diff options
| author | Damien Miller <djm@mindrot.org> | 2000-07-11 17:31:38 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2000-07-11 17:31:38 +1000 |
| commit | 3702396526a2569402696ff7d7c6d0fe2e5a447b (patch) | |
| tree | 3ab056c59cd0c732ec179bd91be88d4e05b087fa /authfd.c | |
| parent | bc33bd44a2ef165dea1d974fc2d80b822ae08c2a (diff) | |
- (djm) OpenBSD CVS updates:
- markus@cvs.openbsd.org 2000/06/26 03:22:29
[authfd.c]
cleanup, less cut&paste
- markus@cvs.openbsd.org 2000/06/26 15:59:19
[servconf.c servconf.h session.c sshd.8 sshd.c]
MaxStartups: limit number of unauthenticated connections, work by
theo and me
- deraadt@cvs.openbsd.org 2000/07/05 14:18:07
[session.c]
use no_x11_forwarding_flag correctly; provos ok
- provos@cvs.openbsd.org 2000/07/05 15:35:57
[sshd.c]
typo
- aaron@cvs.openbsd.org 2000/07/05 22:06:58
[scp.1 ssh-agent.1 ssh-keygen.1 sshd.8]
Insert more missing .El directives. Our troff really should identify
these and spit out a warning.
- todd@cvs.openbsd.org 2000/07/06 21:55:04
[auth-rsa.c auth2.c ssh-keygen.c]
clean code is good code
- deraadt@cvs.openbsd.org 2000/07/07 02:14:29
[serverloop.c]
sense of port forwarding flag test was backwards
- provos@cvs.openbsd.org 2000/07/08 17:17:31
[compat.c readconf.c]
replace strtok with strsep; from David Young <dyoung@onthejob.net>
- deraadt@cvs.openbsd.org 2000/07/08 19:21:15
[auth.h]
KNF
- ho@cvs.openbsd.org 2000/07/08 19:27:33
[compat.c readconf.c]
Better conditions for strsep() ending.
- ho@cvs.openbsd.org 2000/07/10 10:27:05
[readconf.c]
Get the correct message on errors. (niels@ ok)
- ho@cvs.openbsd.org 2000/07/10 10:30:25
[cipher.c kex.c servconf.c]
strtok() --> strsep(). (niels@ ok)
Diffstat (limited to 'authfd.c')
| -rw-r--r-- | authfd.c | 142 |
1 files changed, 31 insertions, 111 deletions
| @@ -14,7 +14,7 @@ | |||
| 14 | */ | 14 | */ |
| 15 | 15 | ||
| 16 | #include "includes.h" | 16 | #include "includes.h" |
| 17 | RCSID("$OpenBSD: authfd.c,v 1.20 2000/06/20 01:39:38 markus Exp $"); | 17 | RCSID("$OpenBSD: authfd.c,v 1.21 2000/06/26 09:22:29 markus Exp $"); |
| 18 | 18 | ||
| 19 | #include "ssh.h" | 19 | #include "ssh.h" |
| 20 | #include "rsa.h" | 20 | #include "rsa.h" |
| @@ -26,6 +26,9 @@ RCSID("$OpenBSD: authfd.c,v 1.20 2000/06/20 01:39:38 markus Exp $"); | |||
| 26 | 26 | ||
| 27 | #include <openssl/rsa.h> | 27 | #include <openssl/rsa.h> |
| 28 | 28 | ||
| 29 | /* helper */ | ||
| 30 | int ssh_agent_get_reply(AuthenticationConnection *auth); | ||
| 31 | |||
| 29 | /* Returns the number of the authentication fd, or -1 if there is none. */ | 32 | /* Returns the number of the authentication fd, or -1 if there is none. */ |
| 30 | 33 | ||
| 31 | int | 34 | int |
| @@ -344,7 +347,7 @@ ssh_add_identity(AuthenticationConnection *auth, | |||
| 344 | { | 347 | { |
| 345 | Buffer buffer; | 348 | Buffer buffer; |
| 346 | unsigned char buf[8192]; | 349 | unsigned char buf[8192]; |
| 347 | int len, l, type; | 350 | int len; |
| 348 | 351 | ||
| 349 | /* Format a message to the agent. */ | 352 | /* Format a message to the agent. */ |
