RepoMirrors/openssh
1
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2025-01-30 05:32:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

- millert@cvs.openbsd.org 2001/07/27 14:50:45

Browse Source 
[ssh.c]
     If smart card support is compiled in and a smart card is being used
     for authentication, make it the first method used.  markus@ OK
This commit is contained in:
Ben Lindstrom 2001-08-06 21:12:42 +00:00
parent 60df8e4f7d
commit 711b04a56a
2 changed files with 41 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -45,6 +45,10 @@
Inquire Cyberflex class for 0xf0 cards
change aid to conform to 7816-5
remove gratuitous fid selects
- millert@cvs.openbsd.org 2001/07/27 14:50:45
[ssh.c]
If smart card support is compiled in and a smart card is being used
for authentication, make it the first method used. markus@ OK
20010803
- (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on
@ -6155,4 +6159,4 @@
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1
$Id: ChangeLog,v 1.1438 2001/08/06 21:10:52 mouring Exp $
$Id: ChangeLog,v 1.1439 2001/08/06 21:12:42 mouring Exp $

67
ssh.c
View File

@ -39,7 +39,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: ssh.c,v 1.130 2001/07/25 14:35:18 markus Exp $");
RCSID("$OpenBSD: ssh.c,v 1.131 2001/07/27 14:50:45 millert Exp $");
#include <openssl/evp.h>
#include <openssl/err.h>
@ -1153,9 +1153,42 @@ load_public_identity_files(void)
{
char *filename;
Key *public;
int i;
int i = 0;
for (i = 0; i < options.num_identity_files; i++) {
#ifdef SMARTCARD
if (sc_reader_num != -1 &&
options.num_identity_files + 1 < SSH_MAX_IDENTITY_FILES &&
(public = sc_get_key(sc_reader_num)) != NULL ) {
Key *new;
if (options.num_identity_files + 2 > SSH_MAX_IDENTITY_FILES)
options.num_identity_files = SSH_MAX_IDENTITY_FILES - 2;
memmove(&options.identity_files[2], &options.identity_files[0],
sizeof(char *) * options.num_identity_files);
options.num_identity_files += 2;
i = 2;
/* XXX ssh1 vs ssh2 */
new = key_new(KEY_RSA);
new->flags = KEY_FLAG_EXT;
BN_copy(new->rsa->n, public->rsa->n);
BN_copy(new->rsa->e, public->rsa->e);
RSA_set_method(new->rsa, sc_get_engine());
options.identity_keys[0] = new;
options.identity_files[0] = xstrdup("smartcard rsa key");;
new = key_new(KEY_RSA1);
new->flags = KEY_FLAG_EXT;
BN_copy(new->rsa->n, public->rsa->n);
BN_copy(new->rsa->e, public->rsa->e);
RSA_set_method(new->rsa, sc_get_engine());
options.identity_keys[1] = new;
options.identity_files[1] = xstrdup("smartcard rsa1 key");
key_free(public);
}
#endif
for (; i < options.num_identity_files; i++) {
filename = tilde_expand_filename(options.identity_files[i],
original_real_uid);
public = key_load_public(filename, NULL);
@ -1165,32 +1198,4 @@ load_public_identity_files(void)
options.identity_files[i] = filename;
options.identity_keys[i] = public;
}
#ifdef SMARTCARD
if (sc_reader_num != -1 &&
options.num_identity_files + 1 < SSH_MAX_IDENTITY_FILES &&
(public = sc_get_key(sc_reader_num)) != NULL ) {
Key *new;
/* XXX ssh1 vs ssh2 */
new = key_new(KEY_RSA);
new->flags = KEY_FLAG_EXT;
BN_copy(new->rsa->n, public->rsa->n);
BN_copy(new->rsa->e, public->rsa->e);
RSA_set_method(new->rsa, sc_get_engine());
i = options.num_identity_files++;
options.identity_keys[i] = new;
options.identity_files[i] = xstrdup("smartcard rsa key");;
new = key_new(KEY_RSA1);
new->flags = KEY_FLAG_EXT;
BN_copy(new->rsa->n, public->rsa->n);
BN_copy(new->rsa->e, public->rsa->e);
RSA_set_method(new->rsa, sc_get_engine());
i = options.num_identity_files++;
options.identity_keys[i] = new;
options.identity_files[i] = xstrdup("smartcard rsa1 key");;
key_free(public);
}
#endif
}