From 43a5e2f70e3fc38de55b45f580e92b7be84cfa34 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Wed, 27 Mar 2002 17:33:17 +0000 Subject: [PATCH] - rees@cvs.openbsd.org 2002/03/26 18:46:59 [scard.c] try_AUT0 in read_pubkey too, for those paranoid few who want to acl 'sh' --- ChangeLog | 8 ++++---- scard.c | 61 +++++++++++++++++++++++++++++++------------------------ 2 files changed, 38 insertions(+), 31 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3673be9e1..7284e437f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,9 +11,9 @@ - markus@cvs.openbsd.org 2002/03/26 15:23:40 [bufaux.c] do not talk about packets in bufaux - - markus@cvs.openbsd.org 2002/03/26 15:58:46 - [readpass.c readpass.h sshconnect2.c] - client side support for PASSWD_CHANGEREQ + - rees@cvs.openbsd.org 2002/03/26 18:46:59 + [scard.c] + try_AUT0 in read_pubkey too, for those paranoid few who want to acl 'sh' 20020325 - (stevesk) import OpenBSD as "openbsd-compat/tree.h" @@ -8077,4 +8077,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1996 2002/03/27 17:28:46 mouring Exp $ +$Id: ChangeLog,v 1.1997 2002/03/27 17:33:17 mouring Exp $ diff --git a/scard.c b/scard.c index 779106f85..de53f9d01 100644 --- a/scard.c +++ b/scard.c @@ -24,7 +24,7 @@ #include "includes.h" #ifdef SMARTCARD -RCSID("$OpenBSD: scard.c,v 1.24 2002/03/25 17:34:27 markus Exp $"); +RCSID("$OpenBSD: scard.c,v 1.25 2002/03/26 18:46:59 rees Exp $"); #include #include @@ -65,6 +65,7 @@ static int cla = 0x00; /* class */ static void sc_mk_digest(const char *pin, u_char *digest); static int get_AUT0(u_char *aut0); +static int try_AUT0(void); /* interface to libsectok */ @@ -164,6 +165,12 @@ sc_read_pubkey(Key * k) n = xmalloc(len); /* get n */ sectok_apdu(sc_fd, CLA_SSH, INS_GET_PUBKEY, 0, 0, 0, NULL, len, n, &sw); + + if (sw == 0x6982) { + if (try_AUT0() < 0) + goto err; + sectok_apdu(sc_fd, CLA_SSH, INS_GET_PUBKEY, 0, 0, 0, NULL, len, n, &sw); + } if (!sectok_swOK(sw)) { error("could not obtain public key: %s", sectok_get_sw(sw)); goto err; @@ -194,32 +201,6 @@ err: return status; } -static int -try_AUT0(void) -{ - u_char aut0[EVP_MAX_MD_SIZE]; - - /* permission denied; try PIN if provided */ - if (sc_pin && strlen(sc_pin) > 0) { - sc_mk_digest(sc_pin, aut0); - if (cyberflex_verify_AUT0(sc_fd, cla, aut0, 8) < 0) { - error("smartcard passphrase incorrect"); - return (-1); - } - } else { - /* try default AUT0 key */ - if (cyberflex_verify_AUT0(sc_fd, cla, DEFAUT0, 8) < 0) { - /* default AUT0 key failed; prompt for passphrase */ - if (get_AUT0(aut0) < 0 || - cyberflex_verify_AUT0(sc_fd, cla, aut0, 8) < 0) { - error("smartcard passphrase incorrect"); - return (-1); - } - } - } - return (0); -} - /* private key operations */ static int @@ -463,6 +444,32 @@ get_AUT0(u_char *aut0) return 0; } +static int +try_AUT0(void) +{ + u_char aut0[EVP_MAX_MD_SIZE]; + + /* permission denied; try PIN if provided */ + if (sc_pin && strlen(sc_pin) > 0) { + sc_mk_digest(sc_pin, aut0); + if (cyberflex_verify_AUT0(sc_fd, cla, aut0, 8) < 0) { + error("smartcard passphrase incorrect"); + return (-1); + } + } else { + /* try default AUT0 key */ + if (cyberflex_verify_AUT0(sc_fd, cla, DEFAUT0, 8) < 0) { + /* default AUT0 key failed; prompt for passphrase */ + if (get_AUT0(aut0) < 0 || + cyberflex_verify_AUT0(sc_fd, cla, aut0, 8) < 0) { + error("smartcard passphrase incorrect"); + return (-1); + } + } + } + return (0); +} + int sc_put_key(Key *prv, const char *id) {