=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/authfd.c,v retrieving revision 1.58 retrieving revision 1.58.2.2 diff -u -r1.58 -r1.58.2.2 --- src/usr.bin/ssh/authfd.c 2003/01/23 13:50:27 1.58 +++ src/usr.bin/ssh/authfd.c 2004/03/04 18:18:15 1.58.2.2 @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfd.c,v 1.58 2003/01/23 13:50:27 markus Exp $"); +RCSID("$OpenBSD: authfd.c,v 1.58.2.2 2004/03/04 18:18:15 brad Exp $"); #include @@ -114,7 +114,8 @@ static int ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply) { - int l, len; + int l; + u_int len; char buf[1024]; /* Get the length of the message, and format it in the buffer. */ @@ -122,8 +123,8 @@ PUT_32BIT(buf, len); /* Send the length and then the packet to the agent. */ - if (atomicio(write, auth->fd, buf, 4) != 4 || - atomicio(write, auth->fd, buffer_ptr(request), + if (atomicio(vwrite, auth->fd, buf, 4) != 4 || + atomicio(vwrite, auth->fd, buffer_ptr(request), buffer_len(request)) != buffer_len(request)) { error("Error writing to authentication socket."); return 0; @@ -147,7 +148,7 @@ /* Extract the length, and check it for sanity. */ len = GET_32BIT(buf); if (len > 256 * 1024) - fatal("Authentication response too long: %d", len); + fatal("Authentication response too long: %u", len); /* Read the rest of the response in to the buffer. */ buffer_clear(reply); @@ -292,7 +293,7 @@ /* Get the number of entries in the response and check it for sanity. */ auth->howmany = buffer_get_int(&auth->identities); - if (auth->howmany > 1024) + if ((u_int)auth->howmany > 1024) fatal("Too many identities in authentication reply: %d", auth->howmany); @@ -332,7 +333,7 @@ buffer_get_bignum(&auth->identities, key->rsa->n); *comment = buffer_get_string(&auth->identities, NULL); if (bits != BN_num_bits(key->rsa->n)) - log("Warning: identity keysize mismatch: actual %d, announced %u", + logit("Warning: identity keysize mismatch: actual %d, announced %u", BN_num_bits(key->rsa->n), bits); break; case 2: @@ -373,7 +374,7 @@ if (key->type != KEY_RSA1) return 0; if (response_type == 0) { - log("Compatibility with ssh protocol version 1.0 no longer supported."); + logit("Compatibility with ssh protocol version 1.0 no longer supported."); return 0; } buffer_init(&buffer); @@ -392,7 +393,7 @@ type = buffer_get_char(&buffer); if (agent_failed(type)) { - log("Agent admitted failure to authenticate using the key."); + logit("Agent admitted failure to authenticate using the key."); } else if (type != SSH_AGENT_RSA_RESPONSE) { fatal("Bad authentication response: %d", type); } else { @@ -441,7 +442,7 @@ } type = buffer_get_char(&msg); if (agent_failed(type)) { - log("Agent admitted failure to sign using the key."); + logit("Agent admitted failure to sign using the key."); } else if (type != SSH2_AGENT_SIGN_RESPONSE) { fatal("Bad authentication response: %d", type); } else { @@ -589,16 +590,33 @@ } int -ssh_update_card(AuthenticationConnection *auth, int add, const char *reader_id, const char *pin) +ssh_update_card(AuthenticationConnection *auth, int add, + const char *reader_id, const char *pin, u_int life, u_int confirm) { Buffer msg; - int type; + int type, constrained = (life || confirm); + if (add) { + type = constrained ? + SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED : + SSH_AGENTC_ADD_SMARTCARD_KEY; + } else + type = SSH_AGENTC_REMOVE_SMARTCARD_KEY; + buffer_init(&msg); - buffer_put_char(&msg, add ? SSH_AGENTC_ADD_SMARTCARD_KEY : - SSH_AGENTC_REMOVE_SMARTCARD_KEY); + buffer_put_char(&msg, type); buffer_put_cstring(&msg, reader_id); buffer_put_cstring(&msg, pin); + + if (constrained) { + if (life != 0) { + buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_LIFETIME); + buffer_put_int(&msg, life); + } + if (confirm != 0) + buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_CONFIRM); + } + if (ssh_request_reply(auth, &msg, &msg) == 0) { buffer_free(&msg); return 0; @@ -641,7 +659,7 @@ case SSH_AGENT_FAILURE: case SSH_COM_AGENT2_FAILURE: case SSH2_AGENT_FAILURE: - log("SSH_AGENT_FAILURE"); + logit("SSH_AGENT_FAILURE"); return 0; case SSH_AGENT_SUCCESS: return 1;