=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/authfd.c,v retrieving revision 1.19.2.1 retrieving revision 1.19.2.2 diff -u -r1.19.2.1 -r1.19.2.2 --- src/usr.bin/ssh/authfd.c 2000/09/01 18:23:17 1.19.2.1 +++ src/usr.bin/ssh/authfd.c 2000/11/08 21:30:25 1.19.2.2 @@ -1,23 +1,41 @@ /* - * - * authfd.c - * * Author: Tatu Ylonen - * * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved - * - * Created: Wed Mar 29 01:30:28 1995 ylo - * * Functions for connecting the local authentication agent. * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + * * SSH2 implementation, - * Copyright (c) 2000 Markus Friedl. All rights reserved. + * Copyright (c) 2000 Markus Friedl. All rights reserved. * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: authfd.c,v 1.19.2.1 2000/09/01 18:23:17 jason Exp $"); +RCSID("$OpenBSD: authfd.c,v 1.19.2.2 2000/11/08 21:30:25 jason Exp $"); #include "ssh.h" #include "rsa.h" @@ -33,10 +51,15 @@ #include "authfd.h" #include "kex.h" #include "dsa.h" +#include "compat.h" /* helper */ int decode_reply(int type); +/* macro to check for "agent failure" message */ +#define agent_failed(x) \ + ((x == SSH_AGENT_FAILURE) || (x == SSH_COM_AGENT2_FAILURE)) + /* Returns the number of the authentication fd, or -1 if there is none. */ int @@ -219,7 +242,7 @@ /* Get message type, and verify that we got a proper answer. */ type = buffer_get_char(&auth->identities); - if (type == SSH_AGENT_FAILURE) { + if (agent_failed(type)) { return NULL; } else if (type != code2) { fatal("Bad authentication reply message type: %d", type); @@ -318,7 +341,7 @@ } type = buffer_get_char(&buffer); - if (type == SSH_AGENT_FAILURE) { + if (agent_failed(type)) { log("Agent admitted failure to authenticate using the key."); } else if (type != SSH_AGENT_RSA_RESPONSE) { fatal("Bad authentication response: %d", type); @@ -342,19 +365,24 @@ unsigned char **sigp, int *lenp, unsigned char *data, int datalen) { + extern int datafellows; Buffer msg; unsigned char *blob; unsigned int blen; - int type; + int type, flags = 0; int ret = -1; if (dsa_make_key_blob(key, &blob, &blen) == 0) return -1; + if (datafellows & SSH_BUG_SIGBLOB) + flags = SSH_AGENT_OLD_SIGNATURE; + buffer_init(&msg); buffer_put_char(&msg, SSH2_AGENTC_SIGN_REQUEST); buffer_put_string(&msg, blob, blen); buffer_put_string(&msg, data, datalen); + buffer_put_int(&msg, flags); xfree(blob); if (ssh_request_reply(auth, &msg, &msg) == 0) { @@ -362,7 +390,7 @@ return -1; } type = buffer_get_char(&msg); - if (type == SSH_AGENT_FAILURE) { + if (agent_failed(type)) { log("Agent admitted failure to sign using the key."); } else if (type != SSH2_AGENT_SIGN_RESPONSE) { fatal("Bad authentication response: %d", type); @@ -509,6 +537,7 @@ { switch (type) { case SSH_AGENT_FAILURE: + case SSH_COM_AGENT2_FAILURE: log("SSH_AGENT_FAILURE"); return 0; case SSH_AGENT_SUCCESS: