mirror of
https://github.com/PowerShell/openssh-portable.git
synced 2025-07-26 23:34:55 +02:00
- rees@cvs.openbsd.org 2002/03/21 22:44:05
[authfd.c authfd.h ssh-add.c ssh-agent.c ssh.c]
Add PIN-protection for secret key.
This commit is contained in:
Ben Lindstrom
parent
266ec63eb3
commit
ba72d30aa5
@ -139,6 +139,9 @@
|
|||||||
- rees@cvs.openbsd.org 2002/03/21 21:54:34
|
- rees@cvs.openbsd.org 2002/03/21 21:54:34
|
||||||
[scard.c scard.h ssh-keygen.c]
|
[scard.c scard.h ssh-keygen.c]
|
||||||
Add PIN-protection for secret key.
|
Add PIN-protection for secret key.
|
||||||
|
- rees@cvs.openbsd.org 2002/03/21 22:44:05
|
||||||
|
[authfd.c authfd.h ssh-add.c ssh-agent.c ssh.c]
|
||||||
|
Add PIN-protection for secret key.
|
||||||
|
|
||||||
20020317
|
20020317
|
||||||
- (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is wanted,
|
- (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is wanted,
|
||||||
@ -7985,4 +7988,4 @@
|
|||||||
- Wrote replacements for strlcpy and mkdtemp
|
- Wrote replacements for strlcpy and mkdtemp
|
||||||
- Released 1.0pre1
|
- Released 1.0pre1
|
||||||
|
|
||||||
$Id: ChangeLog,v 1.1964 2002/03/22 03:47:38 mouring Exp $
|
$Id: ChangeLog,v 1.1965 2002/03/22 03:51:06 mouring Exp $
|
||||||
|
|||||||
5
authfd.c
5
authfd.c
@ -35,7 +35,7 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: authfd.c,v 1.48 2002/02/24 19:14:59 markus Exp $");
|
RCSID("$OpenBSD: authfd.c,v 1.49 2002/03/21 22:44:05 rees Exp $");
|
||||||
|
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
|
|
||||||
@ -532,7 +532,7 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key)
|
|||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
ssh_update_card(AuthenticationConnection *auth, int add, const char *reader_id)
|
ssh_update_card(AuthenticationConnection *auth, int add, const char *reader_id, const char *pin)
|
||||||
{
|
{
|
||||||
Buffer msg;
|
Buffer msg;
|
||||||
int type;
|
int type;
|
||||||
@ -541,6 +541,7 @@ ssh_update_card(AuthenticationConnection *auth, int add, const char *reader_id)
|
|||||||
buffer_put_char(&msg, add ? SSH_AGENTC_ADD_SMARTCARD_KEY :
|
buffer_put_char(&msg, add ? SSH_AGENTC_ADD_SMARTCARD_KEY :
|
||||||
SSH_AGENTC_REMOVE_SMARTCARD_KEY);
|
SSH_AGENTC_REMOVE_SMARTCARD_KEY);
|
||||||
buffer_put_cstring(&msg, reader_id);
|
buffer_put_cstring(&msg, reader_id);
|
||||||
|
buffer_put_cstring(&msg, pin);
|
||||||
if (ssh_request_reply(auth, &msg, &msg) == 0) {
|
if (ssh_request_reply(auth, &msg, &msg) == 0) {
|
||||||
buffer_free(&msg);
|
buffer_free(&msg);
|
||||||
return 0;
|
return 0;
|
||||||
|
|||||||
4
authfd.h
4
authfd.h
@ -1,4 +1,4 @@
|
|||||||
/* $OpenBSD: authfd.h,v 1.23 2002/03/04 17:27:39 stevesk Exp $ */
|
/* $OpenBSD: authfd.h,v 1.24 2002/03/21 22:44:05 rees Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
@ -67,7 +67,7 @@ Key *ssh_get_next_identity(AuthenticationConnection *, char **, int);
|
|||||||
int ssh_add_identity(AuthenticationConnection *, Key *, const char *);
|
int ssh_add_identity(AuthenticationConnection *, Key *, const char *);
|
||||||
int ssh_remove_identity(AuthenticationConnection *, Key *);
|
int ssh_remove_identity(AuthenticationConnection *, Key *);
|
||||||
int ssh_remove_all_identities(AuthenticationConnection *, int);
|
int ssh_remove_all_identities(AuthenticationConnection *, int);
|
||||||
int ssh_update_card(AuthenticationConnection *, int, const char *);
|
int ssh_update_card(AuthenticationConnection *, int, const char *, const char *);
|
||||||
|
|
||||||
int
|
int
|
||||||
ssh_decrypt_challenge(AuthenticationConnection *, Key *, BIGNUM *, u_char[16],
|
ssh_decrypt_challenge(AuthenticationConnection *, Key *, BIGNUM *, u_char[16],
|
||||||
|
|||||||
10
ssh-add.c
10
ssh-add.c
@ -35,7 +35,7 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: ssh-add.c,v 1.52 2002/03/21 10:21:20 markus Exp $");
