aboutsummaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorAlex Dupre <ale@FreeBSD.org>2010-12-27 09:58:51 +0000
committerAlex Dupre <ale@FreeBSD.org>2010-12-27 09:58:51 +0000
commit2c07ef369c818083312b94c8747839e829e944e3 (patch)
tree1087a16eeb9faf8e72be8d09a7f14d4100f24972 /security
parent0e89e724f12d3574405a26a32a5d3bcd8b7464a6 (diff)
downloadports-2c07ef369c818083312b94c8747839e829e944e3.tar.gz
ports-2c07ef369c818083312b94c8747839e829e944e3.zip
Notes
Diffstat (limited to 'security')
-rw-r--r--security/openssh-portable/Makefile12
-rw-r--r--security/openssh-portable/files/scardpin.patch134
2 files changed, 0 insertions, 146 deletions
diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile
index f8555c4e5f1f..adf81ad1a74e 100644
--- a/security/openssh-portable/Makefile
+++ b/security/openssh-portable/Makefile
@@ -61,8 +61,6 @@ OPTIONS= PAM "Enable pam(3) support" on \
GSSAPI "Enable GSSAPI support (req: KERBEROS)" off \
KERB_GSSAPI "Enable Kerberos/GSSAPI patch (req: GSSAPI)" off \
OPENSSH_CHROOT "Enable CHROOT support" off \
- OPENSC "Enable OpenSC smartcard support" off \
- OPENSCPINPATCH "Enable OpenSC PIN patch" off \
HPN "Enable HPN-SSH patch" off \
LPK "Enable LDAP Public Key (LPK) patch" off \
X509 "Enable x509 certificate patch" off \
@@ -145,16 +143,6 @@ CONFIGURE_ARGS+= --with-ssl-dir=${OPENSSLBASE}
CFLAGS+= -DCHROOT
.endif
-.if defined(WITH_OPENSC)
-LIB_DEPENDS+= opensc.2:${PORTSDIR}/security/opensc
-CONFIGURE_ARGS+= --with-opensc=${LOCALBASE}
-.endif
-
-# See http://bugzilla.mindrot.org/show_bug.cgi?id=608
-.if defined(WITH_OPENSCPINPATCH)
-EXTRA_PATCHES+= ${FILESDIR}/scardpin.patch
-.endif
-
.if defined(WITH_HPN)
EXTRA_PATCHES+= ${FILESDIR}/openssh-5.2p1-hpn13v6.diff
.endif
diff --git a/security/openssh-portable/files/scardpin.patch b/security/openssh-portable/files/scardpin.patch
deleted file mode 100644
index 08fa40681755..000000000000
--- a/security/openssh-portable/files/scardpin.patch
+++ /dev/null
@@ -1,134 +0,0 @@
-#
-# https://bugzilla.mindrot.org/show_bug.cgi?id=608
-#
-Index: scard-opensc.c
-===================================================================
-RCS file: /cvs/openssh/scard-opensc.c,v
-retrieving revision 1.12
-diff -u -r1.12 scard-opensc.c
---- scard-opensc.c 25 Aug 2003 00:58:26 -0000 1.12
-+++ scard-opensc.c 27 Aug 2003 11:42:02 -0000
-@@ -38,6 +38,8 @@
- #include "readpass.h"
- #include "scard.h"
-
-+int ask_for_pin=0;
-+
- #if OPENSSL_VERSION_NUMBER < 0x00907000L && defined(CRYPTO_LOCK_ENGINE)
- #define USE_ENGINE
- #define RSA_get_default_method RSA_get_default_openssl_method
-@@ -119,6 +121,7 @@
- struct sc_pkcs15_prkey_info *key;
- struct sc_pkcs15_object *pin_obj;
- struct sc_pkcs15_pin_info *pin;
-+ char *passphrase = NULL;
-
- priv = (struct sc_priv_data *) RSA_get_app_data(rsa);
