summaryrefslogtreecommitdiff
path: root/scard.c
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2002-03-27 17:33:17 +0000
committerBen Lindstrom <mouring@eviladmin.org>2002-03-27 17:33:17 +0000
commit43a5e2f70e3fc38de55b45f580e92b7be84cfa34 (patch)
treebe9d78d5ea3a7e325b01a93383eaf3063076d772 /scard.c
parent38a69e6b53ad05b39081f8531104be6d21970d79 (diff)
- rees@cvs.openbsd.org 2002/03/26 18:46:59
[scard.c] try_AUT0 in read_pubkey too, for those paranoid few who want to acl 'sh'
Diffstat (limited to 'scard.c')
-rw-r--r--scard.c61
1 files changed, 34 insertions, 27 deletions
diff --git a/scard.c b/scard.c
index 779106f8..de53f9d0 100644
--- a/scard.c
+++ b/scard.c
@@ -24,7 +24,7 @@
#include "includes.h"
#ifdef SMARTCARD
-RCSID("$OpenBSD: scard.c,v 1.24 2002/03/25 17:34:27 markus Exp $");
+RCSID("$OpenBSD: scard.c,v 1.25 2002/03/26 18:46:59 rees Exp $");
#include <openssl/evp.h>
#include <sectok.h>
@@ -65,6 +65,7 @@ static int cla = 0x00; /* class */
static void sc_mk_digest(const char *pin, u_char *digest);
static int get_AUT0(u_char *aut0);
+static int try_AUT0(void);
/* interface to libsectok */
@@ -164,6 +165,12 @@ sc_read_pubkey(Key * k)
n = xmalloc(len);
/* get n */
sectok_apdu(sc_fd, CLA_SSH, INS_GET_PUBKEY, 0, 0, 0, NULL, len, n, &sw);
+
+ if (sw == 0x6982) {
+ if (try_AUT0() < 0)
+ goto err;
+ sectok_apdu(sc_fd, CLA_SSH, INS_GET_PUBKEY, 0, 0, 0, NULL, len, n, &sw);
+ }
if (!sectok_swOK(sw)) {
error("could not obtain public key: %s", sectok_get_sw(sw));
goto err;
@@ -194,32 +201,6 @@ err:
return status;
}
-static int
-try_AUT0(void)
-{
- u_char aut0[EVP_MAX_MD_SIZE];
-
- /* permission denied; try PIN if provided */
- if (sc_pin && strlen(sc_pin) > 0) {
- sc_mk_digest(sc_pin, aut0);
- if (cyberflex_verify_AUT0(sc_fd, cla, aut0, 8) < 0) {
- error("smartcard passphrase incorrect");
- return (-1);
- }
- } else {
- /* try default AUT0 key */
- if (cyberflex_verify_AUT0(sc_fd, cla, DEFAUT0, 8) < 0) {
- /* default AUT0 key failed; prompt for passphrase */
- if (get_AUT0(aut0) < 0 ||
- cyberflex_verify_AUT0(sc_fd, cla, aut0, 8) < 0) {
- error("smartcard passphrase incorrect");
- return (-1);
- }
- }
- }
- return (0);
-}
-
/* private key operations */
static int
@@ -463,6 +444,32 @@ get_AUT0(u_char *aut0)
return 0;
}
+static int
+try_AUT0(void)
+{
+ u_char aut0[EVP_MAX_MD_SIZE];
+
+ /* permission denied; try PIN if provided */
+ if (sc_pin && strlen(sc_pin) > 0) {
+ sc_mk_digest(sc_pin, aut0);
+ if (cyberflex_verify_AUT0(sc_fd, cla, aut0, 8) < 0) {
+ error("smartcard passphrase incorrect");
+ return (-1);
+ }
+ } else {
+ /* try default AUT0 key */
+ if (cyberflex_verify_AUT0(sc_fd, cla, DEFAUT0, 8) < 0) {
+ /* default AUT0 key failed; prompt for passphrase */
+ if (get_AUT0(aut0) < 0 ||
+ cyberflex_verify_AUT0(sc_fd, cla, aut0, 8) < 0) {
+ error("smartcard passphrase incorrect");
+ return (-1);
+ }
+ }
+ }
+ return (0);
+}
+
int
sc_put_key(Key *prv, const char *id)
{