- millert@cvs.openbsd.org 2001/07/27 14:50:45

     [ssh.c]
     If smart card support is compiled in and a smart card is being used
     for authentication, make it the first method used.  markus@ OK

diff --git a/ChangeLog b/ChangeLog
index a97530d2ba762ed6bc53ec90c678ac20542e3711..3ee0c58eba51f3e96d3559d6b34db6cbc5035aa7 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -45,6 +45,10 @@
      Inquire Cyberflex class for 0xf0 cards
      change aid to conform to 7816-5
      remove gratuitous fid selects
+   - millert@cvs.openbsd.org 2001/07/27 14:50:45
+     [ssh.c]
+     If smart card support is compiled in and a smart card is being used
+     for authentication, make it the first method used.  markus@ OK
 
 20010803
  - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on

diff --git a/ssh.c b/ssh.c
index 7810cd14c9754e160c20b09a3175f9b8033365b8..d12d7580ac722f45e21ae1de045480f696626451 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -39,7 +39,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.130 2001/07/25 14:35:18 markus Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.131 2001/07/27 14:50:45 millert Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -1153,44 +1153,49 @@ load_public_identity_files(void)
 {
        char *filename;
        Key *public;
-       int i;
+       int i = 0;
 
-       for (i = 0; i < options.num_identity_files; i++) {
-               filename = tilde_expand_filename(options.identity_files[i],
-                   original_real_uid);
-               public = key_load_public(filename, NULL);
-               debug("identity file %s type %d", filename,
-                   public ? public->type : -1);
-               xfree(options.identity_files[i]);
-               options.identity_files[i] = filename;
-               options.identity_keys[i] = public;
-       }
 #ifdef SMARTCARD
        if (sc_reader_num != -1 &&
            options.num_identity_files + 1 < SSH_MAX_IDENTITY_FILES &&
            (public = sc_get_key(sc_reader_num)) != NULL ) {
                Key *new;
 
+               if (options.num_identity_files + 2 > SSH_MAX_IDENTITY_FILES)
+                       options.num_identity_files = SSH_MAX_IDENTITY_FILES - 2;
+               memmove(&options.identity_files[2], &options.identity_files[0],
+                   sizeof(char *) * options.num_identity_files);
+               options.num_identity_files += 2;
+               i = 2;
+
                /* XXX ssh1 vs ssh2 */
                new = key_new(KEY_RSA);
                new->flags = KEY_FLAG_EXT;
                BN_copy(new->rsa->n, public->rsa->n);
                BN_copy(new->rsa->e, public->rsa->e);
                RSA_set_method(new->rsa, sc_get_engine());
-               i = options.num_identity_files++;
-               options.identity_keys[i] = new;
-               options.identity_files[i] = xstrdup("smartcard rsa key");;
+               options.identity_keys[0] = new;
+               options.identity_files[0] = xstrdup("smartcard rsa key");;
 
                new = key_new(KEY_RSA1);
                new->flags = KEY_FLAG_EXT;
                BN_copy(new->rsa->n, public->rsa->n);
                BN_copy(new->rsa->e, public->rsa->e);
                RSA_set_method(new->rsa, sc_get_engine());
-               i = options.num_identity_files++;
-               options.identity_keys[i] = new;
-               options.identity_files[i] = xstrdup("smartcard rsa1 key");;
+               options.identity_keys[1] = new;
+               options.identity_files[1] = xstrdup("smartcard rsa1 key");
 
                key_free(public);
        }
 #endif
+       for (; i < options.num_identity_files; i++) {
+               filename = tilde_expand_filename(options.identity_files[i],
+                   original_real_uid);
+               public = key_load_public(filename, NULL);
+               debug("identity file %s type %d", filename,
+                   public ? public->type : -1);
+               xfree(options.identity_files[i]);
+               options.identity_files[i] = filename;
+               options.identity_keys[i] = public;
+       }
 }