src/usr.bin/ssh/ssh-agent.c - diff

Return to ssh-agent.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/ssh-agent.c between version 1.105.2.2 and 1.106

version 1.105.2.2, 2003/09/16 21:20:27

version 1.106, 2003/01/21 18:14:36

Line 50

#include "authfd.h"

#include "compat.h"

#include "log.h"

#include "readpass.h"

#include "misc.h"

#ifdef SMARTCARD

#include "scard.h"

Line 79

Line 77

Key *key;

char *comment;

u_int death;

u_int confirm;

} Identity;

typedef struct {

Line 161

Line 158

return (NULL);

}

/* Check confirmation of keysign request */

static int

confirm_key(Identity *id)

{

char *p, prompt[1024];

int ret = -1;

p = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX);

snprintf(prompt, sizeof(prompt), "Allow use of key %s?\n"

"Key fingerprint %s.", id->comment, p);

xfree(p);

p = read_passphrase(prompt, RP_ALLOW_EOF);

if (p != NULL) {

* Accept empty responses and responses consisting

* of the word "yes" as affirmative.

if (*p == '\0' || *p == '\n' || strcasecmp(p, "yes") == 0)

ret = 0;

xfree(p);

}

return (ret);

}

/* send list of supported public keys to 'client' */

static void

process_request_identities(SocketEntry *e, int version)

Line 248

Line 221

goto failure;

id = lookup_identity(key, 1);

if (id != NULL && (!id->confirm || confirm_key(id) == 0)) {

if (id != NULL) {

Key *private = id->key;

/* Decrypt the challenge using the private key. */

if (rsa_private_decrypt(challenge, challenge, private->rsa) <= 0)

Line 257

Line 230

/* The response is MD5 of decrypted challenge plus session id. */

len = BN_num_bytes(challenge);

if (len <= 0 || len > 32) {

logit("process_authentication_challenge: bad challenge length %d", len);

log("process_authentication_challenge: bad challenge length %d", len);

goto failure;

}

memset(buf, 0, 32);

Line 308

Line 281

key = key_from_blob(blob, blen);

if (key != NULL) {

Identity *id = lookup_identity(key, 2);

if (id != NULL && (!id->confirm || confirm_key(id) == 0))

if (id != NULL)

ok = key_sign(id->key, &signature, &slen, data, dlen);

}

key_free(key);

Line 346

Line 319

buffer_get_bignum(&e->request, key->rsa->n);

if (bits != key_size(key))

logit("Warning: identity keysize mismatch: actual %u, announced %u",

log("Warning: identity keysize mismatch: actual %u, announced %u",

key_size(key), bits);

break;

case 2:

Line 428

Line 401

process_add_identity(SocketEntry *e, int version)

{

Idtab *tab = idtab_lookup(version);

int type, success = 0, death = 0, confirm = 0;

int type, success = 0, death = 0;

char *type_name, *comment;

Key *k = NULL;

Line 479

Line 452

}

break;

}

/* enable blinding */

switch (k->type) {

case KEY_RSA:

case KEY_RSA1:

if (RSA_blinding_on(k->rsa, NULL) != 1) {

error("process_add_identity: RSA_blinding_on failed");

key_free(k);

goto send;

}

break;

}

comment = buffer_get_string(&e->request, NULL);

if (k == NULL) {

xfree(comment);

Line 501

Line 463

case SSH_AGENT_CONSTRAIN_LIFETIME:

death = time(NULL) + buffer_get_int(&e->request);

break;

case SSH_AGENT_CONSTRAIN_CONFIRM:

confirm = 1;

break;

default:

break;

}

Line 515

Line 474

id->key = k;

id->comment = comment;

id->death = death;

id->confirm = confirm;

TAILQ_INSERT_TAIL(&tab->idlist, id, next);

/* Increment the number of identities. */

tab->nentries++;

Line 576

Line 534

process_add_smartcard_key (SocketEntry *e)

{

char *sc_reader_id = NULL, *pin;

int i, version, success = 0, death = 0, confirm = 0;

int i, version, success = 0;

Key **keys, *k;

Identity *id;

Idtab *tab;

sc_reader_id = buffer_get_string(&e->request, NULL);

pin = buffer_get_string(&e->request, NULL);

while (buffer_len(&e->request)) {

switch (buffer_get_char(&e->request)) {

case SSH_AGENT_CONSTRAIN_LIFETIME:

death = time(NULL) + buffer_get_int(&e->request);

break;

case SSH_AGENT_CONSTRAIN_CONFIRM:

confirm = 1;

break;

default:

break;

}

if (lifetime && !death)

death = time(NULL) + lifetime;

keys = sc_get_keys(sc_reader_id, pin);

xfree(sc_reader_id);

xfree(pin);

Line 614

Line 556

if (lookup_identity(k, version) == NULL) {

id = xmalloc(sizeof(Identity));

id->key = k;

id->comment = sc_get_key_label(k);

id->comment = xstrdup("smartcard key");

id->death = death;

id->death = 0;

id->confirm = confirm;

TAILQ_INSERT_TAIL(&tab->idlist, id, next);

tab->nentries++;

success = 1;

Line 760

Line 701

break;

#ifdef SMARTCARD

case SSH_AGENTC_ADD_SMARTCARD_KEY:

case SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED:

process_add_smartcard_key(e);

break;

case SSH_AGENTC_REMOVE_SMARTCARD_KEY:

Line 998

Line 938

int

main(int ac, char **av)

{

int c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0;

int sock, c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0, ch, nalloc;

int sock, fd, ch, nalloc;

char *shell, *format, *pidstr, *agentsocket = NULL;

fd_set *readsetp = NULL, *writesetp = NULL;

struct sockaddr_un sunaddr;

Line 1167

Line 1106

}

(void)chdir("/");

if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {

close(0);

/* XXX might close listen socket */

close(1);

(void)dup2(fd, STDIN_FILENO);

close(2);

(void)dup2(fd, STDOUT_FILENO);

(void)dup2(fd, STDERR_FILENO);

if (fd > 2)

close(fd);

}

/* deny core dumps, since memory contains unencrypted private keys */

rlim.rlim_cur = rlim.rlim_max = 0;