11 */
		462
390	if (sc_reader_id != NULL) {	463	if (sc_reader_id != NULL) {
391	if (update_card(ac, !deleting, sc_reader_id) == -1)	464	if (update_card(ac, !deleting, sc_reader_id) == -1)
392	ret = 1;	465	ret = 1;

Lines 62-67 Link Here

(-)ssh/ssh-agent.c (+136 lines)
62	#include "buffer.h"	62	#include "buffer.h"
63	#include "key.h"	63	#include "key.h"
64	#include "authfd.h"	64	#include "authfd.h"
		65	#include "pkcs11.h"
65	#include "compat.h"	66	#include "compat.h"
66	#include "log.h"	67	#include "log.h"
67	#include "misc.h"	68	#include "misc.h"
Lines 689-694 send: Link Here
689	}	690	}
690	#endif /* SMARTCARD */	691	#endif /* SMARTCARD */
691		692
		693	#ifdef ENABLE_PKCS11
		694
		695	static void
		696	process_pkcs11_add_provider (SocketEntry *e)
		697	{
		698	pkcs11_provider provider;
		699	int success = 0;
		700
		701	provider.provider = buffer_get_string(&e->request, NULL);
		702	provider.protected_authentication = buffer_get_int(&e->request);
		703	provider.private_mode = (unsigned)buffer_get_int(&e->request);
		704	provider.cert_is_private = buffer_get_int(&e->request);
		705
		706	success = pkcs11_add_provider(&provider);
		707
		708	buffer_put_int(&e->output, 1);
		709	buffer_put_char(&e->output,
		710	success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE);
		711	}
		712
		713	static
		714	void
		715	process_pkcs11_add_id (SocketEntry *e)
		716	{
		717	pkcs11_id *pkcs11_id = NULL;
		718	Key *k = NULL;
		719	char *comment = NULL;
		720	int success = 0;
		721	int version = 2;
		722
		723	pkcs11_id = pkcs11_id_new();
		724	if (pkcs11_id != NULL) {
		725	pkcs11_id->id = strdup (buffer_get_string(&e->request, NULL));
		726	pkcs11_id->pin_cache_period = buffer_get_int(&e->request);
		727	pkcs11_id->cert_file = strdup (buffer_get_string(&e->request, NULL));
		728
		729	if (pkcs11_get_key (pkcs11_id, &k, &comment)) {
		730	if (lookup_identity(k, version) == NULL) {
		731	Identity *id = xmalloc(sizeof(Identity));
		732	Idtab *tab = NULL;
		733
		734	id->key = k;
		735	k = NULL;
		736	id->comment = comment;
		737	id->death = 0; /* handled by pkcs#11 helper */
		738	id->confirm = 0;
		739
		740	tab = idtab_lookup(version);
		741	TAILQ_INSERT_TAIL(&tab->idlist, id, next);
		742	/* Increment the number of identities. */
		743	tab->nentries++;
		744	success = 1;
		745	}
		746	}
		747	}
		748
		749	if (k != NULL)
		750	key_free(k);
		751
		752	if (pkcs11_id != NULL)
		753	pkcs11_id_free(pkcs11_id);
		754
		755	buffer_put_int(&e->output, 1);
		756	buffer_put_char(&e->output,
757	success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE);
758	}
759
760	static
761	void
762	process_pkcs11_remove_id (SocketEntry *e)
763	{
764	Identity *id = NULL;
765	char *comment = NULL;
766	pkcs11_id *pkcs11_id = NULL;
767	Key *k = NULL;
768	int version = 2;
769	int success = 0;
770
771	pkcs11_id = pkcs11_id_new();
772	if (pkcs11_id != NULL) {
773	pkcs11_id->id = strdup(buffer_get_string(&e->request, NULL));
774	pkcs11_id->pin_cache_period = buffer_get_int(&e->request);
775	pkcs11_id->cert_file = strdup(buffer_get_string(&e->request, NULL));
776
777	if (pkcs11_get_key(pkcs11_id, &k, &comment)) {
778	id = lookup_identity (k, version);
779	xfree(comment);
780	comment = NULL;
781	}
782
783	if (id != NULL) {
784	Idtab *tab = NULL;
785
786	tab = idtab_lookup(version);
787	TAILQ_REMOVE(&tab->idlist, id, next);
788	tab->nentries--;
789	free_identity(id);
790	id = NULL;
791	success = 1;
792	}
793	}
794
795	if (k != NULL)
796	key_free(k);
797
798	if (pkcs11_id != NULL)
799	pkcs11_id_free(pkcs11_id);
800
801	buffer_put_int(&e->output, 1);
802	buffer_put_char(&e->output,
803	success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE);
804	}
805
806	#endif /* ENABLE_PKCS11 */
807
692	/* dispatch incoming messages */	808	/* dispatch incoming messages */
693		809
694	static void	810	static void
Lines 781-786 process_message(SocketEntry *e) Link Here
781	process_remove_smartcard_key(e);	897	process_remove_smartcard_key(e);
782	break;	898	break;
783	#endif /* SMARTCARD */	899	#endif /* SMARTCARD */
		900
		901	#ifdef ENABLE_PKCS11
		902	case SSH_AGENTC_PKCS11_ADD_PROVIDER:
		903	process_pkcs11_add_provider(e);
		904	break;
		905	case SSH_AGENTC_PKCS11_ADD_ID:
		906	process_pkcs11_add_id(e);
		907	break;
		908	case SSH_AGENTC_PKCS11_REMOVE_ID:
		909	process_pkcs11_remove_id(e);
		910	break;
		911	#endif /* ENABLE_PKCS11 */
784	default:	912	default:
785	/* Unknown message. Respond with failure. */	913	/* Unknown message. Respond with failure. */
786	error("Unknown message %d", type);	914	error("Unknown message %d", type);
Lines 988-993 static void Link Here
988	cleanup_handler(int sig)	1116	cleanup_handler(int sig)
989	{	1117	{
990	cleanup_socket();	1118	cleanup_socket();
		1119	#ifdef ENABLE_PKCS11
		1120	pkcs11_terminate ();
		1121	#endif /* ENABLE_PKCS11 */
991	_exit(2);	1122	_exit(2);
992	}	1123	}
993		1124
Lines 1216-1221 main(int ac, char **av) Link Here
1216	}	1347	}
1217		1348
1218	skip:	1349	skip:
		1350
		1351	#ifdef ENABLE_PKCS11
		1352	pkcs11_initialize (1, -1);
		1353	#endif /* ENABLE_PKCS11 */
		1354
1219	new_socket(AUTH_SOCKET, sock);	1355	new_socket(AUTH_SOCKET, sock);
1220	if (ac > 0)	1356	if (ac > 0)
1221	parent_alive_interval = 10;	1357	parent_alive_interval = 10;