version 1.3, 2002/06/08 05:07:09 |
version 1.4, 2002/06/19 00:27:55 |
|
|
|
|
buffer_init(&b); |
buffer_init(&b); |
buffer_append(&b, data, datalen); |
buffer_append(&b, data, datalen); |
|
|
/* session id, currently limited to SHA1 (20 bytes) */ |
/* session id, currently limited to SHA1 (20 bytes) */ |
p = buffer_get_string(&b, &len); |
p = buffer_get_string(&b, &len); |
if (len != 20) |
if (len != 20) |
|
|
if (strlen(host) != len - 1) |
if (strlen(host) != len - 1) |
fail++; |
fail++; |
else if (p[len - 1] != '.') |
else if (p[len - 1] != '.') |
fail++; |
fail++; |
else if (strncasecmp(host, p, len - 1) != 0) |
else if (strncasecmp(host, p, len - 1) != 0) |
fail++; |
fail++; |
xfree(p); |
xfree(p); |
|
|
/* local user */ |
/* local user */ |
|
|
|
|
#ifdef DEBUG_SSH_KEYSIGN |
#ifdef DEBUG_SSH_KEYSIGN |
log_init("ssh-keysign", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 0); |
log_init("ssh-keysign", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 0); |
#endif |
#endif |
|
|
if (key_fd[0] == -1 && key_fd[1] == -1) |
if (key_fd[0] == -1 && key_fd[1] == -1) |
fatal("could not open any host key"); |
fatal("could not open any host key"); |
|
|
if ((pw = getpwuid(getuid())) == NULL) |
if ((pw = getpwuid(getuid())) == NULL) |
fatal("getpwuid failed"); |
fatal("getpwuid failed"); |
pw = pwcopy(pw); |
pw = pwcopy(pw); |
|
|
SSLeay_add_all_algorithms(); |
SSLeay_add_all_algorithms(); |
|
|
|
|
fatal("bad fd"); |
fatal("bad fd"); |
if ((host = get_local_name(fd)) == NULL) |
if ((host = get_local_name(fd)) == NULL) |
fatal("cannot get sockname for fd"); |
fatal("cannot get sockname for fd"); |
|
|
data = buffer_get_string(&b, &dlen); |
data = buffer_get_string(&b, &dlen); |
if (valid_request(pw, host, &key, data, dlen) < 0) |
if (valid_request(pw, host, &key, data, dlen) < 0) |
fatal("not a valid request"); |
fatal("not a valid request"); |
|
|
|
|
if (key_sign(keys[i], &signature, &slen, data, dlen) != 0) |
if (key_sign(keys[i], &signature, &slen, data, dlen) != 0) |
fatal("key_sign failed"); |
fatal("key_sign failed"); |
|
|
/* send reply */ |
/* send reply */ |
buffer_clear(&b); |
buffer_clear(&b); |
buffer_put_string(&b, signature, slen); |
buffer_put_string(&b, signature, slen); |