| 350 | buffer_init(&buffer); | 353 | buffer_init(&buffer); |
| @@ -368,57 +371,11 @@ ssh_add_identity(AuthenticationConnection *auth, | |||
| 368 | atomicio(write, auth->fd, buffer_ptr(&buffer), | 371 | atomicio(write, auth->fd, buffer_ptr(&buffer), |
| 369 | buffer_len(&buffer)) != buffer_len(&buffer)) { | 372 | buffer_len(&buffer)) != buffer_len(&buffer)) { |
| 370 | error("Error writing to authentication socket."); | 373 | error("Error writing to authentication socket."); |
| 371 | error_cleanup: | ||
| 372 | buffer_free(&buffer); | 374 | buffer_free(&buffer); |
| 373 | return 0; | 375 | return 0; |
| 374 | } | 376 | } |
| 375 | /* Wait for response from the agent. First read the length of the | 377 | buffer_free(&buffer); |
| 376 | response packet. */ | 378 | return ssh_agent_get_reply(auth); |
| 377 | len = 4; | ||
| 378 | while (len > 0) { | ||
| 379 | l = read(auth->fd, buf + 4 - len, len); | ||
| 380 | if (l <= 0) { | ||
| 381 | error("Error reading response length from authentication socket."); | ||
| 382 | goto error_cleanup; | ||
| 383 | } | ||
| 384 | len -= l; | ||
| 385 | } | ||
| 386 | |||
| 387 | /* Extract the length, and check it for sanity. */ | ||
| 388 | len = GET_32BIT(buf); | ||
| 389 | if (len > 256 * 1024) | ||
| 390 | fatal("Add identity response too long: %d", len); | ||
| 391 | |||
| 392 | /* Read the rest of the response in tothe buffer. */ | ||
| 393 | buffer_clear(&buffer); | ||
| 394 | while (len > 0) { | ||
| 395 | l = len; | ||
| 396 | if (l > sizeof(buf)) | ||
| 397 | l = sizeof(buf); | ||
| 398 | l = read(auth->fd, buf, l); | ||
| 399 | if (l <= 0) { | ||
| 400 | error("Error reading response from authentication socket."); | ||
| 401 | goto error_cleanup; | ||
| 402 | } | ||
| 403 | buffer_append(&buffer, (char *) buf, l); | ||
| 404 | len -= l; | ||
| 405 | } | ||
| 406 | |||
| 407 | /* Get the type of the packet. */ | ||
| 408 | type = buffer_get_char(&buffer); | ||
| 409 | switch (type) { | ||
| 410 | case SSH_AGENT_FAILURE: | ||
| 411 | buffer_free(&buffer); | ||
| 412 | return 0; | ||
| 413 | case SSH_AGENT_SUCCESS: | ||
| 414 | buffer_free(&buffer); | ||
| 415 | return 1; | ||
| 416 | default: | ||
| 417 | fatal("Bad response to add identity from authentication agent: %d", | ||
| 418 | type); | ||
| 419 | } | ||
| 420 | /* NOTREACHED */ | ||
| 421 | return 0; | ||
| 422 | } | 379 | } |
| 423 | 380 | ||
| 424 | /* | 381 | /* |
| @@ -430,8 +387,8 @@ int | |||
| 430 | ssh_remove_identity(AuthenticationConnection *auth, RSA *key) | 387 | ssh_remove_identity(AuthenticationConnection *auth, RSA *key) |
| 431 | { | 388 | { |
| 432 | Buffer buffer; | 389 | Buffer buffer; |
| 433 | unsigned char buf[8192]; | 390 | unsigned char buf[5]; |
| 434 | int len, l, type; | 391 | int len; |
| 435 | 392 | ||
| 436 | /* Format a message to the agent. */ | 393 | /* Format a message to the agent. */ |
| 437 | buffer_init(&buffer); | 394 | buffer_init(&buffer); |
