=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/authfd.c,v retrieving revision 1.29 retrieving revision 1.29.2.5 diff -u -r1.29 -r1.29.2.5 --- src/usr.bin/ssh/authfd.c 2000/10/09 21:51:00 1.29 +++ src/usr.bin/ssh/authfd.c 2001/09/27 00:15:41 1.29.2.5 @@ -35,38 +35,39 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfd.c,v 1.29 2000/10/09 21:51:00 markus Exp $"); +RCSID("$OpenBSD: authfd.c,v 1.29.2.5 2001/09/27 00:15:41 miod Exp $"); +#include + #include "ssh.h" #include "rsa.h" #include "buffer.h" #include "bufaux.h" #include "xmalloc.h" #include "getput.h" - -#include -#include -#include #include "key.h" #include "authfd.h" +#include "cipher.h" #include "kex.h" -#include "dsa.h" #include "compat.h" +#include "log.h" +#include "atomicio.h" /* helper */ int decode_reply(int type); /* macro to check for "agent failure" message */ #define agent_failed(x) \ - ((x == SSH_AGENT_FAILURE) || (x == SSH_COM_AGENT2_FAILURE)) + ((x == SSH_AGENT_FAILURE) || (x == SSH_COM_AGENT2_FAILURE) || \ + (x == SSH2_AGENT_FAILURE)) /* Returns the number of the authentication fd, or -1 if there is none. */ int -ssh_get_authentication_socket() +ssh_get_authentication_socket(void) { const char *authsocket; - int sock, len; + int sock; struct sockaddr_un sunaddr; authsocket = getenv(SSH_AUTHSOCKET_ENV_NAME); @@ -75,7 +76,6 @@ sunaddr.sun_family = AF_UNIX; strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path)); - sunaddr.sun_len = len = SUN_LEN(&sunaddr)+1; sock = socket(AF_UNIX, SOCK_STREAM, 0); if (sock < 0) @@ -86,14 +86,14 @@ close(sock); return -1; } - if (connect(sock, (struct sockaddr *) & sunaddr, len) < 0) { + if (connect(sock, (struct sockaddr *) &sunaddr, sizeof sunaddr) < 0) { close(sock); return -1; } return sock; } -int +static int ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply) { int l, len; @@ -117,6 +117,8 @@ len = 4; while (len > 0) { l = read(auth->fd, buf + 4 - len, len); + if (l == -1 && (errno == EAGAIN || errno == EINTR)) + continue; if (l <= 0) { error("Error reading response length from authentication socket."); return 0; @@ -136,6 +138,8 @@ if (l > sizeof(buf)) l = sizeof(buf); l = read(auth->fd, buf, l); + if (l == -1 && (errno == EAGAIN || errno == EINTR)) + continue; if (l <= 0) { error("Error reading response from authentication socket."); return 0; @@ -168,7 +172,7 @@ */ AuthenticationConnection * -ssh_get_authentication_connection() +ssh_get_authentication_connection(void) { AuthenticationConnection *auth; int sock; @@ -207,8 +211,8 @@ * Returns the first authentication identity held by the agent. */ -Key * -ssh_get_first_identity(AuthenticationConnection *auth, char **comment, int version) +int +ssh_get_num_identities(AuthenticationConnection *auth, int version) { int type, code1 = 0, code2 = 0; Buffer request; @@ -223,7 +227,7 @@ code2 = SSH2_AGENT_IDENTITIES_ANSWER; break; default: - return NULL; + return 0; } /* @@ -236,14 +240,14 @@ buffer_clear(&auth->identities); if (ssh_request_reply(auth, &request, &auth->identities) == 0) { buffer_free(&request); - return NULL; + return 0; } buffer_free(&request); /* Get message type, and verify that we got a proper answer. */ type = buffer_get_char(&auth->identities); if (agent_failed(type)) { - return NULL; + return 0; } else if (type != code2) { fatal("Bad authentication reply message type: %d", type); } @@ -251,19 +255,27 @@ /* Get the number of entries in the response and check it for sanity. */ auth->howmany = buffer_get_int(&auth->identities); if (auth->howmany > 1024) - fatal("Too many identities in authentication reply: %d\n", + fatal("Too many identities in authentication reply: %d", auth->howmany); - /* Return the first entry (if any). */ - return ssh_get_next_identity(auth, comment, version); + return auth->howmany; } Key * +ssh_get_first_identity(AuthenticationConnection *auth, char **comment, int version) +{ + /* get number of identities and return the first entry (if any). */ + if (ssh_get_num_identities(auth, version) > 0) + return ssh_get_next_identity(auth, comment, version); + return NULL; +} + +Key * ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int version) { - unsigned int bits; - unsigned char *blob; - unsigned int blen; + u_int bits; + u_char *blob; + u_int blen; Key *key = NULL; /* Return failure if no more entries. */ @@ -276,7 +288,7 @@ */ switch(version){ case 1: - key = key_new(KEY_RSA); + key = key_new(KEY_RSA1); bits = buffer_get_int(&auth->identities); buffer_get_bignum(&auth->identities, key->rsa->e); buffer_get_bignum(&auth->identities, key->rsa->n); @@ -288,7 +300,7 @@ case 2: blob = buffer_get_string(&auth->identities, &blen); *comment = buffer_get_string(&auth->identities, NULL); - key = dsa_key_from_blob(blob, blen); + key = key_from_blob(blob, blen); xfree(blob); break; default: @@ -311,16 +323,16 @@ int ssh_decrypt_challenge(AuthenticationConnection *auth, Key* key, BIGNUM *challenge, - unsigned char session_id[16], - unsigned int response_type, - unsigned char response[16]) + u_char session_id[16], + u_int response_type, + u_char response[16]) { Buffer buffer; int success = 0; int i; int type; - if (key->type != KEY_RSA) + if (key->type != KEY_RSA1) return 0; if (response_type == 0) { log("Compatibility with ssh protocol version 1.0 no longer supported."); @@ -362,17 +374,17 @@ int ssh_agent_sign(AuthenticationConnection *auth, Key *key, - unsigned char **sigp, int *lenp, - unsigned char *data, int datalen) + u_char **sigp, int *lenp, + u_char *data, int datalen) { extern int datafellows; Buffer msg; - unsigned char *blob; - unsigned int blen; + u_char *blob; + u_int blen; int type, flags = 0; int ret = -1; - if (dsa_make_key_blob(key, &blob, &blen) == 0) + if (key_to_blob(key, &blob, &blen) == 0) return -1; if (datafellows & SSH_BUG_SIGBLOB) @@ -404,8 +416,8 @@ /* Encode key for a message to the agent. */ -void -ssh_encode_identity_rsa(Buffer *b, RSA *key, const char *comment) +static void +ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) { buffer_clear(b); buffer_put_char(b, SSH_AGENTC_ADD_RSA_IDENTITY); @@ -417,21 +429,33 @@ buffer_put_bignum(b, key->iqmp); /* ssh key->u */ buffer_put_bignum(b, key->q); /* ssh key->p, SSL key->q */ buffer_put_bignum(b, key->p); /* ssh key->q, SSL key->p */ - buffer_put_string(b, comment, strlen(comment)); + buffer_put_cstring(b, comment); } -void -ssh_encode_identity_dsa(Buffer *b, DSA *key, const char *comment) +static void +ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) { buffer_clear(b); buffer_put_char(b, SSH2_AGENTC_ADD_IDENTITY); - buffer_put_cstring(b, KEX_DSS); - buffer_put_bignum2(b, key->p); - buffer_put_bignum2(b, key->q); - buffer_put_bignum2(b, key->g); - buffer_put_bignum2(b, key->pub_key); - buffer_put_bignum2(b, key->priv_key); - buffer_put_string(b, comment, strlen(comment)); + buffer_put_cstring(b, key_ssh_name(key)); + switch(key->type){ + case KEY_RSA: + buffer_put_bignum2(b, key->rsa->n); + buffer_put_bignum2(b, key->rsa->e); + buffer_put_bignum2(b, key->rsa->d); + buffer_put_bignum2(b, key->rsa->iqmp); + buffer_put_bignum2(b, key->rsa->p); + buffer_put_bignum2(b, key->rsa->q); + break; + case KEY_DSA: + buffer_put_bignum2(b, key->dsa->p); + buffer_put_bignum2(b, key->dsa->q); + buffer_put_bignum2(b, key->dsa->g); + buffer_put_bignum2(b, key->dsa->pub_key); + buffer_put_bignum2(b, key->dsa->priv_key); + break; + } + buffer_put_cstring(b, comment); } /* @@ -448,11 +472,12 @@ buffer_init(&msg); switch (key->type) { - case KEY_RSA: - ssh_encode_identity_rsa(&msg, key->rsa, comment); + case KEY_RSA1: + ssh_encode_identity_rsa1(&msg, key->rsa, comment); break; + case KEY_RSA: case KEY_DSA: - ssh_encode_identity_dsa(&msg, key->dsa, comment); + ssh_encode_identity_ssh2(&msg, key, comment); break; default: buffer_free(&msg); @@ -478,18 +503,18 @@ { Buffer msg; int type; - unsigned char *blob; - unsigned int blen; + u_char *blob; + u_int blen; buffer_init(&msg); - if (key->type == KEY_RSA) { + if (key->type == KEY_RSA1) { buffer_put_char(&msg, SSH_AGENTC_REMOVE_RSA_IDENTITY); buffer_put_int(&msg, BN_num_bits(key->rsa->n)); buffer_put_bignum(&msg, key->rsa->e); buffer_put_bignum(&msg, key->rsa->n); - } else if (key->type == KEY_DSA) { - dsa_make_key_blob(key, &blob, &blen); + } else if (key->type == KEY_DSA || key->type == KEY_RSA) { + key_to_blob(key, &blob, &blen); buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY); buffer_put_string(&msg, blob, blen); xfree(blob); @@ -506,6 +531,25 @@ return decode_reply(type); } +int +ssh_update_card(AuthenticationConnection *auth, int add, const char *reader_id) +{ + Buffer msg; + int type; + + buffer_init(&msg); + buffer_put_char(&msg, add ? SSH_AGENTC_ADD_SMARTCARD_KEY : + SSH_AGENTC_REMOVE_SMARTCARD_KEY); + buffer_put_cstring(&msg, reader_id); + if (ssh_request_reply(auth, &msg, &msg) == 0) { + buffer_free(&msg); + return 0; + } + type = buffer_get_char(&msg); + buffer_free(&msg); + return decode_reply(type); +} + /* * Removes all identities from the agent. This call is not meant to be used * by normal applications. @@ -532,12 +576,13 @@ return decode_reply(type); } -int +int decode_reply(int type) { switch (type) { case SSH_AGENT_FAILURE: case SSH_COM_AGENT2_FAILURE: + case SSH2_AGENT_FAILURE: log("SSH_AGENT_FAILURE"); return 0; case SSH_AGENT_SUCCESS: