version 1.49, 2015/07/03 03:56:25 |
version 1.50, 2015/11/29 22:18:37 |
|
|
#include <stdlib.h> |
#include <stdlib.h> |
#include <string.h> |
#include <string.h> |
#include <unistd.h> |
#include <unistd.h> |
|
#include <errno.h> |
|
|
#include "xmalloc.h" |
#include "xmalloc.h" |
#include "log.h" |
#include "log.h" |
|
|
#include "sshkey.h" |
#include "sshkey.h" |
#include "ssherr.h" |
#include "ssherr.h" |
|
|
|
extern char *__progname; |
|
|
/* XXX readconf.c needs these */ |
/* XXX readconf.c needs these */ |
uid_t original_real_uid; |
uid_t original_real_uid; |
|
|
|
|
char *host, *fp; |
char *host, *fp; |
size_t slen, dlen; |
size_t slen, dlen; |
|
|
|
if (pledge("stdio rpath getpw dns id", NULL) != 0) |
|
fatal("%s: pledge: %s", __progname, strerror(errno)); |
|
|
/* Ensure that stdin and stdout are connected */ |
/* Ensure that stdin and stdout are connected */ |
if ((fd = open(_PATH_DEVNULL, O_RDWR)) < 2) |
if ((fd = open(_PATH_DEVNULL, O_RDWR)) < 2) |
exit(1); |
exit(1); |
|
|
if (!found) |
if (!found) |
fatal("no hostkey found"); |
fatal("no hostkey found"); |
|
|
|
if (pledge("stdio dns", NULL) != 0) |
|
fatal("%s: pledge: %s", __progname, strerror(errno)); |
|
|
if ((b = sshbuf_new()) == NULL) |
if ((b = sshbuf_new()) == NULL) |
fatal("%s: sshbuf_new failed", __func__); |
fatal("%s: sshbuf_new failed", __progname); |
if (ssh_msg_recv(STDIN_FILENO, b) < 0) |
if (ssh_msg_recv(STDIN_FILENO, b) < 0) |
fatal("ssh_msg_recv failed"); |
fatal("ssh_msg_recv failed"); |
if ((r = sshbuf_get_u8(b, &rver)) != 0) |
if ((r = sshbuf_get_u8(b, &rver)) != 0) |
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
fatal("%s: buffer error: %s", __progname, ssh_err(r)); |
if (rver != version) |
if (rver != version) |
fatal("bad version: received %d, expected %d", rver, version); |
fatal("bad version: received %d, expected %d", rver, version); |
if ((r = sshbuf_get_u32(b, (u_int *)&fd)) != 0) |
if ((r = sshbuf_get_u32(b, (u_int *)&fd)) != 0) |
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
fatal("%s: buffer error: %s", __progname, ssh_err(r)); |
if (fd < 0 || fd == STDIN_FILENO || fd == STDOUT_FILENO) |
if (fd < 0 || fd == STDIN_FILENO || fd == STDOUT_FILENO) |
fatal("bad fd"); |
fatal("bad fd"); |
if ((host = get_local_name(fd)) == NULL) |
if ((host = get_local_name(fd)) == NULL) |
fatal("cannot get local name for fd"); |
fatal("cannot get local name for fd"); |
|
|
if ((r = sshbuf_get_string(b, &data, &dlen)) != 0) |
if ((r = sshbuf_get_string(b, &data, &dlen)) != 0) |
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
fatal("%s: buffer error: %s", __progname, ssh_err(r)); |
if (valid_request(pw, host, &key, data, dlen) < 0) |
if (valid_request(pw, host, &key, data, dlen) < 0) |
fatal("not a valid request"); |
fatal("not a valid request"); |
free(host); |
free(host); |
|
|
if (!found) { |
if (!found) { |
if ((fp = sshkey_fingerprint(key, options.fingerprint_hash, |
if ((fp = sshkey_fingerprint(key, options.fingerprint_hash, |
SSH_FP_DEFAULT)) == NULL) |
SSH_FP_DEFAULT)) == NULL) |
fatal("%s: sshkey_fingerprint failed", __func__); |
fatal("%s: sshkey_fingerprint failed", __progname); |
fatal("no matching hostkey found for key %s %s", |
fatal("no matching hostkey found for key %s %s", |
sshkey_type(key), fp ? fp : ""); |
sshkey_type(key), fp ? fp : ""); |
} |
} |
|
|
/* send reply */ |
/* send reply */ |
sshbuf_reset(b); |
sshbuf_reset(b); |
if ((r = sshbuf_put_string(b, signature, slen)) != 0) |
if ((r = sshbuf_put_string(b, signature, slen)) != 0) |
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
fatal("%s: buffer error: %s", __progname, ssh_err(r)); |
if (ssh_msg_send(STDOUT_FILENO, version, b) == -1) |
if (ssh_msg_send(STDOUT_FILENO, version, b) == -1) |
fatal("ssh_msg_send failed"); |
fatal("ssh_msg_send failed"); |
|
|