summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2002-06-06 21:48:57 +0000
committerBen Lindstrom <mouring@eviladmin.org>2002-06-06 21:48:57 +0000
commit21d1ed8303c0d766b5bb1b3f0e54a7e28ae3c577 (patch)
treee79b9c2f4b1086baaec1ecebe8dd9acbe2a06cc1
parentb7788f3ebee920d6b14b37034f7f769788b6dff6 (diff)
- markus@cvs.openbsd.org 2002/06/05 16:48:54
[ssh-agent.c] copy current request into an extra buffer and just flush this request on errors, ok provos@
-rw-r--r--ChangeLog6
-rw-r--r--ssh-agent.c97
2 files changed, 60 insertions, 43 deletions
diff --git a/ChangeLog b/ChangeLog
index 3f127b6ba..ced6bafbc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -106,6 +106,10 @@
106 [ssh-agent.1 ssh-agent.c] 106 [ssh-agent.1 ssh-agent.c]
107 '-a bind_address' binds the agent to user-specified unix-domain 107 '-a bind_address' binds the agent to user-specified unix-domain
108 socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago). 108 socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago).
109 - markus@cvs.openbsd.org 2002/06/05 16:48:54
110 [ssh-agent.c]
111 copy current request into an extra buffer and just flush this
112 request on errors, ok provos@
109 113
11020020604 11420020604
111 - (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed 115 - (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed
@@ -790,4 +794,4 @@
790 - (stevesk) entropy.c: typo in debug message 794 - (stevesk) entropy.c: typo in debug message
791 - (djm) ssh-keygen -i needs seeded RNG; report from markus@ 795 - (djm) ssh-keygen -i needs seeded RNG; report from markus@
792 796
793$Id: ChangeLog,v 1.2172 2002/06/06 21:46:57 mouring Exp $ 797$Id: ChangeLog,v 1.2173 2002/06/06 21:48:57 mouring Exp $
diff --git a/ssh-agent.c b/ssh-agent.c
index d3321478b..13a88afd9 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -35,7 +35,7 @@
35 35
36#include "includes.h" 36#include "includes.h"
37#include "openbsd-compat/fake-queue.h" 37#include "openbsd-compat/fake-queue.h"
38RCSID("$OpenBSD: ssh-agent.c,v 1.86 2002/06/05 16:08:07 markus Exp $"); 38RCSID("$OpenBSD: ssh-agent.c,v 1.87 2002/06/05 16:48:54 markus Exp $");
39 39
40#include <openssl/evp.h> 40#include <openssl/evp.h>
41#include <openssl/md5.h> 41#include <openssl/md5.h>
@@ -66,6 +66,7 @@ typedef struct {
66 sock_type type; 66 sock_type type;
67 Buffer input; 67 Buffer input;
68 Buffer output; 68 Buffer output;
69 Buffer request;
69} SocketEntry; 70} SocketEntry;
70 71
71u_int sockets_alloc = 0; 72u_int sockets_alloc = 0;
@@ -190,16 +191,16 @@ process_authentication_challenge1(SocketEntry *e)
190 if ((challenge = BN_new()) == NULL) 191 if ((challenge = BN_new()) == NULL)
191 fatal("process_authentication_challenge1: BN_new failed"); 192 fatal("process_authentication_challenge1: BN_new failed");
192 193
193 buffer_get_int(&e->input); /* ignored */ 194 buffer_get_int(&e->request); /* ignored */
194 buffer_get_bignum(&e->input, key->rsa->e); 195 buffer_get_bignum(&e->request, key->rsa->e);
195 buffer_get_bignum(&e->input, key->rsa->n); 196 buffer_get_bignum(&e->request, key->rsa->n);
196 buffer_get_bignum(&e->input, challenge); 197 buffer_get_bignum(&e->request, challenge);
197 198
198 /* Only protocol 1.1 is supported */ 199 /* Only protocol 1.1 is supported */
199 if (buffer_len(&e->input) == 0) 200 if (buffer_len(&e->request) == 0)
200 goto failure; 201 goto failure;
201 buffer_get(&e->input, session_id, 16); 202 buffer_get(&e->request, session_id, 16);
202 response_type = buffer_get_int(&e->input); 203 response_type = buffer_get_int(&e->request);
203 if (response_type != 1) 204 if (response_type != 1)
204 goto failure; 205 goto failure;
205 206
@@ -255,10 +256,10 @@ process_sign_request2(SocketEntry *e)
255 256
256 datafellows = 0; 257 datafellows = 0;
257 258
258 blob = buffer_get_string(&e->input, &blen); 259 blob = buffer_get_string(&e->request, &blen);
259 data = buffer_get_string(&e->input, &dlen); 260 data = buffer_get_string(&e->request, &dlen);
260 261
261 flags = buffer_get_int(&e->input); 262 flags = buffer_get_int(&e->request);
262 if (flags & SSH_AGENT_OLD_SIGNATURE) 263 if (flags & SSH_AGENT_OLD_SIGNATURE)
263 datafellows = SSH_BUG_SIGBLOB; 264 datafellows = SSH_BUG_SIGBLOB;
264 265
@@ -299,16 +300,16 @@ process_remove_identity(SocketEntry *e, int version)
299 switch (version) { 300 switch (version) {
300 case 1: 301 case 1:
301 key = key_new(KEY_RSA1); 302 key = key_new(KEY_RSA1);
302 bits = buffer_get_int(&e->input); 303 bits = buffer_get_int(&e->request);
303 buffer_get_bignum(&e->input, key->rsa->e); 304 buffer_get_bignum(&e->request, key->rsa->e);
304 buffer_get_bignum(&e->input, key->rsa->n); 305 buffer_get_bignum(&e->request, key->rsa->n);
305 306
306 if (bits != key_size(key)) 307 if (bits != key_size(key))
307 log("Warning: identity keysize mismatch: actual %d, announced %d", 308 log("Warning: identity keysize mismatch: actual %d, announced %d",
308 key_size(key), bits); 309 key_size(key), bits);
309 break; 310 break;
310 case 2: 311 case 2:
311 blob = buffer_get_string(&e->input, &blen); 312 blob = buffer_get_string(&e->request, &blen);
312 key = key_from_blob(blob, blen); 313 key = key_from_blob(blob, blen);
313 xfree(blob); 314 xfree(blob);
314 break; 315 break;
@@ -374,51 +375,51 @@ process_add_identity(SocketEntry *e, int version)
374 switch (version) { 375 switch (version) {
375 case 1: 376 case 1:
376 k = key_new_private(KEY_RSA1); 377 k = key_new_private(KEY_RSA1);
377 buffer_get_int(&e->input); /* ignored */ 378 buffer_get_int(&e->request); /* ignored */
378 buffer_get_bignum(&e->input, k->rsa->n); 379 buffer_get_bignum(&e->request, k->rsa->n);
379 buffer_get_bignum(&e->input, k->rsa->e); 380 buffer_get_bignum(&e->request, k->rsa->e);
380 buffer_get_bignum(&e->input, k->rsa->d); 381 buffer_get_bignum(&e->request, k->rsa->d);
381 buffer_get_bignum(&e->input, k->rsa->iqmp); 382 buffer_get_bignum(&e->request, k->rsa->iqmp);
382 383
383 /* SSH and SSL have p and q swapped */ 384 /* SSH and SSL have p and q swapped */
384 buffer_get_bignum(&e->input, k->rsa->q); /* p */ 385 buffer_get_bignum(&e->request, k->rsa->q); /* p */
385 buffer_get_bignum(&e->input, k->rsa->p); /* q */ 386 buffer_get_bignum(&e->request, k->rsa->p); /* q */
386 387
387 /* Generate additional parameters */ 388 /* Generate additional parameters */
388 rsa_generate_additional_parameters(k->rsa); 389 rsa_generate_additional_parameters(k->rsa);
389 break; 390 break;
