summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2002-06-06 19:59:29 +0000
committerBen Lindstrom <mouring@eviladmin.org>2002-06-06 19:59:29 +0000
commit5206b951c6db0f337f15515c1857993ab2a1c7b1 (patch)
tree6058a8e9cdd1a20738f959e7455a820bb6a2f9b2
parent9e5bb579f9ce4a6154c9e4123ecf075cea192f9f (diff)
- markus@cvs.openbsd.org 2002/05/24 08:45:14
[sshconnect2.c] stat ssh-keysign first, print error if stat fails; some debug->error; fix comment
-rw-r--r--ChangeLog6
-rw-r--r--sshconnect2.c29
2 files changed, 20 insertions, 15 deletions
diff --git a/ChangeLog b/ChangeLog
index a00e4ea18..4e1c95a58 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -24,6 +24,10 @@
24 - markus@cvs.openbsd.org 2002/05/23 19:39:34 24 - markus@cvs.openbsd.org 2002/05/23 19:39:34
25 [ssh.c] 25 [ssh.c]
26 add comment about ssh-keysign 26 add comment about ssh-keysign
27 - markus@cvs.openbsd.org 2002/05/24 08:45:14
28 [sshconnect2.c]
29 stat ssh-keysign first, print error if stat fails;
30 some debug->error; fix comment
27 31
2820020604 3220020604
29 - (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed 33 - (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed
@@ -708,4 +712,4 @@
708 - (stevesk) entropy.c: typo in debug message 712 - (stevesk) entropy.c: typo in debug message
709 - (djm) ssh-keygen -i needs seeded RNG; report from markus@ 713 - (djm) ssh-keygen -i needs seeded RNG; report from markus@
710 714
711$Id: ChangeLog,v 1.2150 2002/06/06 19:58:27 mouring Exp $ 715$Id: ChangeLog,v 1.2151 2002/06/06 19:59:29 mouring Exp $
diff --git a/sshconnect2.c b/sshconnect2.c
index 2736856fa..258d7cf56 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: sshconnect2.c,v 1.100 2002/05/23 19:24:30 markus Exp $"); 26RCSID("$OpenBSD: sshconnect2.c,v 1.101 2002/05/24 08:45:14 markus Exp $");
27 27
28#include "ssh.h" 28#include "ssh.h"
29#include "ssh2.h" 29#include "ssh2.h"
@@ -900,11 +900,16 @@ ssh_keysign(
900 u_char *data, u_int datalen) 900 u_char *data, u_int datalen)
901{ 901{
902 Buffer b; 902 Buffer b;
903 struct stat st;
903 pid_t pid; 904 pid_t pid;
904 int to[2], from[2], status, version = 1; 905 int to[2], from[2], status, version = 1;
905 906
906 debug("ssh_keysign called"); 907 debug("ssh_keysign called");
907 908
909 if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) {
910 error("ssh_keysign: no installed: %s", strerror(errno));
911 return -1;
912 }
908 if (fflush(stdout) != 0) 913 if (fflush(stdout) != 0)
909 error("ssh_keysign: fflush: %s", strerror(errno)); 914 error("ssh_keysign: fflush: %s", strerror(errno));
910 if (pipe(to) < 0) { 915 if (pipe(to) < 0) {
@@ -940,18 +945,10 @@ ssh_keysign(
940 msg_send(to[1], version, &b); 945 msg_send(to[1], version, &b);
941 946
942 if (msg_recv(from[0], &b) < 0) { 947 if (msg_recv(from[0], &b) < 0) {
943 debug("ssh_keysign: no reply"); 948 error("ssh_keysign: no reply");
944 buffer_clear(&b);
945 return -1;
946 }
947 if (buffer_get_char(&b) != version) {
948 debug("ssh_keysign: bad version");
949 buffer_clear(&b); 949 buffer_clear(&b);
950 return -1; 950 return -1;
951 } 951 }
952 *sigp = buffer_get_string(&b, lenp);
953 buffer_clear(&b);
954
955 close(from[0]); 952 close(from[0]);
956 close(to[1]); 953 close(to[1]);
957 954
@@ -959,13 +956,17 @@ ssh_keysign(
959 if (errno != EINTR) 956 if (errno != EINTR)
960 break; 957 break;
961 958
959 if (buffer_get_char(&b) != version) {
960 error("ssh_keysign: bad version");
961 buffer_clear(&b);
962 return -1;
963 }
964 *sigp = buffer_get_string(&b, lenp);
965 buffer_clear(&b);
966
962 return 0; 967 return 0;
963} 968}
964 969
965/*
966 * this will be move to an external program (ssh-keysign) ASAP. ssh-keysign
967 * will be setuid-root and the sbit can be removed from /usr/bin/ssh.
968 */
969int 970int
970userauth_hostbased(Authctxt *authctxt) 971userauth_hostbased(Authctxt *authctxt)
971{ 972{