116 lines
3.2 KiB
Diff
116 lines
3.2 KiB
Diff
diff -udrNP openssh-4.1p1.orig/scard.c openssh-4.1p1/scard.c
|
|
--- openssh-4.1p1.orig/scard.c 2004-05-13 08:15:48.000000000 +0200
|
|
+++ openssh-4.1p1/scard.c 2005-06-28 06:00:11.951466616 +0200
|
|
@@ -35,6 +35,9 @@
|
|
#include "misc.h"
|
|
#include "scard.h"
|
|
|
|
+/* currently unused */
|
|
+int ask_for_pin = 0;
|
|
+
|
|
#if OPENSSL_VERSION_NUMBER < 0x00907000L
|
|
#define USE_ENGINE
|
|
#define RSA_get_default_method RSA_get_default_openssl_method
|
|
diff -udrNP openssh-4.1p1.orig/scard.h openssh-4.1p1/scard.h
|
|
--- openssh-4.1p1.orig/scard.h 2003-06-18 12:28:40.000000000 +0200
|
|
+++ openssh-4.1p1/scard.h 2005-06-28 06:00:11.956465856 +0200
|
|
@@ -33,6 +33,8 @@
|
|
#define SCARD_ERROR_NOCARD -2
|
|
#define SCARD_ERROR_APPLET -3
|
|
|
|
+extern int ask_for_pin;
|
|
+
|
|
Key **sc_get_keys(const char *, const char *);
|
|
void sc_close(void);
|
|
int sc_put_key(Key *, const char *);
|
|
diff -udrNP openssh-4.1p1.orig/scard-opensc.c openssh-4.1p1/scard-opensc.c
|
|
--- openssh-4.1p1.orig/scard-opensc.c 2004-05-13 09:29:35.000000000 +0200
|
|
+++ openssh-4.1p1/scard-opensc.c 2005-06-28 06:00:11.940468288 +0200
|
|
@@ -38,6 +38,8 @@
|
|
#include "misc.h"
|
|
#include "scard.h"
|
|
|
|
+int ask_for_pin=0;
|
|
+
|
|
#if OPENSSL_VERSION_NUMBER < 0x00907000L && defined(CRYPTO_LOCK_ENGINE)
|
|
#define USE_ENGINE
|
|
#define RSA_get_default_method RSA_get_default_openssl_method
|
|
@@ -119,6 +121,7 @@
|
|
struct sc_pkcs15_prkey_info *key;
|
|
struct sc_pkcs15_object *pin_obj;
|
|
struct sc_pkcs15_pin_info *pin;
|
|
+ char *passphrase = NULL;
|
|
|
|
priv = (struct sc_priv_data *) RSA_get_app_data(rsa);
|
|
if (priv == NULL)
|
|
@@ -156,24 +159,47 @@
|
|
goto err;
|
|
}
|
|
pin = pin_obj->data;
|
|
+
|
|
+ if (sc_pin)
|
|
+ passphrase = sc_pin;
|
|
+ else if (ask_for_pin) {
|
|
+ /* we need a pin but don't have one => ask for the pin */
|
|
+ char prompt[64];
|
|
+
|
|
+ snprintf(prompt, sizeof(prompt), "Enter PIN for %s: ",
|
|
+ key_obj->label ? key_obj->label : "smartcard key");
|
|
+ passphrase = read_passphrase(prompt, 0);
|
|
+ if (!passphrase || !strcmp(passphrase, ""))
|
|
+ goto err;
|
|
+ } else
|
|
+ /* no pin => error */
|
|
+ goto err;
|
|
+
|
|
r = sc_lock(card);
|
|
if (r) {
|
|
error("Unable to lock smartcard: %s", sc_strerror(r));
|
|
goto err;
|
|
}
|
|
- if (sc_pin != NULL) {
|
|
- r = sc_pkcs15_verify_pin(p15card, pin, sc_pin,
|
|
- strlen(sc_pin));
|
|
- if (r) {
|
|
- sc_unlock(card);
|
|
- error("PIN code verification failed: %s",
|
|
- sc_strerror(r));
|
|
- goto err;
|
|
- }
|
|
+ r = sc_pkcs15_verify_pin(p15card, pin, passphrase,
|
|
+ strlen(passphrase));
|
|
+ if (r) {
|
|
+ sc_unlock(card);
|
|
+ error("PIN code verification failed: %s",
|
|
+ sc_strerror(r));
|
|
+ goto err;
|
|
}
|
|
+
|
|
*key_obj_out = key_obj;
|
|
+ if (!sc_pin) {
|
|
+ memset(passphrase, 0, strlen(passphrase));
|
|
+ xfree(passphrase);
|
|
+ }
|
|
return 0;
|
|
err:
|
|
+ if (!sc_pin && passphrase) {
|
|
+ memset(passphrase, 0, strlen(passphrase));
|
|
+ xfree(passphrase);
|
|
+ }
|
|
sc_close();
|
|
return -1;
|
|
}
|
|
diff -udrNP openssh-4.1p1.orig/ssh.c openssh-4.1p1/ssh.c
|
|
--- openssh-4.1p1.orig/ssh.c 2005-05-04 07:33:09.000000000 +0200
|
|
+++ openssh-4.1p1/ssh.c 2005-06-28 06:00:11.967464184 +0200
|
|
@@ -1216,6 +1216,9 @@
|
|
#ifdef SMARTCARD
|
|
Key **keys;
|
|
|
|
+ if (!options.batch_mode)
|
|
+ ask_for_pin = 1;
|
|
+
|
|
if (options.smartcard_device != NULL &&
|
|
options.num_identity_files < SSH_MAX_IDENTITY_FILES &&
|
|
(keys = sc_get_keys(options.smartcard_device, NULL)) != NULL ) {
|