| version 1.58, 2003/01/23 13:50:27 |
version 1.58.2.2, 2004/03/04 18:18:15 |
|
|
| static int |
static int |
| ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply) |
ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply) |
| { |
{ |
| int l, len; |
int l; |
| |
u_int len; |
| char buf[1024]; |
char buf[1024]; |
| |
|
| /* Get the length of the message, and format it in the buffer. */ |
/* Get the length of the message, and format it in the buffer. */ |
|
|
| PUT_32BIT(buf, len); |
PUT_32BIT(buf, len); |
| |
|
| /* Send the length and then the packet to the agent. */ |
/* Send the length and then the packet to the agent. */ |
| if (atomicio(write, auth->fd, buf, 4) != 4 || |
if (atomicio(vwrite, auth->fd, buf, 4) != 4 || |
| atomicio(write, auth->fd, buffer_ptr(request), |
atomicio(vwrite, auth->fd, buffer_ptr(request), |
| buffer_len(request)) != buffer_len(request)) { |
buffer_len(request)) != buffer_len(request)) { |
| error("Error writing to authentication socket."); |
error("Error writing to authentication socket."); |
| return 0; |
return 0; |
|
|
| /* Extract the length, and check it for sanity. */ |
/* Extract the length, and check it for sanity. */ |
| len = GET_32BIT(buf); |
len = GET_32BIT(buf); |
| if (len > 256 * 1024) |
if (len > 256 * 1024) |
| fatal("Authentication response too long: %d", len); |
fatal("Authentication response too long: %u", len); |
| |
|
| /* Read the rest of the response in to the buffer. */ |
/* Read the rest of the response in to the buffer. */ |
| buffer_clear(reply); |
buffer_clear(reply); |
|
|
| |
|
| /* Get the number of entries in the response and check it for sanity. */ |
/* Get the number of entries in the response and check it for sanity. */ |
| auth->howmany = buffer_get_int(&auth->identities); |
auth->howmany = buffer_get_int(&auth->identities); |
| if (auth->howmany > 1024) |
if ((u_int)auth->howmany > 1024) |
| fatal("Too many identities in authentication reply: %d", |
fatal("Too many identities in authentication reply: %d", |
| auth->howmany); |
auth->howmany); |
| |
|
|
|
| buffer_get_bignum(&auth->identities, key->rsa->n); |
buffer_get_bignum(&auth->identities, key->rsa->n); |
| *comment = buffer_get_string(&auth->identities, NULL); |
*comment = buffer_get_string(&auth->identities, NULL); |
| if (bits != BN_num_bits(key->rsa->n)) |
if (bits != BN_num_bits(key->rsa->n)) |
| log("Warning: identity keysize mismatch: actual %d, announced %u", |
logit("Warning: identity keysize mismatch: actual %d, announced %u", |
| BN_num_bits(key->rsa->n), bits); |
BN_num_bits(key->rsa->n), bits); |
| break; |
break; |
| case 2: |
case 2: |
|
|
| if (key->type != KEY_RSA1) |
if (key->type != KEY_RSA1) |
| return 0; |
return 0; |
| if (response_type == 0) { |
if (response_type == 0) { |
| log("Compatibility with ssh protocol version 1.0 no longer supported."); |
logit("Compatibility with ssh protocol version 1.0 no longer supported."); |
| return 0; |
return 0; |
| } |
} |
| buffer_init(&buffer); |
buffer_init(&buffer); |
|
|
| type = buffer_get_char(&buffer); |
type = buffer_get_char(&buffer); |
| |
|
| if (agent_failed(type)) { |
if (agent_failed(type)) { |
| log("Agent admitted failure to authenticate using the key."); |
logit("Agent admitted failure to authenticate using the key."); |
| } else if (type != SSH_AGENT_RSA_RESPONSE) { |
} else if (type != SSH_AGENT_RSA_RESPONSE) { |
| fatal("Bad authentication response: %d", type); |
fatal("Bad authentication response: %d", type); |
| } else { |
} else { |
|
|
| } |
} |
| type = buffer_get_char(&msg); |
type = buffer_get_char(&msg); |
| if (agent_failed(type)) { |
if (agent_failed(type)) { |
| log("Agent admitted failure to sign using the key."); |
logit("Agent admitted failure to sign using the key."); |
| } else if (type != SSH2_AGENT_SIGN_RESPONSE) { |
} else if (type != SSH2_AGENT_SIGN_RESPONSE) { |
| fatal("Bad authentication response: %d", type); |
fatal("Bad authentication response: %d", type); |
| } else { |
} else { |
|
|
| } |
} |
| |
|
| int |
int |
| ssh_update_card(AuthenticationConnection *auth, int add, const char *reader_id, const char *pin) |
ssh_update_card(AuthenticationConnection *auth, int add, |
| |
const char *reader_id, const char *pin, u_int life, u_int confirm) |
| { |
{ |
| Buffer msg; |
Buffer msg; |
| int type; |
int type, constrained = (life || confirm); |
| |
|
| |
if (add) { |
| |
type = constrained ? |
| |
SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED : |
| |
SSH_AGENTC_ADD_SMARTCARD_KEY; |
| |
} else |
| |
type = SSH_AGENTC_REMOVE_SMARTCARD_KEY; |
| |
|
| buffer_init(&msg); |
buffer_init(&msg); |
| buffer_put_char(&msg, add ? SSH_AGENTC_ADD_SMARTCARD_KEY : |
buffer_put_char(&msg, type); |
| SSH_AGENTC_REMOVE_SMARTCARD_KEY); |
|
| buffer_put_cstring(&msg, reader_id); |
buffer_put_cstring(&msg, reader_id); |
| buffer_put_cstring(&msg, pin); |
buffer_put_cstring(&msg, pin); |
| |
|
| |
if (constrained) { |
| |
if (life != 0) { |
| |
buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_LIFETIME); |
| |
buffer_put_int(&msg, life); |
| |
} |
| |
if (confirm != 0) |
| |
buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_CONFIRM); |
| |
} |
| |
|
| if (ssh_request_reply(auth, &msg, &msg) == 0) { |
if (ssh_request_reply(auth, &msg, &msg) == 0) { |
| buffer_free(&msg); |
buffer_free(&msg); |
| return 0; |
return 0; |
|
|
| case SSH_AGENT_FAILURE: |
case SSH_AGENT_FAILURE: |
| case SSH_COM_AGENT2_FAILURE: |
case SSH_COM_AGENT2_FAILURE: |
| case SSH2_AGENT_FAILURE: |
case SSH2_AGENT_FAILURE: |
| log("SSH_AGENT_FAILURE"); |
logit("SSH_AGENT_FAILURE"); |
| return 0; |
return 0; |
| case SSH_AGENT_SUCCESS: |
case SSH_AGENT_SUCCESS: |
| return 1; |
return 1; |
![[BACK]](/icons/back.gif){kind=icon}
Return to authfd.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh