version 1.286, 2022/01/12 03:30:32 |
version 1.287, 2022/01/14 03:43:48 |
|
|
u_char *signature = NULL; |
u_char *signature = NULL; |
size_t slen = 0; |
size_t slen = 0; |
u_int compat = 0, flags; |
u_int compat = 0, flags; |
int r, ok = -1; |
int r, ok = -1, retried = 0; |
char *fp = NULL, *user = NULL, *sig_dest = NULL; |
char *fp = NULL, *pin = NULL, *prompt = NULL; |
|
char *user = NULL, *sig_dest = NULL; |
const char *fwd_host = NULL, *dest_host = NULL; |
const char *fwd_host = NULL, *dest_host = NULL; |
struct sshbuf *msg = NULL, *data = NULL, *sid = NULL; |
struct sshbuf *msg = NULL, *data = NULL, *sid = NULL; |
struct sshkey *key = NULL, *hostkey = NULL; |
struct sshkey *key = NULL, *hostkey = NULL; |
|
|
/* error already logged */ |
/* error already logged */ |
goto send; |
goto send; |
} |
} |
if ((id->key->sk_flags & SSH_SK_USER_PRESENCE_REQD)) { |
if ((id->key->sk_flags & SSH_SK_USER_VERIFICATION_REQD)) { |
|
/* XXX include sig_dest */ |
|
xasprintf(&prompt, "Enter PIN%sfor %s key %s: ", |
|
(id->key->sk_flags & SSH_SK_USER_PRESENCE_REQD) ? |
|
" and confirm user presence " : " ", |
|
sshkey_type(id->key), fp); |
|
pin = read_passphrase(prompt, RP_USE_ASKPASS); |
|
free(prompt); |
|
prompt = NULL; |
|
} else if ((id->key->sk_flags & SSH_SK_USER_PRESENCE_REQD)) { |
notifier = notify_start(0, |
notifier = notify_start(0, |
"Confirm user presence for key %s %s%s%s", |
"Confirm user presence for key %s %s%s%s", |
sshkey_type(id->key), fp, |
sshkey_type(id->key), fp, |
|
|
sig_dest == NULL ? "" : sig_dest); |
sig_dest == NULL ? "" : sig_dest); |
} |
} |
} |
} |
/* XXX support PIN required FIDO keys */ |
retry_pin: |
if ((r = sshkey_sign(id->key, &signature, &slen, |
if ((r = sshkey_sign(id->key, &signature, &slen, |
sshbuf_ptr(data), sshbuf_len(data), agent_decode_alg(key, flags), |
sshbuf_ptr(data), sshbuf_len(data), agent_decode_alg(key, flags), |
id->sk_provider, NULL, compat)) != 0) { |
id->sk_provider, pin, compat)) != 0) { |
|
debug_fr(r, "sshkey_sign"); |
|
if (pin == NULL && !retried && sshkey_is_sk(id->key) && |
|
r == SSH_ERR_KEY_WRONG_PASSPHRASE) { |
|
if (notifier) { |
|
notify_complete(notifier, NULL); |
|
notifier = NULL; |
|
} |
|
/* XXX include sig_dest */ |
|
xasprintf(&prompt, "Enter PIN%sfor %s key %s: ", |
|
(id->key->sk_flags & SSH_SK_USER_PRESENCE_REQD) ? |
|
" and confirm user presence " : " ", |
|
sshkey_type(id->key), fp); |
|
pin = read_passphrase(prompt, RP_USE_ASKPASS); |
|
retried = 1; |
|
goto retry_pin; |
|
} |
error_fr(r, "sshkey_sign"); |
error_fr(r, "sshkey_sign"); |
goto send; |
goto send; |
} |
} |
|
|
free(signature); |
free(signature); |
free(sig_dest); |
free(sig_dest); |
free(user); |
free(user); |
|
free(prompt); |
|
if (pin != NULL) |
|
freezero(pin, strlen(pin)); |
} |
} |
|
|
/* shared */ |
/* shared */ |