tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- rees@cvs.openbsd.org 2002/03/26 18:46:59 

[scard.c]
     try_AUT0 in read_pubkey too, for those paranoid few who want to acl 'sh'
This commit is contained in:
Ben Lindstrom 2002-03-27 17:33:17 +00:00
parent 38a69e6b53
commit 43a5e2f70e
2 changed files with 38 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ChangeLog
View File

@ -11,9 +11,9 @@
- markus@cvs.openbsd.org 2002/03/26 15:23:40 - markus@cvs.openbsd.org 2002/03/26 15:23:40
[bufaux.c] [bufaux.c]
do not talk about packets in bufaux do not talk about packets in bufaux
- markus@cvs.openbsd.org 2002/03/26 15:58:46 - rees@cvs.openbsd.org 2002/03/26 18:46:59
[readpass.c readpass.h sshconnect2.c] [scard.c]
client side support for PASSWD_CHANGEREQ try_AUT0 in read_pubkey too, for those paranoid few who want to acl 'sh'
20020325 20020325
- (stevesk) import OpenBSD <sys/tree.h> as "openbsd-compat/tree.h" - (stevesk) import OpenBSD <sys/tree.h> as "openbsd-compat/tree.h"
@ -8077,4 +8077,4 @@
- Wrote replacements for strlcpy and mkdtemp - Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1 - Released 1.0pre1
$Id: ChangeLog,v 1.1996 2002/03/27 17:28:46 mouring Exp $ $Id: ChangeLog,v 1.1997 2002/03/27 17:33:17 mouring Exp $

61
scard.c
View File

@ -24,7 +24,7 @@
#include "includes.h" #include "includes.h"
#ifdef SMARTCARD #ifdef SMARTCARD
RCSID("$OpenBSD: scard.c,v 1.24 2002/03/25 17:34:27 markus Exp $"); RCSID("$OpenBSD: scard.c,v 1.25 2002/03/26 18:46:59 rees Exp $");
#include <openssl/evp.h> #include <openssl/evp.h>
#include <sectok.h> #include <sectok.h>
@ -65,6 +65,7 @@ static int cla = 0x00; /* class */
static void sc_mk_digest(const char *pin, u_char *digest); static void sc_mk_digest(const char *pin, u_char *digest);
static int get_AUT0(u_char *aut0); static int get_AUT0(u_char *aut0);
static int try_AUT0(void);
/* interface to libsectok */ /* interface to libsectok */
@ -164,6 +165,12 @@ sc_read_pubkey(Key * k)
n = xmalloc(len); n = xmalloc(len);
/* get n */ /* get n */
sectok_apdu(sc_fd, CLA_SSH, INS_GET_PUBKEY, 0, 0, 0, NULL, len, n, &sw); sectok_apdu(sc_fd, CLA_SSH, INS_GET_PUBKEY, 0, 0, 0, NULL, len, n, &sw);
if (sw == 0x6982) {
if (try_AUT0() < 0)
goto err;
sectok_apdu(sc_fd, CLA_SSH, INS_GET_PUBKEY, 0, 0, 0, NULL, len, n, &sw);
}
if (!sectok_swOK(sw)) { if (!sectok_swOK(sw)) {
error("could not obtain public key: %s", sectok_get_sw(sw)); error("could not obtain public key: %s", sectok_get_sw(sw));
goto err; goto err;
@ -194,32 +201,6 @@ err:
return status; return status;
} }
static int
try_AUT0(void)
{
u_char aut0[EVP_MAX_MD_SIZE];
/* permission denied; try PIN if provided */
if (sc_pin && strlen(sc_pin) > 0) {
sc_mk_digest(sc_pin, aut0);
if (cyberflex_verify_AUT0(sc_fd, cla, aut0, 8) < 0) {
error("smartcard passphrase incorrect");
return (-1);
}
} else {
/* try default AUT0 key */
if (cyberflex_verify_AUT0(sc_fd, cla, DEFAUT0, 8) < 0) {
/* default AUT0 key failed; prompt for passphrase */
if (get_AUT0(aut0) < 0 ||
cyberflex_verify_AUT0(sc_fd, cla, aut0, 8) < 0) {
error("smartcard passphrase incorrect");
return (-1);
}
}
}
return (0);
}
/* private key operations */ /* private key operations */
static int static int
@ -463,6 +444,32 @@ get_AUT0(u_char *aut0)
return 0; return 0;
} }
static int
try_AUT0(void)
{
u_char aut0[EVP_MAX_MD_SIZE];
/* permission denied; try PIN if provided */
if (sc_pin && strlen(sc_pin) > 0) {
sc_mk_digest(sc_pin, aut0);
if (cyberflex_verify_AUT0(sc_fd, cla, aut0, 8) < 0) {
error("smartcard passphrase incorrect");
return (-1);
}
} else {
/* try default AUT0 key */
if (cyberflex_verify_AUT0(sc_fd, cla, DEFAUT0, 8) < 0) {
/* default AUT0 key failed; prompt for passphrase */
if (get_AUT0(aut0) < 0 ||
cyberflex_verify_AUT0(sc_fd, cla, aut0, 8) < 0) {
error("smartcard passphrase incorrect");
return (-1);
}
}
}
return (0);
}
int int
sc_put_key(Key *prv, const char *id) sc_put_key(Key *prv, const char *id)
{ {