[Bug 1506] rationalize agent behavior on smartcard removal/reattachment

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Mon Feb 2 10:02:00 EST 2009


https://bugzilla.mindrot.org/show_bug.cgi?id=1506





--- Comment #6 from Damien Miller <djm at mindrot.org>  2009-02-02 10:01:59 ---
(From update of attachment 1561)
>diff -ruN openssh-5.1p1/scard-opensc.c openssh-5.1p1.dkg/scard-opensc.c
>--- openssh-5.1p1/scard-opensc.c	2007-03-12 16:35:39.000000000 -0400
>+++ openssh-5.1p1.dkg/scard-opensc.c	2008-08-19 21:35:31.000000000 -0400
>@@ -124,7 +121,9 @@
> 	struct sc_pkcs15_prkey_info *key;
> 	struct sc_pkcs15_object *pin_obj;
> 	struct sc_pkcs15_pin_info *pin;
>+	int detach_retry = 1;
> 
>+ detachretry:
> 	priv = (struct sc_priv_data *) RSA_get_app_data(rsa);
> 	if (priv == NULL)
> 		return -1;
>@@ -162,6 +161,13 @@
> 	}
> 	pin = pin_obj->data;
> 	r = sc_lock(card);
>+	if (r == SC_ERROR_READER_DETACHED) {

Shouldn't this be (r == SC_ERROR_READER_DETACHED && detach_retry)

>diff -ruN openssh-5.1p1/ssh-agent.c openssh-5.1p1.dkg/ssh-agent.c
>--- openssh-5.1p1/ssh-agent.c	2008-07-04 09:10:49.000000000 -0400
>+++ openssh-5.1p1.dkg/ssh-agent.c	2008-08-21 11:49:47.000000000 -0400
>@@ -136,6 +136,11 @@
> /* Default lifetime (0 == forever) */
> static int lifetime = 0;
> 
>+#ifdef SMARTCARD
>+/* forward declaration needed */
>+static void remove_all_smartcard_keys();
>+#endif /* SMARTCARD */
>+
> static void
> close_socket(SocketEntry *e)
> {
>@@ -330,8 +335,14 @@
> 	key = key_from_blob(blob, blen);
> 	if (key != NULL) {
> 		Identity *id = lookup_identity(key, 2);
>-		if (id != NULL && (!id->confirm || confirm_key(id) == 0))
>+		if (id != NULL && (!id->confirm || confirm_key(id) == 0)) {
> 			ok = key_sign(id->key, &signature, &slen, data, dlen);
>+#ifdef SMARTCARD
>+			if ((ok != 0) && (id->key->flags &= KEY_FLAG_EXT)) {
>+				remove_all_smartcard_keys();
>+			}
>+#endif /* SMARTCARD */

Could this be moved into scard-opensc.c somehow?

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list