diff options
author | Damien Miller <djm@mindrot.org> | 2000-08-23 10:46:23 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2000-08-23 10:46:23 +1000 |
commit | ad833b3e65c1887674714d514eb818d862bb499a (patch) | |
tree | 16fa75fe42aede072c5d3edac562c2870d1bb0e5 /sshconnect2.c | |
parent | b078567bf5de1dcf12d265d98acb4dc9eba8b325 (diff) |
- (djm) Pick up LOGIN_PROGRAM from environment or PATH if not set by headers
- (djm) OpenBSD CVS updates:
- deraadt@cvs.openbsd.org 2000/08/18 20:07:23
[ssh.c]
accept remsh as a valid name as well; roman@buildpoint.com
- deraadt@cvs.openbsd.org 2000/08/18 20:17:13
[deattack.c crc32.c packet.c]
rename crc32() to ssh_crc32() to avoid zlib name clash. do not move to
libz crc32 function yet, because it has ugly "long"'s in it;
oneill@cs.sfu.ca
- deraadt@cvs.openbsd.org 2000/08/18 20:26:08
[scp.1 scp.c]
-S prog support; tv@debian.org
- deraadt@cvs.openbsd.org 2000/08/18 20:50:07
[scp.c]
knf
- deraadt@cvs.openbsd.org 2000/08/18 20:57:33
[log-client.c]
shorten
- markus@cvs.openbsd.org 2000/08/19 12:48:11
[channels.c channels.h clientloop.c ssh.c ssh.h]
support for ~. in ssh2
- deraadt@cvs.openbsd.org 2000/08/19 15:29:40
[crc32.h]
proper prototype
- markus@cvs.openbsd.org 2000/08/19 15:34:44
[authfd.c authfd.h key.c key.h ssh-add.1 ssh-add.c ssh-agent.1]
[ssh-agent.c ssh-keygen.c sshconnect1.c sshconnect2.c Makefile]
[fingerprint.c fingerprint.h]
add SSH2/DSA support to the agent and some other DSA related cleanups.
(note that we cannot talk to ssh.com's ssh2 agents)
- markus@cvs.openbsd.org 2000/08/19 15:55:52
[channels.c channels.h clientloop.c]
more ~ support for ssh2
- markus@cvs.openbsd.org 2000/08/19 16:21:19
[clientloop.c]
oops
- millert@cvs.openbsd.org 2000/08/20 12:25:53
[session.c]
We have to stash the result of get_remote_name_or_ip() before we
close our socket or getpeername() will get EBADF and the process
will exit. Only a problem for "UseLogin yes".
- millert@cvs.openbsd.org 2000/08/20 12:30:59
[session.c]
Only check /etc/nologin if "UseLogin no" since login(1) may have its
own policy on determining who is allowed to login when /etc/nologin
is present. Also use the _PATH_NOLOGIN define.
- millert@cvs.openbsd.org 2000/08/20 12:42:43
[auth1.c auth2.c session.c ssh.c]
Add calls to setusercontext() and login_get*(). We basically call
setusercontext() in most places where previously we did a setlogin().
Add default login.conf file and put root in the "daemon" login class.
- millert@cvs.openbsd.org 2000/08/21 10:23:31
[session.c]
Fix incorrect PATH setting; noted by Markus.
Diffstat (limited to 'sshconnect2.c')
-rw-r--r-- | sshconnect2.c | 78 |
1 files changed, 67 insertions, 11 deletions
diff --git a/sshconnect2.c b/sshconnect2.c index 22ad39e7f..1f49067ad 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -28,7 +28,7 @@ | |||
28 | */ | 28 | */ |
29 | 29 | ||
30 | #include "includes.h" | 30 | #include "includes.h" |
31 | RCSID("$OpenBSD: sshconnect2.c,v 1.16 2000/07/16 08:27:22 markus Exp $"); | 31 | RCSID("$OpenBSD: sshconnect2.c,v 1.17 2000/08/19 21:34:44 markus Exp $"); |
32 | 32 | ||
33 | #include <openssl/bn.h> | 33 | #include <openssl/bn.h> |
34 | #include <openssl/rsa.h> | 34 | #include <openssl/rsa.h> |
@@ -54,6 +54,7 @@ RCSID("$OpenBSD: sshconnect2.c,v 1.16 2000/07/16 08:27:22 markus Exp $"); | |||
54 | #include "dsa.h" | 54 | #include "dsa.h" |
55 | #include "sshconnect.h" | 55 | #include "sshconnect.h" |
56 | #include "authfile.h" | 56 | #include "authfile.h" |
57 | #include "authfd.h" | ||
57 | 58 | ||
58 | /* import */ | 59 | /* import */ |
59 | extern char *client_version_string; | 60 | extern char *client_version_string; |
@@ -291,7 +292,7 @@ typedef int sign_fn( | |||
291 | unsigned char **sigp, int *lenp, | 292 | unsigned char **sigp, int *lenp, |
292 | unsigned char *data, int datalen); | 293 | unsigned char *data, int datalen); |
293 | 294 | ||
294 | void | 295 | int |
295 | ssh2_sign_and_send_pubkey(Key *k, sign_fn *do_sign, | 296 | ssh2_sign_and_send_pubkey(Key *k, sign_fn *do_sign, |
296 | const char *server_user, const char *host, const char *service) | 297 | const char *server_user, const char *host, const char *service) |
297 | { | 298 | { |
