From 711b04a56a7cf587131ae1910d243207062086ec Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Mon, 6 Aug 2001 21:12:42 +0000 Subject: [PATCH] - millert@cvs.openbsd.org 2001/07/27 14:50:45 [ssh.c] If smart card support is compiled in and a smart card is being used for authentication, make it the first method used. markus@ OK --- ChangeLog | 6 ++++- ssh.c | 67 ++++++++++++++++++++++++++++++------------------------- 2 files changed, 41 insertions(+), 32 deletions(-) diff --git a/ChangeLog b/ChangeLog index 59e54f05c..eab49e844 100644 --- a/ChangeLog +++ b/ChangeLog @@ -45,6 +45,10 @@ Inquire Cyberflex class for 0xf0 cards change aid to conform to 7816-5 remove gratuitous fid selects + - millert@cvs.openbsd.org 2001/07/27 14:50:45 + [ssh.c] + If smart card support is compiled in and a smart card is being used + for authentication, make it the first method used. markus@ OK 20010803 - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on @@ -6155,4 +6159,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1438 2001/08/06 21:10:52 mouring Exp $ +$Id: ChangeLog,v 1.1439 2001/08/06 21:12:42 mouring Exp $ diff --git a/ssh.c b/ssh.c index 7810cd14c..d12d7580a 100644 --- a/ssh.c +++ b/ssh.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.130 2001/07/25 14:35:18 markus Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.131 2001/07/27 14:50:45 millert Exp $"); #include #include @@ -1153,9 +1153,42 @@ load_public_identity_files(void) { char *filename; Key *public; - int i; + int i = 0; - for (i = 0; i < options.num_identity_files; i++) { +#ifdef SMARTCARD + if (sc_reader_num != -1 && + options.num_identity_files + 1 < SSH_MAX_IDENTITY_FILES && + (public = sc_get_key(sc_reader_num)) != NULL ) { + Key *new; + + if (options.num_identity_files + 2 > SSH_MAX_IDENTITY_FILES) + options.num_identity_files = SSH_MAX_IDENTITY_FILES - 2; + memmove(&options.identity_files[2], &options.identity_files[0], + sizeof(char *) * options.num_identity_files); + options.num_identity_files += 2; + i = 2; + + /* XXX ssh1 vs ssh2 */ + new = key_new(KEY_RSA); + new->flags = KEY_FLAG_EXT; + BN_copy(new->rsa->n, public->rsa->n); + BN_copy(new->rsa->e, public->rsa->e); + RSA_set_method(new->rsa, sc_get_engine()); + options.identity_keys[0] = new; + options.identity_files[0] = xstrdup("smartcard rsa key");; + + new = key_new(KEY_RSA1); + new->flags = KEY_FLAG_EXT; + BN_copy(new->rsa->n, public->rsa->n); + BN_copy(new->rsa->e, public->rsa->e); + RSA_set_method(new->rsa, sc_get_engine()); + options.identity_keys[1] = new; + options.identity_files[1] = xstrdup("smartcard rsa1 key"); + + key_free(public); + } +#endif + for (; i < options.num_identity_files; i++) { filename = tilde_expand_filename(options.identity_files[i], original_real_uid); public = key_load_public(filename, NULL); @@ -1165,32 +1198,4 @@ load_public_identity_files(void) options.identity_files[i] = filename; options.identity_keys[i] = public; } -#ifdef SMARTCARD - if (sc_reader_num != -1 && - options.num_identity_files + 1 < SSH_MAX_IDENTITY_FILES && - (public = sc_get_key(sc_reader_num)) != NULL ) { - Key *new; - - /* XXX ssh1 vs ssh2 */ - new = key_new(KEY_RSA); - new->flags = KEY_FLAG_EXT; - BN_copy(new->rsa->n, public->rsa->n); - BN_copy(new->rsa->e, public->rsa->e); - RSA_set_method(new->rsa, sc_get_engine()); - i = options.num_identity_files++; - options.identity_keys[i] = new; - options.identity_files[i] = xstrdup("smartcard rsa key");; - - new = key_new(KEY_RSA1); - new->flags = KEY_FLAG_EXT; - BN_copy(new->rsa->n, public->rsa->n); - BN_copy(new->rsa->e, public->rsa->e); - RSA_set_method(new->rsa, sc_get_engine()); - i = options.num_identity_files++; - options.identity_keys[i] = new; - options.identity_files[i] = xstrdup("smartcard rsa1 key");; - - key_free(public); - } -#endif }