diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2019-11-12 22:36:44 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2019-11-13 10:15:47 +1100 |
| commit | e44bb61824e36d0d181a08489c16c378c486a974 (patch) | |
| tree | 5993043d43eb51fe1f33d95466e01dc7bee751e2 /sshconnect2.c | |
| parent | 4671211068441519011ac0e38c588317f4157ba1 (diff) | |
upstream: security keys typically need to be tapped/touched in
order to perform a signature operation. Notify the user when this is expected
via the TTY (if available) or $SSH_ASKPASS if we can.
ok markus@
OpenBSD-Commit-ID: 0ef90a99a85d4a2a07217a58efb4df8444818609
Diffstat (limited to 'sshconnect2.c')
| -rw-r--r-- | sshconnect2.c | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/sshconnect2.c b/sshconnect2.c index 4e5cddf14..c8db626df 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sshconnect2.c,v 1.311 2019/11/12 19:33:08 markus Exp $ */ | 1 | /* $OpenBSD: sshconnect2.c,v 1.312 2019/11/12 22:36:44 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
| 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
| @@ -73,6 +73,7 @@ | |||
| 73 | #include "ssherr.h" | 73 | #include "ssherr.h" |
| 74 | #include "utf8.h" | 74 | #include "utf8.h" |
| 75 | #include "ssh-sk.h" | 75 | #include "ssh-sk.h" |
| 76 | #include "sk-api.h" | ||
| 76 | 77 | ||
| 77 | #ifdef GSSAPI | 78 | #ifdef GSSAPI |
| 78 | #include "ssh-gss.h" | 79 | #include "ssh-gss.h" |
| @@ -1149,6 +1150,8 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp, | |||
| 1149 | { | 1150 | { |
| 1150 | struct sshkey *sign_key = NULL, *prv = NULL; | 1151 | struct sshkey *sign_key = NULL, *prv = NULL; |
| 1151 | int r = SSH_ERR_INTERNAL_ERROR; | 1152 | int r = SSH_ERR_INTERNAL_ERROR; |
| 1153 | struct notifier_ctx *notifier = NULL; | ||
| 1154 | char *fp = NULL; | ||
| 1152 | 1155 | ||
| 1153 | *sigp = NULL; | 1156 | *sigp = NULL; |
| 1154 | *lenp = 0; | 1157 | *lenp = 0; |
| @@ -1177,12 +1180,24 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp, | |||
| 1177 | goto out; | 1180 | goto out; |
| 1178 | } | 1181 | } |
| 1179 | sign_key = prv; | 1182 | sign_key = prv; |
| 1183 | if (sshkey_is_sk(sign_key) && | ||
| 1184 | (sign_key->sk_flags & SSH_SK_USER_PRESENCE_REQD)) { | ||
| 1185 | /* XXX match batch mode should just skip these keys? */ | ||
| 1186 | if ((fp = sshkey_fingerprint(sign_key, | ||
| 1187 | options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) | ||
| 1188 | fatal("%s: sshkey_fingerprint", __func__); | ||
| 1189 | notifier = notify_start(options.batch_mode, | ||
| 1190 | "Confirm user presence for key %s %s", | ||
| 1191 | sshkey_type(sign_key), fp); | ||
| 1192 | free(fp); | ||
| 1193 | } | ||
| 1180 | } | 1194 | } |
| 1181 | if ((r = sshkey_sign(sign_key, sigp, lenp, data, datalen, | 1195 | if ((r = sshkey_sign(sign_key, sigp, lenp, data, datalen, |
| 1182 | alg, options.sk_provider, compat)) != 0) { | 1196 | alg, options.sk_provider, compat)) != 0) { |
| 1183 | debug("%s: sshkey_sign: %s", __func__, ssh_err(r)); | 1197 | debug("%s: sshkey_sign: %s", __func__, ssh_err(r)); |
| 1184 | goto out; | 1198 | goto out; |
| 1185 | } | 1199 | } |
| 1200 | notify_complete(notifier); | ||
| 1186 | /* | 1201 | /* |
| 1187 | * PKCS#11 tokens may not support all signature algorithms, | 1202 | * PKCS#11 tokens may not support all signature algorithms, |
| 1188 | * so check what we get back. | 1203 | * so check what we get back. |