version 1.311, 2019/11/12 19:33:08 |
version 1.312, 2019/11/12 22:36:44 |
|
|
#include "ssherr.h" |
#include "ssherr.h" |
#include "utf8.h" |
#include "utf8.h" |
#include "ssh-sk.h" |
#include "ssh-sk.h" |
|
#include "sk-api.h" |
|
|
#ifdef GSSAPI |
#ifdef GSSAPI |
#include "ssh-gss.h" |
#include "ssh-gss.h" |
|
|
{ |
{ |
struct sshkey *sign_key = NULL, *prv = NULL; |
struct sshkey *sign_key = NULL, *prv = NULL; |
int r = SSH_ERR_INTERNAL_ERROR; |
int r = SSH_ERR_INTERNAL_ERROR; |
|
struct notifier_ctx *notifier = NULL; |
|
char *fp = NULL; |
|
|
*sigp = NULL; |
*sigp = NULL; |
*lenp = 0; |
*lenp = 0; |
|
|
goto out; |
goto out; |
} |
} |
sign_key = prv; |
sign_key = prv; |
|
if (sshkey_is_sk(sign_key) && |
|
(sign_key->sk_flags & SSH_SK_USER_PRESENCE_REQD)) { |
|
/* XXX match batch mode should just skip these keys? */ |
|
if ((fp = sshkey_fingerprint(sign_key, |
|
options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) |
|
fatal("%s: sshkey_fingerprint", __func__); |
|
notifier = notify_start(options.batch_mode, |
|
"Confirm user presence for key %s %s", |
|
sshkey_type(sign_key), fp); |
|
free(fp); |
|
} |
} |
} |
if ((r = sshkey_sign(sign_key, sigp, lenp, data, datalen, |
if ((r = sshkey_sign(sign_key, sigp, lenp, data, datalen, |
alg, options.sk_provider, compat)) != 0) { |
alg, options.sk_provider, compat)) != 0) { |
debug("%s: sshkey_sign: %s", __func__, ssh_err(r)); |
debug("%s: sshkey_sign: %s", __func__, ssh_err(r)); |
goto out; |
goto out; |
} |
} |
|
notify_complete(notifier); |
/* |
/* |
* PKCS#11 tokens may not support all signature algorithms, |
* PKCS#11 tokens may not support all signature algorithms, |
* so check what we get back. |
* so check what we get back. |