summaryrefslogtreecommitdiff
path: root/sshconnect2.c
diff options
context:
space:
mode:
Diffstat (limited to 'sshconnect2.c')
-rw-r--r--sshconnect2.c37
1 files changed, 24 insertions, 13 deletions
diff --git a/sshconnect2.c b/sshconnect2.c
index 74946da0..347e348c 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.324 2020/06/27 13:39:09 bket Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.325 2020/08/27 01:06:18 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -1175,7 +1175,7 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp,
struct sshkey *sign_key = NULL, *prv = NULL;
int r = SSH_ERR_INTERNAL_ERROR;
struct notifier_ctx *notifier = NULL;
- char *fp = NULL;
+ char *fp = NULL, *pin = NULL, *prompt = NULL;
*sigp = NULL;
*lenp = 0;
@@ -1204,20 +1204,28 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp,
goto out;
}
sign_key = prv;
- if (sshkey_is_sk(sign_key) &&
- (sign_key->sk_flags & SSH_SK_USER_PRESENCE_REQD)) {
- /* XXX match batch mode should just skip these keys? */
- if ((fp = sshkey_fingerprint(sign_key,
- options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
- fatal("%s: sshkey_fingerprint", __func__);
- notifier = notify_start(options.batch_mode,
- "Confirm user presence for key %s %s",
- sshkey_type(sign_key), fp);
- free(fp);
+ if (sshkey_is_sk(sign_key)) {
+ if ((sign_key->sk_flags &
+ SSH_SK_USER_VERIFICATION_REQD)) {
+ xasprintf(&prompt, "Enter PIN for %s key %s: ",
+ sshkey_type(sign_key), id->filename);
+ pin = read_passphrase(prompt, 0);
+ }
+ if ((sign_key->sk_flags & SSH_SK_USER_PRESENCE_REQD)) {
+ /* XXX should batch mode just skip these? */
+ if ((fp = sshkey_fingerprint(sign_key,
+ options.fingerprint_hash,
+ SSH_FP_DEFAULT)) == NULL)
+ fatal("%s: fingerprint", __func__);
+ notifier = notify_start(options.batch_mode,
+ "Confirm user presence for key %s %s",
+ sshkey_type(sign_key), fp);
+ free(fp);
+ }
}
}
if ((r = sshkey_sign(sign_key, sigp, lenp, data, datalen,
- alg, options.sk_provider, compat)) != 0) {
+ alg, options.sk_provider, pin, compat)) != 0) {
debug("%s: sshkey_sign: %s", __func__, ssh_err(r));
goto out;
}
@@ -1232,6 +1240,9 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp,
/* success */
r = 0;
out:
+ free(prompt);
+ if (pin != NULL)
+ freezero(pin, strlen(pin));
notify_complete(notifier);
sshkey_free(prv);
return r;
View Lorry Controller Status