Attachment #1600 for bug #1506




	struct sc_pkcs15_prkey_info *key;
	struct sc_pkcs15_object *pin_obj;
	struct sc_pkcs15_pin_info *pin;
	int detach_retry = 1;

 detachretry:
	priv = (struct sc_priv_data *) RSA_get_app_data(rsa);
	if (priv == NULL)
		return -1;

	}
	pin = pin_obj->data;
	r = sc_lock(card);
	if (r == SC_ERROR_READER_DETACHED && detach_retry) {
	  /* first retry after a plug fails; we'll try one more time */
	  debug("Retrying sc_lock() after receiving Error %d (%s)", r, sc_strerror(r));
	  detach_retry = 0;
	  sc_close();
	  goto detachretry;
	}
	if (r) {
		error("Unable to lock smartcard: %s", sc_strerror(r));
		goto err;

	return 0;
err:
	sc_close();
	if (sc_pin != NULL) {
	  xfree(sc_pin);
	  sc_pin = NULL;
	}
	return -1;
}


Lines 136-141 Link Here

(-)openssh-5.1p1/ssh-agent.c (-1 / +34 lines)
136	/* Default lifetime (0 == forever) */	136	/* Default lifetime (0 == forever) */
137	static int lifetime = 0;	137	static int lifetime = 0;
138		138
		139	#ifdef SMARTCARD
		140	/* forward declaration needed */
		141	static void remove_all_smartcard_keys();
		142	#endif /* SMARTCARD */
		143
139	static void	144	static void
140	close_socket(SocketEntry *e)	145	close_socket(SocketEntry *e)
141	{	146	{
Lines 330-337 Link Here
330	key = key_from_blob(blob, blen);	335	key = key_from_blob(blob, blen);
331	if (key != NULL) {	336	if (key != NULL) {
332	Identity *id = lookup_identity(key, 2);	337	Identity *id = lookup_identity(key, 2);
333	if (id != NULL && (!id->confirm \|\| confirm_key(id) == 0))	338	if (id != NULL && (!id->confirm \|\| confirm_key(id) == 0)) {
334	ok = key_sign(id->key, &signature, &slen, data, dlen);	339	ok = key_sign(id->key, &signature, &slen, data, dlen);
		340	#ifdef SMARTCARD
		341	if ((ok != 0) && (id->key->flags &= KEY_FLAG_EXT)) {
		342	remove_all_smartcard_keys();
		343	}
		344	#endif /* SMARTCARD */
		345	}
335	key_free(key);	346	key_free(key);
336	}	347	}
337	buffer_init(&msg);	348	buffer_init(&msg);
Lines 675-680 Link Here
675	}	686	}
676		687
677	static void	688	static void
		689	remove_all_smartcard_keys()
		690	{
		691	/* walk through all stored identities and remove keys on external hardware */
		692	Identity id, nxt;
		693	int version;
		694	Idtab *tab;
		695
		696	for (version = 1; version < 3; version++) {
		697	tab = idtab_lookup(version);
		698	for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) {
		699	nxt = TAILQ_NEXT(id, next);
		700	if (id->key->flags &= KEY_FLAG_EXT) {
		701	debug("Removing hardware key '%s'", id->comment);
		702	TAILQ_REMOVE(&tab->idlist, id, next);
		703	free_identity(id);
		704	tab->nentries--;
		705	}
		706	}
		707	}
		708	}
		709
		710	static void
678	process_remove_smartcard_key(SocketEntry *e)	711	process_remove_smartcard_key(SocketEntry *e)
679	{	712	{
680	char sc_reader_id = NULL, pin;	713	char sc_reader_id = NULL, pin;

Return to bug 1506

Lines 124-130 Link Here

(-)openssh-5.1p1/scard-opensc.c (+13 lines)
124	struct sc_pkcs15_prkey_info *key;	121	struct sc_pkcs15_prkey_info *key;
125	struct sc_pkcs15_object *pin_obj;	122	struct sc_pkcs15_object *pin_obj;
126	struct sc_pkcs15_pin_info *pin;	123	struct sc_pkcs15_pin_info *pin;
		124	int detach_retry = 1;
127		125
		126	detachretry:
128	priv = (struct sc_priv_data *) RSA_get_app_data(rsa);	127	priv = (struct sc_priv_data *) RSA_get_app_data(rsa);
129	if (priv == NULL)	128	if (priv == NULL)
130	return -1;	129	return -1;
Lines 162-167 Link Here
162	}	161	}
163	pin = pin_obj->data;	162	pin = pin_obj->data;
164	r = sc_lock(card);	163	r = sc_lock(card);
		164	if (r == SC_ERROR_READER_DETACHED && detach_retry) {
		165	/* first retry after a plug fails; we'll try one more time */
		166	debug("Retrying sc_lock() after receiving Error %d (%s)", r, sc_strerror(r));
		167	detach_retry = 0;
		168	sc_close();
		169	goto detachretry;
		170	}
165	if (r) {	171	if (r) {
166	error("Unable to lock smartcard: %s", sc_strerror(r));	172	error("Unable to lock smartcard: %s", sc_strerror(r));
167	goto err;	173	goto err;
Lines 180-185 Link Here
180	return 0;	186	return 0;
181	err:	187	err:
182	sc_close();	188	sc_close();
		189	if (sc_pin != NULL) {
		190	xfree(sc_pin);
		191	sc_pin = NULL;
		192	}
183	return -1;	193	return -1;
184	}	194	}
185		195