diff options
author | Alex Dupre <ale@FreeBSD.org> | 2010-12-27 09:58:51 +0000 |
---|---|---|
committer | Alex Dupre <ale@FreeBSD.org> | 2010-12-27 09:58:51 +0000 |
commit | 2c07ef369c818083312b94c8747839e829e944e3 (patch) | |
tree | 1087a16eeb9faf8e72be8d09a7f14d4100f24972 /security | |
parent | 0e89e724f12d3574405a26a32a5d3bcd8b7464a6 (diff) | |
download | ports-2c07ef369c818083312b94c8747839e829e944e3.tar.gz ports-2c07ef369c818083312b94c8747839e829e944e3.zip |
Notes
Diffstat (limited to 'security')
-rw-r--r-- | security/openssh-portable/Makefile | 12 | ||||
-rw-r--r-- | security/openssh-portable/files/scardpin.patch | 134 |
2 files changed, 0 insertions, 146 deletions
diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile index f8555c4e5f1f..adf81ad1a74e 100644 --- a/security/openssh-portable/Makefile +++ b/security/openssh-portable/Makefile @@ -61,8 +61,6 @@ OPTIONS= PAM "Enable pam(3) support" on \ GSSAPI "Enable GSSAPI support (req: KERBEROS)" off \ KERB_GSSAPI "Enable Kerberos/GSSAPI patch (req: GSSAPI)" off \ OPENSSH_CHROOT "Enable CHROOT support" off \ - OPENSC "Enable OpenSC smartcard support" off \ - OPENSCPINPATCH "Enable OpenSC PIN patch" off \ HPN "Enable HPN-SSH patch" off \ LPK "Enable LDAP Public Key (LPK) patch" off \ X509 "Enable x509 certificate patch" off \ @@ -145,16 +143,6 @@ CONFIGURE_ARGS+= --with-ssl-dir=${OPENSSLBASE} CFLAGS+= -DCHROOT .endif -.if defined(WITH_OPENSC) -LIB_DEPENDS+= opensc.2:${PORTSDIR}/security/opensc -CONFIGURE_ARGS+= --with-opensc=${LOCALBASE} -.endif - -# See http://bugzilla.mindrot.org/show_bug.cgi?id=608 -.if defined(WITH_OPENSCPINPATCH) -EXTRA_PATCHES+= ${FILESDIR}/scardpin.patch -.endif - .if defined(WITH_HPN) EXTRA_PATCHES+= ${FILESDIR}/openssh-5.2p1-hpn13v6.diff .endif diff --git a/security/openssh-portable/files/scardpin.patch b/security/openssh-portable/files/scardpin.patch deleted file mode 100644 index 08fa40681755..000000000000 --- a/security/openssh-portable/files/scardpin.patch +++ /dev/null @@ -1,134 +0,0 @@ -# -# https://bugzilla.mindrot.org/show_bug.cgi?id=608 -# -Index: scard-opensc.c -=================================================================== -RCS file: /cvs/openssh/scard-opensc.c,v -retrieving revision 1.12 -diff -u -r1.12 scard-opensc.c ---- scard-opensc.c 25 Aug 2003 00:58:26 -0000 1.12 -+++ scard-opensc.c 27 Aug 2003 11:42:02 -0000 -@@ -38,6 +38,8 @@ - #include "readpass.h" - #include "scard.h" - -+int ask_for_pin=0; -+ - #if OPENSSL_VERSION_NUMBER < 0x00907000L && defined(CRYPTO_LOCK_ENGINE) - #define USE_ENGINE - #define RSA_get_default_method RSA_get_default_openssl_method -@@ -119,6 +121,7 @@ - struct sc_pkcs15_prkey_info *key; - struct sc_pkcs15_object *pin_obj; - struct sc_pkcs15_pin_info *pin; -+ char *passphrase = NULL; - - priv = (struct sc_priv_data *) RSA_get_app_data(rsa); - if (priv == NULL) -@@ -156,24 +159,47 @@ - goto err; - } - pin = pin_obj->data; -+ -+ if (sc_pin) -+ passphrase = sc_pin; -+ else if (ask_for_pin) { -+ /* we need a pin but don't have one => ask for the pin */ -+ char prompt[64]; -+ -+ snprintf(prompt, sizeof(prompt), "Enter PIN for %s: ", -+ key_obj->label ? key_obj->label : "smartcard key"); -+ passphrase = read_passphrase(prompt, 0); -+ if (!passphrase || !strcmp(passphrase, "")) -+ goto err; -+ } else -+ /* no pin => error */ -+ goto err; -+ - r = sc_lock(card); - if (r) { - error("Unable to lock smartcard: %s", sc_strerror(r)); - goto err; - } -- if (sc_pin != NULL) { -- r = sc_pkcs15_verify_pin(p15card, pin, sc_pin, -- strlen(sc_pin)); -- if (r) { -- sc_unlock(card); -- error("PIN code verification failed: %s", -- sc_strerror(r)); -- goto err; -- } -+ r = sc_pkcs15_verify_pin(p15card, pin, passphrase, -+ strlen(passphrase)); -+ if (r) { -+ sc_unlock(card); -+ error("PIN code verification failed: %s", -+ sc_strerror(r)); -+ goto err; - } -+ - *key_obj_out = key_obj; -+ if (!sc_pin) { -+ memset(passphrase, 0, strlen(passphrase)); -+ xfree(passphrase); -+ } - return 0; - err: -+ if (!sc_pin && passphrase) { -+ memset(passphrase, 0, strlen(passphrase)); -+ xfree(passphrase); -+ } - sc_close(); - return -1; - } -Index: scard.c -=================================================================== -RCS file: /cvs/openssh/scard.c,v -retrieving revision 1.27 -diff -u -r1.27 scard.c ---- scard.c 18 Jun 2003 10:28:40 -0000 1.27 -+++ scard.c 27 Aug 2003 11:42:02 -0000 -@@ -35,6 +35,9 @@ - #include "readpass.h" - #include "scard.h" - -+/* currently unused */ -+int ask_for_pin = 0; -+ - #if OPENSSL_VERSION_NUMBER < 0x00907000L - #define USE_ENGINE - #define RSA_get_default_method RSA_get_default_openssl_method -Index: scard.h -=================================================================== -RCS file: /cvs/openssh/scard.h,v -retrieving revision 1.10 -diff -u -r1.10 scard.h ---- scard.h 18 Jun 2003 10:28:40 -0000 1.10 -+++ scard.h 27 Aug 2003 11:42:02 -0000 -@@ -33,6 +33,8 @@ - #define SCARD_ERROR_NOCARD -2 - #define SCARD_ERROR_APPLET -3 - -+extern int ask_for_pin; -+ - Key **sc_get_keys(const char *, const char *); - void sc_close(void); - int sc_put_key(Key *, const char *); -Index: ssh.c -=================================================================== -RCS file: /cvs/openssh/ssh.c,v -retrieving revision 1.180 -diff -u -r1.180 ssh.c ---- ssh.c 21 Aug 2003 23:34:41 -0000 1.180 -+++ ssh.c 27 Aug 2003 11:42:02 -0000 -@@ -1155,6 +1155,9 @@ - #ifdef SMARTCARD - Key **keys; - -+ if (!options.batch_mode) -+ ask_for_pin = 1; -+ - if (options.smartcard_device != NULL && - options.num_identity_files < SSH_MAX_IDENTITY_FILES && - (keys = sc_get_keys(options.smartcard_device, NULL)) != NULL ) { |