diff options
-rw-r--r-- | ChangeLog | 8 | ||||
-rw-r--r-- | scard.c | 61 |
2 files changed, 38 insertions, 31 deletions
@@ -11,9 +11,9 @@ | |||
11 | - markus@cvs.openbsd.org 2002/03/26 15:23:40 | 11 | - markus@cvs.openbsd.org 2002/03/26 15:23:40 |
12 | [bufaux.c] | 12 | [bufaux.c] |
13 | do not talk about packets in bufaux | 13 | do not talk about packets in bufaux |
14 | - markus@cvs.openbsd.org 2002/03/26 15:58:46 | 14 | - rees@cvs.openbsd.org 2002/03/26 18:46:59 |
15 | [readpass.c readpass.h sshconnect2.c] | 15 | [scard.c] |
16 | client side support for PASSWD_CHANGEREQ | 16 | try_AUT0 in read_pubkey too, for those paranoid few who want to acl 'sh' |
17 | 17 | ||
18 | 20020325 | 18 | 20020325 |
19 | - (stevesk) import OpenBSD <sys/tree.h> as "openbsd-compat/tree.h" | 19 | - (stevesk) import OpenBSD <sys/tree.h> as "openbsd-compat/tree.h" |
@@ -8077,4 +8077,4 @@ | |||
8077 | - Wrote replacements for strlcpy and mkdtemp | 8077 | - Wrote replacements for strlcpy and mkdtemp |
8078 | - Released 1.0pre1 | 8078 | - Released 1.0pre1 |
8079 | 8079 | ||
8080 | $Id: ChangeLog,v 1.1996 2002/03/27 17:28:46 mouring Exp $ | 8080 | $Id: ChangeLog,v 1.1997 2002/03/27 17:33:17 mouring Exp $ |
@@ -24,7 +24,7 @@ | |||
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | #ifdef SMARTCARD | 26 | #ifdef SMARTCARD |
27 | RCSID("$OpenBSD: scard.c,v 1.24 2002/03/25 17:34:27 markus Exp $"); | 27 | RCSID("$OpenBSD: scard.c,v 1.25 2002/03/26 18:46:59 rees Exp $"); |
28 | 28 | ||
29 | #include <openssl/evp.h> | 29 | #include <openssl/evp.h> |
30 | #include <sectok.h> | 30 | #include <sectok.h> |
@@ -65,6 +65,7 @@ static int cla = 0x00; /* class */ | |||
65 | 65 | ||
66 | static void sc_mk_digest(const char *pin, u_char *digest); | 66 | static void sc_mk_digest(const char *pin, u_char *digest); |
67 | static int get_AUT0(u_char *aut0); | 67 | static int get_AUT0(u_char *aut0); |
68 | static int try_AUT0(void); | ||
68 | 69 | ||
69 | /* interface to libsectok */ | 70 | /* interface to libsectok */ |
70 | 71 | ||
@@ -164,6 +165,12 @@ sc_read_pubkey(Key * k) | |||
164 | n = xmalloc(len); | 165 | n = xmalloc(len); |
165 | /* get n */ | 166 | /* get n */ |
166 | sectok_apdu(sc_fd, CLA_SSH, INS_GET_PUBKEY, 0, 0, 0, NULL, len, n, &sw); | 167 | sectok_apdu(sc_fd, CLA_SSH, INS_GET_PUBKEY, 0, 0, 0, NULL, len, n, &sw); |
168 | |||
169 | if (sw == 0x6982) { | ||
170 | if (try_AUT0() < 0) | ||
171 | goto err; | ||
172 | sectok_apdu(sc_fd, CLA_SSH, INS_GET_PUBKEY, 0, 0, 0, NULL, len, n, &sw); | ||
173 | } | ||
167 | if (!sectok_swOK(sw)) { | 174 | if (!sectok_swOK(sw)) { |
168 | error("could not obtain public key: %s", sectok_get_sw(sw)); | 175 | error("could not obtain public key: %s", sectok_get_sw(sw)); |
169 | goto err; | 176 | goto err; |
@@ -194,32 +201,6 @@ err: | |||
194 | return status; | 201 | return status; |
195 | } | 202 | } |
196 | 203 | ||
197 | static int | ||
198 | try_AUT0(void) | ||
199 | { | ||
200 | u_char aut0[EVP_MAX_MD_SIZE]; | ||
201 | |||
202 | /* permission denied; try PIN if provided */ | ||
203 | if (sc_pin && strlen(sc_pin) > 0) { | ||
204 | sc_mk_digest(sc_pin, aut0); | ||
205 | if (cyberflex_verify_AUT0(sc_fd, cla, aut0, 8) < 0) { | ||
206 | error("smartcard passphrase incorrect"); | ||
207 | return (-1); | ||
208 | } | ||
209 | } else { | ||
210 | /* try default AUT0 key */ | ||
211 | if (cyberflex_verify_AUT0(sc_fd, cla, DEFAUT0, 8) < 0) { | ||
212 | /* default AUT0 key failed; prompt for passphrase */ | ||
213 | if (get_AUT0(aut0) < 0 || | ||
214 | cyberflex_verify_AUT0(sc_fd, cla, aut0, 8) < 0) { | ||
215 | error("smartcard passphrase incorrect"); | ||
216 | return (-1); | ||
217 | } | ||
218 | } | ||
219 | } | ||
220 | return (0); | ||
221 | } | ||
222 | |||
223 | /* private key operations */ | 204 | /* private key operations */ |
224 | 205 | ||
225 | static int | 206 | static int |
@@ -463,6 +444,32 @@ get_AUT0(u_char *aut0) | |||
463 | return 0; | 444 | return 0; |
464 | } | 445 | } |
465 | 446 | ||
447 | static int | ||
448 | try_AUT0(void) | ||
449 | { | ||
450 | u_char aut0[EVP_MAX_MD_SIZE]; | ||
451 | |||
452 | /* permission denied; try PIN if provided */ | ||
453 | if (sc_pin && strlen(sc_pin) > 0) { | ||
454 | sc_mk_digest(sc_pin, aut0); | ||
455 | if (cyberflex_verify_AUT0(sc_fd, cla, aut0, 8) < 0) { | ||
456 | error("smartcard passphrase incorrect"); | ||
457 | return (-1); | ||
458 | } | ||
459 | } else { | ||
460 | /* try default AUT0 key */ | ||
461 | if (cyberflex_verify_AUT0(sc_fd, cla, DEFAUT0, 8) < 0) { | ||
462 | /* default AUT0 key failed; prompt for passphrase */ | ||
463 | if (get_AUT0(aut0) < 0 || | ||
464 | cyberflex_verify_AUT0(sc_fd, cla, aut0, 8) < 0) { | ||
465 | error("smartcard passphrase incorrect"); | ||
466 | return (-1); | ||
467 | } | ||
468 | } | ||
469 | } | ||
470 | return (0); | ||
471 | } | ||
472 | |||
466 | int | 473 | int |
467 | sc_put_key(Key *prv, const char *id) | 474 | sc_put_key(Key *prv, const char *id) |
468 | { | 475 | { |