390 case 2: 391 case 2:
391 type_name = buffer_get_string(&e->input, NULL); 392 type_name = buffer_get_string(&e->request, NULL);
392 type = key_type_from_name(type_name); 393 type = key_type_from_name(type_name);
393 xfree(type_name); 394 xfree(type_name);
394 switch (type) { 395 switch (type) {
395 case KEY_DSA: 396 case KEY_DSA:
396 k = key_new_private(type); 397 k = key_new_private(type);
397 buffer_get_bignum2(&e->input, k->dsa->p); 398 buffer_get_bignum2(&e->request, k->dsa->p);
398 buffer_get_bignum2(&e->input, k->dsa->q); 399 buffer_get_bignum2(&e->request, k->dsa->q);
399 buffer_get_bignum2(&e->input, k->dsa->g); 400 buffer_get_bignum2(&e->request, k->dsa->g);
400 buffer_get_bignum2(&e->input, k->dsa->pub_key); 401 buffer_get_bignum2(&e->request, k->dsa->pub_key);
401 buffer_get_bignum2(&e->input, k->dsa->priv_key); 402 buffer_get_bignum2(&e->request, k->dsa->priv_key);
402 break; 403 break;
403 case KEY_RSA: 404 case KEY_RSA:
404 k = key_new_private(type); 405 k = key_new_private(type);
405 buffer_get_bignum2(&e->input, k->rsa->n); 406 buffer_get_bignum2(&e->request, k->rsa->n);
406 buffer_get_bignum2(&e->input, k->rsa->e); 407 buffer_get_bignum2(&e->request, k->rsa->e);
407 buffer_get_bignum2(&e->input, k->rsa->d); 408 buffer_get_bignum2(&e->request, k->rsa->d);
408 buffer_get_bignum2(&e->input, k->rsa->iqmp); 409 buffer_get_bignum2(&e->request, k->rsa->iqmp);
409 buffer_get_bignum2(&e->input, k->rsa->p); 410 buffer_get_bignum2(&e->request, k->rsa->p);
410 buffer_get_bignum2(&e->input, k->rsa->q); 411 buffer_get_bignum2(&e->request, k->rsa->q);
411 412
412 /* Generate additional parameters */ 413 /* Generate additional parameters */
413 rsa_generate_additional_parameters(k->rsa); 414 rsa_generate_additional_parameters(k->rsa);
414 break; 415 break;
415 default: 416 default:
416 buffer_clear(&e->input); 417 buffer_clear(&e->request);
417 goto send; 418 goto send;
418 } 419 }
419 break; 420 break;
420 } 421 }
421 comment = buffer_get_string(&e->input, NULL); 422 comment = buffer_get_string(&e->request, NULL);
422 if (k == NULL) { 423 if (k == NULL) {
423 xfree(comment); 424 xfree(comment);
424 goto send; 425 goto send;
@@ -452,8 +453,8 @@ process_add_smartcard_key (SocketEntry *e)
452 char *sc_reader_id = NULL, *pin; 453 char *sc_reader_id = NULL, *pin;
453 int i, version, success = 0; 454 int i, version, success = 0;
454 455
455 sc_reader_id = buffer_get_string(&e->input, NULL); 456 sc_reader_id = buffer_get_string(&e->request, NULL);
456 pin = buffer_get_string(&e->input, NULL); 457 pin = buffer_get_string(&e->request, NULL);
457 keys = sc_get_keys(sc_reader_id, pin); 458 keys = sc_get_keys(sc_reader_id, pin);
458 xfree(sc_reader_id); 459 xfree(sc_reader_id);
459 xfree(pin); 460 xfree(pin);
@@ -494,8 +495,8 @@ process_remove_smartcard_key(SocketEntry *e)
494 char *sc_reader_id = NULL, *pin; 495 char *sc_reader_id = NULL, *pin;
495 int i, version, success = 0; 496 int i, version, success = 0;
496 497
497 sc_reader_id = buffer_get_string(&e->input, NULL); 498 sc_reader_id = buffer_get_string(&e->request, NULL);
498 pin = buffer_get_string(&e->input, NULL); 499 pin = buffer_get_string(&e->request, NULL);