| @@ -449,59 +406,11 @@ ssh_remove_identity(AuthenticationConnection *auth, RSA *key) | |||
| 449 | atomicio(write, auth->fd, buffer_ptr(&buffer), | 406 | atomicio(write, auth->fd, buffer_ptr(&buffer), |
| 450 | buffer_len(&buffer)) != buffer_len(&buffer)) { | 407 | buffer_len(&buffer)) != buffer_len(&buffer)) { |
| 451 | error("Error writing to authentication socket."); | 408 | error("Error writing to authentication socket."); |
| 452 | error_cleanup: | ||
| 453 | buffer_free(&buffer); | 409 | buffer_free(&buffer); |
| 454 | return 0; | 410 | return 0; |
| 455 | } | 411 | } |
| 456 | /* | 412 | buffer_free(&buffer); |
| 457 | * Wait for response from the agent. First read the length of the | 413 | return ssh_agent_get_reply(auth); |
| 458 | * response packet. | ||
| 459 | */ | ||
| 460 | len = 4; | ||
| 461 | while (len > 0) { | ||
| 462 | l = read(auth->fd, buf + 4 - len, len); | ||
| 463 | if (l <= 0) { | ||
| 464 | error("Error reading response length from authentication socket."); | ||
| 465 | goto error_cleanup; | ||
| 466 | } | ||
| 467 | len -= l; | ||
| 468 | } | ||
| 469 | |||
| 470 | /* Extract the length, and check it for sanity. */ | ||
| 471 | len = GET_32BIT(buf); | ||
| 472 | if (len > 256 * 1024) | ||
| 473 | fatal("Remove identity response too long: %d", len); | ||
| 474 | |||
| 475 | /* Read the rest of the response in tothe buffer. */ | ||
| 476 | buffer_clear(&buffer); | ||
| 477 | while (len > 0) { | ||
| 478 | l = len; | ||
| 479 | if (l > sizeof(buf)) | ||
| 480 | l = sizeof(buf); | ||
| 481 | l = read(auth->fd, buf, l); | ||
| 482 | if (l <= 0) { | ||
| 483 | error("Error reading response from authentication socket."); | ||
| 484 | goto error_cleanup; | ||
| 485 | } | ||
| 486 | buffer_append(&buffer, (char *) buf, l); | ||
| 487 | len -= l; | ||
| 488 | } | ||
| 489 | |||
| 490 | /* Get the type of the packet. */ | ||
| 491 | type = buffer_get_char(&buffer); | ||
| 492 | switch (type) { | ||
| 493 | case SSH_AGENT_FAILURE: | ||
| 494 | buffer_free(&buffer); | ||
| 495 | return 0; | ||
| 496 | case SSH_AGENT_SUCCESS: | ||
| 497 | buffer_free(&buffer); | ||
| 498 | return 1; | ||
| 499 | default: | ||
| 500 | fatal("Bad response to remove identity from authentication agent: %d", | ||
| 501 | type); | ||
| 502 | } | ||
| 503 | /* NOTREACHED */ | ||
| 504 | return 0; | ||
| 505 | } | 414 | } |
| 506 | 415 | ||
| 507 | /* | 416 | /* |
| @@ -512,9 +421,7 @@ error_cleanup: | |||
| 512 | int | 421 | int |
| 513 | ssh_remove_all_identities(AuthenticationConnection *auth) | 422 | ssh_remove_all_identities(AuthenticationConnection *auth) |
| 514 | { | 423 | { |
| 515 | Buffer buffer; | 424 | unsigned char buf[5]; |
| 516 | unsigned char buf[8192]; | ||
| 517 | int len, l, type; | ||
| 518 | 425 | ||
| 519 | /* Get the length of the message, and format it in the buffer. */ | 426 | /* Get the length of the message, and format it in the buffer. */ |
| 520 | PUT_32BIT(buf, 1); | 427 | PUT_32BIT(buf, 1); |
| @@ -525,6 +432,20 @@ ssh_remove_all_identities(AuthenticationConnection *auth) | |||