|
RCSID("$OpenBSD: ssh-add.c,v 1.53 2002/03/21 22:44:05 rees Exp $");
|
||||||
|
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
|
|
||||||
@ -176,7 +176,13 @@ add_file(AuthenticationConnection *ac, const char *filename)
|
|||||||
static int
|
static int
|
||||||
update_card(AuthenticationConnection *ac, int add, const char *id)
|
update_card(AuthenticationConnection *ac, int add, const char *id)
|
||||||
{
|
{
|
||||||
if (ssh_update_card(ac, add, id)) {
|
char *pin;
|
||||||
|
|
||||||
|
pin = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN);
|
||||||
|
if (pin == NULL)
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
if (ssh_update_card(ac, add, id, pin)) {
|
||||||
fprintf(stderr, "Card %s: %s\n",
|
fprintf(stderr, "Card %s: %s\n",
|
||||||
add ? "added" : "removed", id);
|
add ? "added" : "removed", id);
|
||||||
return 0;
|
return 0;
|
||||||
|
|||||||
14
ssh-agent.c
14
ssh-agent.c
@ -34,7 +34,7 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: ssh-agent.c,v 1.82 2002/03/04 17:27:39 stevesk Exp $");
|
RCSID("$OpenBSD: ssh-agent.c,v 1.83 2002/03/21 22:44:05 rees Exp $");
|
||||||
|
|
||||||
#if defined(HAVE_SYS_QUEUE_H) && !defined(HAVE_BOGUS_SYS_QUEUE_H)
|
#if defined(HAVE_SYS_QUEUE_H) && !defined(HAVE_BOGUS_SYS_QUEUE_H)
|
||||||
#include <sys/queue.h>
|
#include <sys/queue.h>
|
||||||
@ -454,12 +454,14 @@ process_add_smartcard_key (SocketEntry *e)
|
|||||||
{
|
{
|
||||||
Idtab *tab;
|
Idtab *tab;
|
||||||
Key *n = NULL, *k = NULL;
|
Key *n = NULL, *k = NULL;
|
||||||
char *sc_reader_id = NULL;
|
char *sc_reader_id = NULL, *pin;
|
||||||
int success = 0;
|
int success = 0;
|
||||||
|
|
||||||
sc_reader_id = buffer_get_string(&e->input, NULL);
|
sc_reader_id = buffer_get_string(&e->input, NULL);
|
||||||
k = sc_get_key(sc_reader_id);
|
pin = buffer_get_string(&e->input, NULL);
|
||||||
|
k = sc_get_key(sc_reader_id, pin);
|
||||||
xfree(sc_reader_id);
|
xfree(sc_reader_id);
|
||||||
|
xfree(pin);
|
||||||
|
|
||||||
if (k == NULL) {
|
if (k == NULL) {
|
||||||
error("sc_get_pubkey failed");
|
error("sc_get_pubkey failed");
|
||||||
@ -505,11 +507,13 @@ process_remove_smartcard_key(SocketEntry *e)
|
|||||||
{
|
{
|
||||||
Key *k = NULL;
|
Key *k = NULL;
|
||||||
int success = 0;
|
int success = 0;
|
||||||
char *sc_reader_id = NULL;
|
char *sc_reader_id = NULL, *pin;
|
||||||
|
|
||||||
sc_reader_id = buffer_get_string(&e->input, NULL);
|
sc_reader_id = buffer_get_string(&e->input, NULL);
|
||||||
k = sc_get_key(sc_reader_id);
|
pin = buffer_get_string(&e->input, NULL);
|
||||||
|
k = sc_get_key(sc_reader_id, pin);
|
||||||
xfree(sc_reader_id);
|
xfree(sc_reader_id);
|
||||||
|
xfree(pin);
|
||||||
|
|
||||||
if (k == NULL) {
|
if (k == NULL) {
|
||||||
error("sc_get_pubkey failed");
|
error("sc_get_pubkey failed");
|
||||||
|
|||||||
4
ssh.c
4
ssh.c
@ -39,7 +39,7 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: ssh.c,v 1.165 2002/03/19 10:49:35 markus Exp $");
|
RCSID("$OpenBSD: ssh.c,v 1.166 2002/03/21 22:44:05 rees Exp $");
|
||||||
|
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
#include <openssl/err.h>
|
#include <openssl/err.h>
|
||||||
@ -1193,7 +1193,7 @@ load_public_identity_files(void)
|
|||||||
#ifdef SMARTCARD
|
#ifdef SMARTCARD
|
||||||
if (options.smartcard_device != NULL &&
|
if (options.smartcard_device != NULL &&
|
||||||
options.num_identity_files + 1 < SSH_MAX_IDENTITY_FILES &&
|
options.num_identity_files + 1 < SSH_MAX_IDENTITY_FILES &&
|
||||||
(public = sc_get_key(options.smartcard_device)) != NULL ) {
|
(public = sc_get_key(options.smartcard_device, NULL)) != NULL ) {
|
||||||
Key *new;
|
Key *new;
|
||||||
|
|
||||||
if (options.num_identity_files + 2 > SSH_MAX_IDENTITY_FILES)
|
if (options.num_identity_files + 2 > SSH_MAX_IDENTITY_FILES)
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user