499 keys = sc_get_keys(sc_reader_id, pin); 500 keys = sc_get_keys(sc_reader_id, pin);
500 xfree(sc_reader_id); 501 xfree(sc_reader_id);
501 xfree(pin); 502 xfree(pin);
@@ -541,12 +542,20 @@ process_message(SocketEntry *e)
541 shutdown(e->fd, SHUT_RDWR); 542 shutdown(e->fd, SHUT_RDWR);
542 close(e->fd); 543 close(e->fd);
543 e->type = AUTH_UNUSED; 544 e->type = AUTH_UNUSED;
545 buffer_free(&e->input);
546 buffer_free(&e->output);
547 buffer_free(&e->request);
544 return; 548 return;
545 } 549 }
546 if (buffer_len(&e->input) < msg_len + 4) 550 if (buffer_len(&e->input) < msg_len + 4)
547 return; 551 return;
552
553 /* move the current input to e->request */
548 buffer_consume(&e->input, 4); 554 buffer_consume(&e->input, 4);
549 type = buffer_get_char(&e->input); 555 buffer_clear(&e->request);
556 buffer_append(&e->request, buffer_ptr(&e->input), msg_len);
557 buffer_consume(&e->input, msg_len);
558 type = buffer_get_char(&e->request);
550 559
551 debug("type %d", type); 560 debug("type %d", type);
552 switch (type) { 561 switch (type) {
@@ -593,7 +602,7 @@ process_message(SocketEntry *e)
593 default: 602 default:
594 /* Unknown message. Respond with failure. */ 603 /* Unknown message. Respond with failure. */
595 error("Unknown message %d", type); 604 error("Unknown message %d", type);
596 buffer_clear(&e->input); 605 buffer_clear(&e->request);
597 buffer_put_int(&e->output, 1); 606 buffer_put_int(&e->output, 1);
598 buffer_put_char(&e->output, SSH_AGENT_FAILURE); 607 buffer_put_char(&e->output, SSH_AGENT_FAILURE);
599 break; 608 break;
@@ -616,6 +625,7 @@ new_socket(sock_type type, int fd)
616 sockets[i].type = type; 625 sockets[i].type = type;
617 buffer_init(&sockets[i].input); 626 buffer_init(&sockets[i].input);
618 buffer_init(&sockets[i].output); 627 buffer_init(&sockets[i].output);
628 buffer_init(&sockets[i].request);
619 return; 629 return;
620 } 630 }
621 old_alloc = sockets_alloc; 631 old_alloc = sockets_alloc;
@@ -630,6 +640,7 @@ new_socket(sock_type type, int fd)
630 sockets[old_alloc].fd = fd; 640 sockets[old_alloc].fd = fd;
631 buffer_init(&sockets[old_alloc].input); 641 buffer_init(&sockets[old_alloc].input);
632 buffer_init(&sockets[old_alloc].output); 642 buffer_init(&sockets[old_alloc].output);
643 buffer_init(&sockets[old_alloc].request);
633} 644}
634 645
635static int 646static int
@@ -727,6 +738,7 @@ after_select(fd_set *readset, fd_set *writeset)
727 sockets[i].type = AUTH_UNUSED; 738 sockets[i].type = AUTH_UNUSED;
728 buffer_free(&sockets[i].input); 739 buffer_free(&sockets[i].input);
729 buffer_free(&sockets[i].output); 740 buffer_free(&sockets[i].output);
741 buffer_free(&sockets[i].request);
730 break; 742 break;
731 } 743 }
732 buffer_consume(&sockets[i].output, len); 744 buffer_consume(&sockets[i].output, len);
@@ -745,6 +757,7 @@ after_select(fd_set *readset, fd_set *writeset)
745 sockets[i].type = AUTH_UNUSED; 757 sockets[i].type = AUTH_UNUSED;
746 buffer_free(&sockets[i].input); 758 buffer_free(&sockets[i].input);
747 buffer_free(&sockets[i].output); 759 buffer_free(&sockets[i].output);
760 buffer_free(&sockets[i].request);
748 break; 761 break;
749 } 762 }
750 buffer_append(&sockets[i].input, buf, len); 763 buffer_append(&sockets[i].input, buf, len);