commit 43a5e2f70e3fc38de55b45f580e92b7be84cfa34
author Ben Lindstrom <mouring@eviladmin.org> Wed Mar 27 17:33:17 2002 +0000
committer Ben Lindstrom <mouring@eviladmin.org> Wed Mar 27 17:33:17 2002 +0000
tree be9d78d5ea3a7e325b01a93383eaf3063076d772
parent 38a69e6b53ad05b39081f8531104be6d21970d79

   - rees@cvs.openbsd.org 2002/03/26 18:46:59
     [scard.c]
     try_AUT0 in read_pubkey too, for those paranoid few who want to acl 'sh'

scard.c

diff --git a/scard.c b/scard.c
index 779106f..de53f9d 100644
--- a/scard.c
+++ b/scard.c
@@ -24,7 +24,7 @@
 
 #include "includes.h"
 #ifdef SMARTCARD
-RCSID("$OpenBSD: scard.c,v 1.24 2002/03/25 17:34:27 markus Exp $");
+RCSID("$OpenBSD: scard.c,v 1.25 2002/03/26 18:46:59 rees Exp $");
 
 #include <openssl/evp.h>
 #include <sectok.h>
@@ -65,6 +65,7 @@
 
 static void sc_mk_digest(const char *pin, u_char *digest);
 static int get_AUT0(u_char *aut0);
+static int try_AUT0(void);
 
 /* interface to libsectok */
 
@@ -164,6 +165,12 @@
 	n = xmalloc(len);
 	/* get n */
 	sectok_apdu(sc_fd, CLA_SSH, INS_GET_PUBKEY, 0, 0, 0, NULL, len, n, &sw);
+
+	if (sw == 0x6982) {
+		if (try_AUT0() < 0)
+			goto err;
+		sectok_apdu(sc_fd, CLA_SSH, INS_GET_PUBKEY, 0, 0, 0, NULL, len, n, &sw);
+	}
 	if (!sectok_swOK(sw)) {
 		error("could not obtain public key: %s", sectok_get_sw(sw));
 		goto err;
@@ -194,32 +201,6 @@
 	return status;
 }
 
-static int
-try_AUT0(void)
-{
-	u_char aut0[EVP_MAX_MD_SIZE];
-
-	/* permission denied; try PIN if provided */
-	if (sc_pin && strlen(sc_pin) > 0) {
-		sc_mk_digest(sc_pin, aut0);
-		if (cyberflex_verify_AUT0(sc_fd, cla, aut0, 8) < 0) {
-			error("smartcard passphrase incorrect");
-			return (-1);
-		}
-	} else {
-		/* try default AUT0 key */
-		if (cyberflex_verify_AUT0(sc_fd, cla, DEFAUT0, 8) < 0) {
-			/* default AUT0 key failed; prompt for passphrase */
-			if (get_AUT0(aut0) < 0 ||
-			    cyberflex_verify_AUT0(sc_fd, cla, aut0, 8) < 0) {
-				error("smartcard passphrase incorrect");
-				return (-1);
-			}
-		}
-	}
-	return (0);
-}
-
 /* private key operations */
 
 static int
@@ -463,6 +444,32 @@
 	return 0;
 }
 
+static int
+try_AUT0(void)
+{
+	u_char aut0[EVP_MAX_MD_SIZE];
+
+	/* permission denied; try PIN if provided */
+	if (sc_pin && strlen(sc_pin) > 0) {
+		sc_mk_digest(sc_pin, aut0);
+		if (cyberflex_verify_AUT0(sc_fd, cla, aut0, 8) < 0) {
+			error("smartcard passphrase incorrect");
+			return (-1);
+		}
+	} else {
+		/* try default AUT0 key */
+		if (cyberflex_verify_AUT0(sc_fd, cla, DEFAUT0, 8) < 0) {
+			/* default AUT0 key failed; prompt for passphrase */
+			if (get_AUT0(aut0) < 0 ||
+			    cyberflex_verify_AUT0(sc_fd, cla, aut0, 8) < 0) {
+				error("smartcard passphrase incorrect");
+				return (-1);
+			}
+		}
+	}
+	return (0);
+}
+
 int
 sc_put_key(Key *prv, const char *id)
 {