| Summary: | ssh-add unnecessarily prompts for PKCS#11 pin when removing key | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | jay | ||||||||
| Component: | ssh-add | Assignee: | Damien Miller <djm> | ||||||||
| Status: | CLOSED FIXED | ||||||||||
| Severity: | enhancement | CC: | djm, dtucker, jjelen | ||||||||
| Priority: | P5 | ||||||||||
| Version: | 6.3p1 | ||||||||||
| Hardware: | All | ||||||||||
| OS: | All | ||||||||||
| Bug Depends on: | |||||||||||
| Bug Blocks: | 2130 | ||||||||||
| Attachments: |
|
||||||||||
Created attachment 2393 [details]
tweaked patch
Thanks - that looks correct.
Here's a slightly tweaked patch. I think it should go in.
committed - thanks. This will be in OpenSSH 6.5 due early next year. Created attachment 2624 [details]
patch: free only on existing pin
This works, but unfortunately, if you are removing card, you call free on NULL pointer, which is ... not good.
We had this fixed in our version, but probably forgot to report back upstream last year.
(In reply to Jakub Jelen from comment #3) > This works, but unfortunately, if you are removing card, you call > free on NULL pointer, which is ... not good. Nope, free(NULL) is fine. From the free(3) man page: "If ptr is NULL, no operation is performed." and SuSv2: http://pubs.opengroup.org/onlinepubs/007908799/xsh/free.html "If ptr is a null pointer, no action occurs." closing resolved bugs as of 8.6p1 release |
Created attachment 2392 [details] openssh-6.3p1-ssh-add.patch Although PROTOCOL.agent specifies that when performing SSH_AGENTC_REMOVE_SMARTCARD_KEY the pin is used to determine which smartcards to remove, in implementation the pin is never used. I think this is due to the fact the pin is never stored, so there is nothing to compare to. Although the pin is never used during the remove operation, ssh-add prompts for the pin, which is frustrating to some users The attached patch causes ssh-add to not prompt for a pin while removing a PKCS#11 library.