| 525 | error("Error writing to authentication socket."); | 432 | error("Error writing to authentication socket."); |
| 526 | return 0; | 433 | return 0; |
| 527 | } | 434 | } |
| 435 | return ssh_agent_get_reply(auth); | ||
| 436 | } | ||
| 437 | |||
| 438 | /* | ||
| 439 | * Read for reply from agent. returns 1 for success, 0 on error | ||
| 440 | */ | ||
| 441 | |||
| 442 | int | ||
| 443 | ssh_agent_get_reply(AuthenticationConnection *auth) | ||
| 444 | { | ||
| 445 | Buffer buffer; | ||
| 446 | unsigned char buf[8192]; | ||
| 447 | int len, l, type; | ||
| 448 | |||
| 528 | /* | 449 | /* |
| 529 | * Wait for response from the agent. First read the length of the | 450 | * Wait for response from the agent. First read the length of the |
| 530 | * response packet. | 451 | * response packet. |
| @@ -534,6 +455,7 @@ ssh_remove_all_identities(AuthenticationConnection *auth) | |||
| 534 | l = read(auth->fd, buf + 4 - len, len); | 455 | l = read(auth->fd, buf + 4 - len, len); |
| 535 | if (l <= 0) { | 456 | if (l <= 0) { |
| 536 | error("Error reading response length from authentication socket."); | 457 | error("Error reading response length from authentication socket."); |
| 458 | buffer_free(&buffer); | ||
| 537 | return 0; | 459 | return 0; |
| 538 | } | 460 | } |
| 539 | len -= l; | 461 | len -= l; |
| @@ -542,9 +464,9 @@ ssh_remove_all_identities(AuthenticationConnection *auth) | |||
| 542 | /* Extract the length, and check it for sanity. */ | 464 | /* Extract the length, and check it for sanity. */ |
| 543 | len = GET_32BIT(buf); | 465 | len = GET_32BIT(buf); |
| 544 | if (len > 256 * 1024) | 466 | if (len > 256 * 1024) |
| 545 | fatal("Remove identity response too long: %d", len); | 467 | fatal("Response from agent too long: %d", len); |
| 546 | 468 | ||
| 547 | /* Read the rest of the response into the buffer. */ | 469 | /* Read the rest of the response in to the buffer. */ |
| 548 | buffer_init(&buffer); | 470 | buffer_init(&buffer); |
| 549 | while (len > 0) { | 471 | while (len > 0) { |
| 550 | l = len; | 472 | l = len; |
| @@ -562,16 +484,14 @@ ssh_remove_all_identities(AuthenticationConnection *auth) | |||
| 562 | 484 | ||
| 563 | /* Get the type of the packet. */ | 485 | /* Get the type of the packet. */ |
| 564 | type = buffer_get_char(&buffer); | 486 | type = buffer_get_char(&buffer); |
| 487 | buffer_free(&buffer); | ||
| 565 | switch (type) { | 488 | switch (type) { |
| 566 | case SSH_AGENT_FAILURE: | 489 | case SSH_AGENT_FAILURE: |
| 567 | buffer_free(&buffer); | ||
| 568 | return 0; | 490 | return 0; |
| 569 | case SSH_AGENT_SUCCESS: | 491 | case SSH_AGENT_SUCCESS: |
| 570 | buffer_free(&buffer); | ||
| 571 | return 1; | 492 | return 1; |
| 572 | default: | 493 | default: |
| 573 | fatal("Bad response to remove identity from authentication agent: %d", | 494 | fatal("Bad response from authentication agent: %d", type); |
| 574 | type); | ||
| 575 | } | 495 | } |
| 576 | /* NOTREACHED */ | 496 | /* NOTREACHED */ |
| 577 | return 0; | 497 | return 0; |