version 1.324, 2020/06/27 13:39:09 |
version 1.325, 2020/08/27 01:06:18 |
|
|
struct sshkey *sign_key = NULL, *prv = NULL; |
struct sshkey *sign_key = NULL, *prv = NULL; |
int r = SSH_ERR_INTERNAL_ERROR; |
int r = SSH_ERR_INTERNAL_ERROR; |
struct notifier_ctx *notifier = NULL; |
struct notifier_ctx *notifier = NULL; |
char *fp = NULL; |
char *fp = NULL, *pin = NULL, *prompt = NULL; |
|
|
*sigp = NULL; |
*sigp = NULL; |
*lenp = 0; |
*lenp = 0; |
|
|
goto out; |
goto out; |
} |
} |
sign_key = prv; |
sign_key = prv; |
if (sshkey_is_sk(sign_key) && |
if (sshkey_is_sk(sign_key)) { |
(sign_key->sk_flags & SSH_SK_USER_PRESENCE_REQD)) { |
if ((sign_key->sk_flags & |
/* XXX match batch mode should just skip these keys? */ |
SSH_SK_USER_VERIFICATION_REQD)) { |
if ((fp = sshkey_fingerprint(sign_key, |
xasprintf(&prompt, "Enter PIN for %s key %s: ", |
options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) |
sshkey_type(sign_key), id->filename); |
fatal("%s: sshkey_fingerprint", __func__); |
pin = read_passphrase(prompt, 0); |
notifier = notify_start(options.batch_mode, |
} |
"Confirm user presence for key %s %s", |
if ((sign_key->sk_flags & SSH_SK_USER_PRESENCE_REQD)) { |
sshkey_type(sign_key), fp); |
/* XXX should batch mode just skip these? */ |
free(fp); |
if ((fp = sshkey_fingerprint(sign_key, |
|
options.fingerprint_hash, |
|
SSH_FP_DEFAULT)) == NULL) |
|
fatal("%s: fingerprint", __func__); |
|
notifier = notify_start(options.batch_mode, |
|
"Confirm user presence for key %s %s", |
|
sshkey_type(sign_key), fp); |
|
free(fp); |
|
} |
} |
} |
} |
} |
if ((r = sshkey_sign(sign_key, sigp, lenp, data, datalen, |
if ((r = sshkey_sign(sign_key, sigp, lenp, data, datalen, |
alg, options.sk_provider, compat)) != 0) { |
alg, options.sk_provider, pin, compat)) != 0) { |
debug("%s: sshkey_sign: %s", __func__, ssh_err(r)); |
debug("%s: sshkey_sign: %s", __func__, ssh_err(r)); |
goto out; |
goto out; |
} |
} |
|
|
/* success */ |
/* success */ |
r = 0; |
r = 0; |
out: |
out: |
|
free(prompt); |
|
if (pin != NULL) |
|
freezero(pin, strlen(pin)); |
notify_complete(notifier); |
notify_complete(notifier); |
sshkey_free(prv); |
sshkey_free(prv); |
return r; |
return r; |