From 711b04a56a7cf587131ae1910d243207062086ec Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Mon, 6 Aug 2001 21:12:42 +0000 Subject: - millert@cvs.openbsd.org 2001/07/27 14:50:45 [ssh.c] If smart card support is compiled in and a smart card is being used for authentication, make it the first method used. markus@ OK --- ChangeLog | 6 +++++- ssh.c | 41 +++++++++++++++++++++++------------------ 2 files changed, 28 insertions(+), 19 deletions(-) diff --git a/ChangeLog b/ChangeLog index 59e54f05c..eab49e844 100644 --- a/ChangeLog +++ b/ChangeLog @@ -45,6 +45,10 @@ Inquire Cyberflex class for 0xf0 cards change aid to conform to 7816-5 remove gratuitous fid selects + - millert@cvs.openbsd.org 2001/07/27 14:50:45 + [ssh.c] + If smart card support is compiled in and a smart card is being used + for authentication, make it the first method used. markus@ OK 20010803 - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on @@ -6155,4 +6159,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1438 2001/08/06 21:10:52 mouring Exp $ +$Id: ChangeLog,v 1.1439 2001/08/06 21:12:42 mouring Exp $ diff --git a/ssh.c b/ssh.c index 7810cd14c..d12d7580a 100644 --- a/ssh.c +++ b/ssh.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.130 2001/07/25 14:35:18 markus Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.131 2001/07/27 14:50:45 millert Exp $"); #include #include @@ -1153,44 +1153,49 @@ load_public_identity_files(void) { char *filename; Key *public; - int i; + int i = 0; - for (i = 0; i < options.num_identity_files; i++) { - filename = tilde_expand_filename(options.identity_files[i], - original_real_uid); - public = key_load_public(filename, NULL); - debug("identity file %s type %d", filename, - public ? public->type : -1); - xfree(options.identity_files[i]); - options.identity_files[i] = filename; - options.identity_keys[i] = public; - } #ifdef SMARTCARD if (sc_reader_num != -1 && options.num_identity_files + 1 < SSH_MAX_IDENTITY_FILES && (public = sc_get_key(sc_reader_num)) != NULL ) { Key *new; + if (options.num_identity_files + 2 > SSH_MAX_IDENTITY_FILES) + options.num_identity_files = SSH_MAX_IDENTITY_FILES - 2; + memmove(&options.identity_files[2], &options.identity_files[0], + sizeof(char *) * options.num_identity_files); + options.num_identity_files += 2; + i = 2; + /* XXX ssh1 vs ssh2 */ new = key_new(KEY_RSA); new->flags = KEY_FLAG_EXT; BN_copy(new->rsa->n, public->rsa->n); BN_copy(new->rsa->e, public->rsa->e); RSA_set_method(new->rsa, sc_get_engine()); - i = options.num_identity_files++; - options.identity_keys[i] = new; - options.identity_files[i] = xstrdup("smartcard rsa key");; + options.identity_keys[0] = new; + options.identity_files[0] = xstrdup("smartcard rsa key");; new = key_new(KEY_RSA1); new->flags = KEY_FLAG_EXT; BN_copy(new->rsa->n, public->rsa->n); BN_copy(new->rsa->e, public->rsa->e); RSA_set_method(new->rsa, sc_get_engine()); - i = options.num_identity_files++; - options.identity_keys[i] = new; - options.identity_files[i] = xstrdup("smartcard rsa1 key");; + options.identity_keys[1] = new; + options.identity_files[1] = xstrdup("smartcard rsa1 key"); key_free(public); } #endif + for (; i < options.num_identity_files; i++) { + filename = tilde_expand_filename(options.identity_files[i], + original_real_uid); + public = key_load_public(filename, NULL); + debug("identity file %s type %d", filename, + public ? public->type : -1); + xfree(options.identity_files[i]); + options.identity_files[i] = filename; + options.identity_keys[i] = public; + } } -- cgit v1.2.3