- if (priv == NULL)
-@@ -156,24 +159,47 @@
- goto err;
- }
- pin = pin_obj->data;
-+
-+ if (sc_pin)
-+ passphrase = sc_pin;
-+ else if (ask_for_pin) {
-+ /* we need a pin but don't have one => ask for the pin */
-+ char prompt[64];
-+
-+ snprintf(prompt, sizeof(prompt), "Enter PIN for %s: ",
-+ key_obj->label ? key_obj->label : "smartcard key");
-+ passphrase = read_passphrase(prompt, 0);
-+ if (!passphrase || !strcmp(passphrase, ""))
-+ goto err;
-+ } else
-+ /* no pin => error */
-+ goto err;
-+
- r = sc_lock(card);
- if (r) {
- error("Unable to lock smartcard: %s", sc_strerror(r));
- goto err;
- }
-- if (sc_pin != NULL) {
-- r = sc_pkcs15_verify_pin(p15card, pin, sc_pin,
-- strlen(sc_pin));
-- if (r) {
-- sc_unlock(card);
-- error("PIN code verification failed: %s",
-- sc_strerror(r));
-- goto err;
-- }
-+ r = sc_pkcs15_verify_pin(p15card, pin, passphrase,
-+ strlen(passphrase));
-+ if (r) {
-+ sc_unlock(card);
-+ error("PIN code verification failed: %s",
-+ sc_strerror(r));
-+ goto err;
- }
-+
- *key_obj_out = key_obj;
-+ if (!sc_pin) {
-+ memset(passphrase, 0, strlen(passphrase));
-+ xfree(passphrase);
-+ }
- return 0;
- err:
-+ if (!sc_pin && passphrase) {
-+ memset(passphrase, 0, strlen(passphrase));
-+ xfree(passphrase);
-+ }
- sc_close();
- return -1;
- }
-Index: scard.c
-===================================================================
-RCS file: /cvs/openssh/scard.c,v
-retrieving revision 1.27
-diff -u -r1.27 scard.c
---- scard.c 18 Jun 2003 10:28:40 -0000 1.27
-+++ scard.c 27 Aug 2003 11:42:02 -0000
-@@ -35,6 +35,9 @@
- #include "readpass.h"
- #include "scard.h"
-
-+/* currently unused */
-+int ask_for_pin = 0;
-+
- #if OPENSSL_VERSION_NUMBER < 0x00907000L
- #define USE_ENGINE
- #define RSA_get_default_method RSA_get_default_openssl_method
-Index: scard.h
-===================================================================
-RCS file: /cvs/openssh/scard.h,v
-retrieving revision 1.10
-diff -u -r1.10 scard.h
---- scard.h 18 Jun 2003 10:28:40 -0000 1.10
-+++ scard.h 27 Aug 2003 11:42:02 -0000
-@@ -33,6 +33,8 @@
- #define SCARD_ERROR_NOCARD -2
- #define SCARD_ERROR_APPLET -3
-
-+extern int ask_for_pin;
-+
- Key **sc_get_keys(const char *, const char *);
- void sc_close(void);
- int sc_put_key(Key *, const char *);
-Index: ssh.c
-===================================================================
-RCS file: /cvs/openssh/ssh.c,v
-retrieving revision 1.180
-diff -u -r1.180 ssh.c
---- ssh.c 21 Aug 2003 23:34:41 -0000 1.180
-+++ ssh.c 27 Aug 2003 11:42:02 -0000
-@@ -1155,6 +1155,9 @@
- #ifdef SMARTCARD
- Key **keys;
-
-+ if (!options.batch_mode)
-+ ask_for_pin = 1;
-+
- if (options.smartcard_device != NULL &&
- options.num_identity_files < SSH_MAX_IDENTITY_FILES &&
- (keys = sc_get_keys(options.smartcard_device, NULL)) != NULL ) {