diff options
| author | Damien Miller <djm@mindrot.org> | 2013-07-20 13:21:52 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2013-07-20 13:21:52 +1000 |
| commit | 85b45e09188e7a7fc8f0a900a4c6a0f04a5720a7 (patch) | |
| tree | 575942d7e7a835c3b89b59eb0e9e0ecf34f1811b /monitor.c | |
| parent | d93340cbb6bc0fc0dbd4427e0cec6d994a494dd9 (diff) | |
- markus@cvs.openbsd.org 2013/07/19 07:37:48
[auth.h kex.h kexdhs.c kexecdhs.c kexgexs.c monitor.c servconf.c]
[servconf.h session.c sshd.c sshd_config.5]
add ssh-agent(1) support to sshd(8); allows encrypted hostkeys,
or hostkeys on smartcards; most of the work by Zev Weiss; bz #1974
ok djm@
Diffstat (limited to 'monitor.c')
| -rw-r--r-- | monitor.c | 18 |
1 files changed, 14 insertions, 4 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: monitor.c,v 1.126 2013/06/21 00:34:49 djm Exp $ */ | 1 | /* $OpenBSD: monitor.c,v 1.127 2013/07/19 07:37:48 markus Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
| 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
| @@ -97,6 +97,7 @@ | |||
| 97 | #include "ssh2.h" | 97 | #include "ssh2.h" |
| 98 | #include "jpake.h" | 98 | #include "jpake.h" |
| 99 | #include "roaming.h" | 99 | #include "roaming.h" |
| 100 | #include "authfd.h" | ||
| 100 | 101 | ||
| 101 | #ifdef GSSAPI | 102 | #ifdef GSSAPI |
| 102 | static Gssctxt *gsscontext = NULL; | 103 | static Gssctxt *gsscontext = NULL; |
| @@ -686,6 +687,8 @@ mm_answer_moduli(int sock, Buffer *m) | |||
| 686 | return (0); | 687 | return (0); |
| 687 | } | 688 | } |
| 688 | 689 | ||
| 690 | extern AuthenticationConnection *auth_conn; | ||
| 691 | |||
| 689 | int | 692 | int |
| 690 | mm_answer_sign(int sock, Buffer *m) | 693 | mm_answer_sign(int sock, Buffer *m) |
| 691 | { | 694 | { |
| @@ -714,10 +717,16 @@ mm_answer_sign(int sock, Buffer *m) | |||
| 714 | memcpy(session_id2, p, session_id2_len); | 717 | memcpy(session_id2, p, session_id2_len); |
| 715 | } | 718 | } |
| 716 | 719 | ||
| 717 | if ((key = get_hostkey_by_index(keyid)) == NULL) | 720 | if ((key = get_hostkey_by_index(keyid)) != NULL) { |
| 721 | if (key_sign(key, &signature, &siglen, p, datlen) < 0) | ||
| 722 | fatal("%s: key_sign failed", __func__); | ||
| 723 | } else if ((key = get_hostkey_public_by_index(keyid)) != NULL && | ||
| 724 | auth_conn != NULL) { | ||
| 725 | if (ssh_agent_sign(auth_conn, key, &signature, &siglen, p, | ||
| 726 | datlen) < 0) | ||
| 727 | fatal("%s: ssh_agent_sign failed", __func__); | ||
| 728 | } else | ||
| 718 | fatal("%s: no hostkey from index %d", __func__, keyid); | 729 | fatal("%s: no hostkey from index %d", __func__, keyid); |
| 719 | if (key_sign(key, &signature, &siglen, p, datlen) < 0) | ||
| 720 | fatal("%s: key_sign failed", __func__); | ||
| 721 | 730 | ||
| 722 | debug3("%s: signature %p(%u)", __func__, signature, siglen); | 731 | debug3("%s: signature %p(%u)", __func__, signature, siglen); |
| 723 | 732 | ||
| @@ -1864,6 +1873,7 @@ mm_get_kex(Buffer *m) | |||
| 1864 | kex->load_host_public_key=&get_hostkey_public_by_type; | 1873 | kex->load_host_public_key=&get_hostkey_public_by_type; |
| 1865 | kex->load_host_private_key=&get_hostkey_private_by_type; | 1874 | kex->load_host_private_key=&get_hostkey_private_by_type; |
| 1866 | kex->host_key_index=&get_hostkey_index; | 1875 | kex->host_key_index=&get_hostkey_index; |
| 1876 | kex->sign = sshd_hostkey_sign; | ||
| 1867 | 1877 | ||
| 1868 | return (kex); | 1878 | return (kex); |
| 1869 | } | 1879 | } |