[PATCH] ensure PKCS#11 library file is accessible before use
sergeyb at tarantool.org
sergeyb at tarantool.org
Thu Sep 10 00:17:05 AEST 2020
From: Sergey Bronnikov <sergeyb at tarantool.org>
ssh-agent failed to use PKCS#11 provider when file is not accessible and
show message like like: 'Could not add card
"/usr/local/lib/pkcs11/opensc-pkcs11.so": agent refused operation'. This
commit adds to ssh-add utility check for existance of PKCS#11 library
file before passing it to ssh-agent.
---
ssh-add.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/ssh-add.c b/ssh-add.c
index 936dc212..779bf8dd 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -816,6 +816,9 @@ main(int argc, char **argv)
goto done;
}
if (pkcs11provider != NULL) {
+ struct stat buf;
+ if (stat(pkcs11provider, &buf) != 0)
+ fatal("PKCS#11 shared library file is not accessible: %s", strerror(errno));
if (update_card(agent_fd, !deleting, pkcs11provider,
qflag) == -1)
ret = 1;
--
2.26.2
More information about the openssh-unix-dev
mailing list