diff options
author | Damien Miller <djm@mindrot.org> | 2013-07-20 13:21:52 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2013-07-20 13:21:52 +1000 |
commit | 85b45e09188e7a7fc8f0a900a4c6a0f04a5720a7 (patch) | |
tree | 575942d7e7a835c3b89b59eb0e9e0ecf34f1811b /monitor.c | |
parent | d93340cbb6bc0fc0dbd4427e0cec6d994a494dd9 (diff) |
- markus@cvs.openbsd.org 2013/07/19 07:37:48
[auth.h kex.h kexdhs.c kexecdhs.c kexgexs.c monitor.c servconf.c]
[servconf.h session.c sshd.c sshd_config.5]
add ssh-agent(1) support to sshd(8); allows encrypted hostkeys,
or hostkeys on smartcards; most of the work by Zev Weiss; bz #1974
ok djm@
Diffstat (limited to 'monitor.c')
-rw-r--r-- | monitor.c | 18 |
1 files changed, 14 insertions, 4 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: monitor.c,v 1.126 2013/06/21 00:34:49 djm Exp $ */ | 1 | /* $OpenBSD: monitor.c,v 1.127 2013/07/19 07:37:48 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
@@ -97,6 +97,7 @@ | |||
97 | #include "ssh2.h" | 97 | #include "ssh2.h" |
98 | #include "jpake.h" | 98 | #include "jpake.h" |
99 | #include "roaming.h" | 99 | #include "roaming.h" |
100 | #include "authfd.h" | ||
100 | 101 | ||
101 | #ifdef GSSAPI | 102 | #ifdef GSSAPI |
102 | static Gssctxt *gsscontext = NULL; | 103 | static Gssctxt *gsscontext = NULL; |
@@ -686,6 +687,8 @@ mm_answer_moduli(int sock, Buffer *m) | |||
686 | return (0); | 687 | return (0); |
687 | } | 688 | } |
688 | 689 | ||
690 | extern AuthenticationConnection *auth_conn; | ||
691 | |||
689 | int | 692 | int |
690 | mm_answer_sign(int sock, Buffer *m) | 693 | mm_answer_sign(int sock, Buffer *m) |
691 | { | 694 | { |
@@ -714,10 +717,16 @@ mm_answer_sign(int sock, Buffer *m) | |||
714 | memcpy(session_id2, p, session_id2_len); | 717 | memcpy(session_id2, p, session_id2_len); |
715 | } | 718 | } |
716 | 719 | ||
717 | if ((key = get_hostkey_by_index(keyid)) == NULL) | 720 | if ((key = get_hostkey_by_index(keyid)) != NULL) { |
721 | if (key_sign(key, &signature, &siglen, p, datlen) < 0) | ||
722 | fatal("%s: key_sign failed", __func__); | ||
723 | } else if ((key = get_hostkey_public_by_index(keyid)) != NULL && | ||
724 | auth_conn != NULL) { | ||
725 | if (ssh_agent_sign(auth_conn, key, &signature, &siglen, p, | ||
726 | datlen) < 0) | ||
727 | fatal("%s: ssh_agent_sign failed", __func__); | ||
728 | } else | ||
718 | fatal("%s: no hostkey from index %d", __func__, keyid); | 729 | fatal("%s: no hostkey from index %d", __func__, keyid); |
719 | if (key_sign(key, &signature, &siglen, p, datlen) < 0) | ||
720 | fatal("%s: key_sign failed", __func__); | ||
721 | 730 | ||
722 | debug3("%s: signature %p(%u)", __func__, signature, siglen); | 731 | debug3("%s: signature %p(%u)", __func__, signature, siglen); |
723 | 732 | ||
@@ -1864,6 +1873,7 @@ mm_get_kex(Buffer *m) | |||
1864 | kex->load_host_public_key=&get_hostkey_public_by_type; | 1873 | kex->load_host_public_key=&get_hostkey_public_by_type; |
1865 | kex->load_host_private_key=&get_hostkey_private_by_type; | 1874 | kex->load_host_private_key=&get_hostkey_private_by_type; |
1866 | kex->host_key_index=&get_hostkey_index; | 1875 | kex->host_key_index=&get_hostkey_index; |
1876 | kex->sign = sshd_hostkey_sign; | ||
1867 | 1877 | ||
1868 | return (kex); | 1878 | return (kex); |
1869 | } | 1879 | } |