| version 1.4.4.3, 2003/04/03 22:35:18 |
version 1.5, 2002/06/26 22:27:32 |
|
|
| RCSID("$OpenBSD$"); |
RCSID("$OpenBSD$"); |
| |
|
| #include <openssl/evp.h> |
#include <openssl/evp.h> |
| #include <openssl/rand.h> |
|
| #include <openssl/rsa.h> |
|
| |
|
| #include "log.h" |
#include "log.h" |
| #include "key.h" |
#include "key.h" |
| #include "ssh.h" |
|
| #include "ssh2.h" |
#include "ssh2.h" |
| #include "misc.h" |
#include "misc.h" |
| #include "xmalloc.h" |
#include "xmalloc.h" |
|
|
| #include "msg.h" |
#include "msg.h" |
| #include "canohost.h" |
#include "canohost.h" |
| #include "pathnames.h" |
#include "pathnames.h" |
| #include "readconf.h" |
|
| |
|
| uid_t original_real_uid; /* XXX readconf.c needs this */ |
|
| |
|
| static int |
static int |
| valid_request(struct passwd *pw, char *host, Key **ret, u_char *data, |
valid_request(struct passwd *pw, char *host, Key **ret, u_char *data, |
| u_int datalen) |
u_int datalen) |
|
|
| main(int argc, char **argv) |
main(int argc, char **argv) |
| { |
{ |
| Buffer b; |
Buffer b; |
| Options options; |
|
| Key *keys[2], *key; |
Key *keys[2], *key; |
| struct passwd *pw; |
struct passwd *pw; |
| int key_fd[2], i, found, version = 2, fd; |
int key_fd[2], i, found, version = 2, fd; |
| u_char *signature, *data; |
u_char *signature, *data; |
| char *host; |
char *host; |
| u_int slen, dlen; |
u_int slen, dlen; |
| u_int32_t rnd[256]; |
|
| |
|
| key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); |
key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); |
| key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); |
key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); |
|
|
| log_init("ssh-keysign", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 0); |
log_init("ssh-keysign", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 0); |
| #endif |
#endif |
| |
|
| /* verify that ssh-keysign is enabled by the admin */ |
|
| original_real_uid = getuid(); /* XXX readconf.c needs this */ |
|
| initialize_options(&options); |
|
| (void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options); |
|
| fill_default_options(&options); |
|
| if (options.enable_ssh_keysign != 1) |
|
| fatal("ssh-keysign not enabled in %s", |
|
| _PATH_HOST_CONFIG_FILE); |
|
| |
|
| if (key_fd[0] == -1 && key_fd[1] == -1) |
if (key_fd[0] == -1 && key_fd[1] == -1) |
| fatal("could not open any host key"); |
fatal("could not open any host key"); |
| |
|
|
|
| pw = pwcopy(pw); |
pw = pwcopy(pw); |
| |
|
| SSLeay_add_all_algorithms(); |
SSLeay_add_all_algorithms(); |
| for (i = 0; i < 256; i++) |
|
| rnd[i] = arc4random(); |
|
| RAND_seed(rnd, sizeof(rnd)); |
|
| |
|
| found = 0; |
found = 0; |
| for (i = 0; i < 2; i++) { |
for (i = 0; i < 2; i++) { |
|
|
| fatal("no hostkey found"); |
fatal("no hostkey found"); |
| |
|
| buffer_init(&b); |
buffer_init(&b); |
| if (ssh_msg_recv(STDIN_FILENO, &b) < 0) |
if (msg_recv(STDIN_FILENO, &b) < 0) |
| fatal("ssh_msg_recv failed"); |
fatal("msg_recv failed"); |
| if (buffer_get_char(&b) != version) |
if (buffer_get_char(&b) != version) |
| fatal("bad version"); |
fatal("bad version"); |
| fd = buffer_get_int(&b); |
fd = buffer_get_int(&b); |
|
|
| /* send reply */ |
/* send reply */ |
| buffer_clear(&b); |
buffer_clear(&b); |
| buffer_put_string(&b, signature, slen); |
buffer_put_string(&b, signature, slen); |
| ssh_msg_send(STDOUT_FILENO, version, &b); |
msg_send(STDOUT_FILENO, version, &b); |
| |
|
| return (0); |
return (0); |
| } |
} |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-keysign.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh