Bugzilla – Attachment 3279 Details for
Bug 2430
ssh-keygen should allow to login before reading public key from smart card
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
revised diff
bz2430.diff (text/plain), 2.66 KB, created by
Damien Miller
on 2019-05-10 14:25:21 AEST
(
hide
)
Description:
revised diff
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2019-05-10 14:25:21 AEST
Size:
2.66 KB
patch
obsolete
>commit a2bc595aa6e8a44167d95e85d72b6e3b7a0ac8ed >Author: Damien Miller <djm@mindrot.org> >Date: Fri May 10 14:24:50 2019 +1000 > > bz2430 > >diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c >index 2d52ae4..98b141c 100644 >--- a/ssh-pkcs11.c >+++ b/ssh-pkcs11.c >@@ -231,21 +231,17 @@ pkcs11_find(struct pkcs11_provider *p, CK_ULONG slotidx, CK_ATTRIBUTE *attr, > } > > static int >-pkcs11_login(struct pkcs11_key *k11, CK_USER_TYPE type) >+pkcs11_login_slot(struct pkcs11_provider *provider, struct pkcs11_slotinfo *si, >+ CK_USER_TYPE type) > { >- struct pkcs11_slotinfo *si; >- CK_FUNCTION_LIST *f; > char *pin = NULL, prompt[1024]; > CK_RV rv; > >- if (!k11->provider || !k11->provider->valid) { >+ if (provider == NULL || si == NULL || !provider->valid) { > error("no pkcs11 (valid) provider found"); > return (-1); > } > >- f = k11->provider->function_list; >- si = &k11->provider->slotinfo[k11->slotidx]; >- > if (!pkcs11_interactive) { > error("need pin entry%s", > (si->token.flags & CKF_PROTECTED_AUTHENTICATION_PATH) ? >@@ -262,7 +258,7 @@ pkcs11_login(struct pkcs11_key *k11, CK_USER_TYPE type) > return (-1); /* bail out */ > } > } >- rv = f->C_Login(si->session, type, (u_char *)pin, >+ rv = provider->function_list->C_Login(si->session, type, (u_char *)pin, > (pin != NULL) ? strlen(pin) : 0); > if (pin != NULL) > freezero(pin, strlen(pin)); >@@ -274,6 +270,19 @@ pkcs11_login(struct pkcs11_key *k11, CK_USER_TYPE type) > return (0); > } > >+static int >+pkcs11_login(struct pkcs11_key *k11, CK_USER_TYPE type) >+{ >+ if (k11 == NULL || k11->provider == NULL || !k11->provider->valid) { >+ error("no pkcs11 (valid) provider found"); >+ return (-1); >+ } >+ >+ return pkcs11_login_slot(k11->provider, >+ &k11->provider->slotinfo[k11->slotidx], type); >+} >+ >+ > static int > pkcs11_check_obj_bool_attrib(struct pkcs11_key *k11, CK_OBJECT_HANDLE obj, > CK_ATTRIBUTE_TYPE type, int *val) >@@ -1540,9 +1549,22 @@ pkcs11_register_provider(char *provider_id, char *pin, struct sshkey ***keyp, > * open session, login with pin and retrieve public > * keys (if keyp is provided) > */ >- if ((ret = pkcs11_open_session(p, i, pin, user)) == 0) { >- if (keyp == NULL) >+ if ((ret = pkcs11_open_session(p, i, pin, user)) != 0 || >+ keyp == NULL) >+ continue; >+ pkcs11_fetch_keys(p, i, keyp, &nkeys); >+ pkcs11_fetch_certs(p, i, keyp, &nkeys); >+ if (nkeys == 0 && !p->slotinfo[i].logged_in && >+ pkcs11_interactive) { >+ /* >+ * Some tokens require login before they will >+ * expose keys. >+ */ >+ if (pkcs11_login_slot(p, &p->slotinfo[i], >+ CKU_USER) < 0) { >+ error("login failed"); > continue; >+ } > pkcs11_fetch_keys(p, i, keyp, &nkeys); > pkcs11_fetch_certs(p, i, keyp, &nkeys); > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3279">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2430
:
3130
|
3133
| 3279