@@ -299,6 +300,7 @@ ssh2_sign_and_send_pubkey(Key *k, sign_fn *do_sign, | |||
299 | unsigned char *blob, *signature; | 300 | unsigned char *blob, *signature; |
300 | int bloblen, slen; | 301 | int bloblen, slen; |
301 | int skip = 0; | 302 | int skip = 0; |
303 | int ret = -1; | ||
302 | 304 | ||
303 | dsa_make_key_blob(k, &blob, &bloblen); | 305 | dsa_make_key_blob(k, &blob, &bloblen); |
304 | 306 | ||
@@ -323,8 +325,12 @@ ssh2_sign_and_send_pubkey(Key *k, sign_fn *do_sign, | |||
323 | buffer_put_string(&b, blob, bloblen); | 325 | buffer_put_string(&b, blob, bloblen); |
324 | 326 | ||
325 | /* generate signature */ | 327 | /* generate signature */ |
326 | do_sign(k, &signature, &slen, buffer_ptr(&b), buffer_len(&b)); | 328 | ret = do_sign(k, &signature, &slen, buffer_ptr(&b), buffer_len(&b)); |
327 | key_free(k); /* XXX */ | 329 | if (ret == -1) { |
330 | xfree(blob); | ||
331 | buffer_free(&b); | ||
332 | return 0; | ||
333 | } | ||
328 | #ifdef DEBUG_DSS | 334 | #ifdef DEBUG_DSS |
329 | buffer_dump(&b); | 335 | buffer_dump(&b); |
330 | #endif | 336 | #endif |
@@ -357,6 +363,8 @@ ssh2_sign_and_send_pubkey(Key *k, sign_fn *do_sign, | |||
357 | /* send */ | 363 | /* send */ |
358 | packet_send(); | 364 | packet_send(); |
359 | packet_write_wait(); | 365 | packet_write_wait(); |
366 | |||
367 | return 1; | ||
360 | } | 368 | } |
361 | 369 | ||
362 | int | 370 | int |
@@ -364,6 +372,7 @@ ssh2_try_pubkey(char *filename, | |||
364 | const char *server_user, const char *host, const char *service) | 372 | const char *server_user, const char *host, const char *service) |
365 | { | 373 | { |
366 | Key *k; | 374 | Key *k; |
375 | int ret = 0; | ||
367 | struct stat st; | 376 | struct stat st; |
368 | 377 | ||
369 | if (stat(filename, &st) != 0) { | 378 | if (stat(filename, &st) != 0) { |
@@ -389,13 +398,53 @@ ssh2_try_pubkey(char *filename, | |||
389 | return 0; | 398 | return 0; |
390 | } | 399 | } |
391 | } | 400 | } |
392 | ssh2_sign_and_send_pubkey(k, dsa_sign, server_user, host, service); | 401 | ret = ssh2_sign_and_send_pubkey(k, dsa_sign, server_user, host, service); |
393 | return 1; | 402 | key_free(k); |
403 | return ret; | ||
404 | } | ||
405 | |||
406 | int agent_sign( | ||
407 | Key *key, | ||
408 | unsigned char **sigp, int *lenp, | ||
409 | unsigned char *data, int datalen) | ||
410 | { | ||
411 | int ret = -1; | ||
412 | AuthenticationConnection *ac = ssh_get_authentication_connection(); | ||
413 | if (ac != NULL) { | ||
414 | ret = ssh_agent_sign(ac, key, sigp, lenp, data, datalen); | ||
415 | ssh_close_authentication_connection(ac); | ||
416 | } | ||
417 | return ret; | ||
418 | } | ||
419 | |||
420 | int | ||
421 | ssh2_try_agent(AuthenticationConnection *ac, | ||
422 | const char *server_user, const char *host, const char *service) | ||
423 | { | ||
424 | static int called = 0; | ||
425 | char *comment; | ||
426 | Key *k; | ||
427 | int ret; | ||
428 | |||
429 | if (called == 0) { | ||
430 | k = ssh_get_first_identity(ac, &comment, 2); | ||
431 | called ++; | ||
432 | } else { | ||
433 | k = ssh_get_next_identity(ac, &comment, 2); | ||
434 | } | ||
435 | if (k == NULL) | ||
436 | return 0; | ||
437 | debug("trying DSA agent key %s", comment); | ||
438 | xfree(comment); | ||
439 | ret = ssh2_sign_and_send_pubkey(k, agent_sign, server_user, host, service); | ||
440 | key_free(k); | ||
441 | return ret; | ||
394 | } | 442 | } |
395 | 443 | ||
396 | void | 444 | void |
397 | ssh_userauth2(const char *server_user, char *host) | 445 | ssh_userauth2(const char *server_user, char *host) |
398 | { | 446 | { |
447 | AuthenticationConnection *ac = ssh_get_authentication_connection(); | ||
399 | int type; | 448 | int type; |
400 | int plen; | 449 | int plen; |
401 | int sent; | 450 | int sent; |
@@ -450,12 +499,17 @@ ssh_userauth2(const char *server_user, char *host) | |||
450 | debug("partial success"); | 499 | debug("partial success"); |
451 | if (options.dsa_authentication && | 500 | if (options.dsa_authentication && |
452 | strstr(auths, "publickey") != NULL) { | 501 | strstr(auths, "publickey") != NULL) { |
453 | while (i < options.num_identity_files2) { | 502 | if (ac != NULL) |
454 | sent = ssh2_try_pubkey( | 503 | sent = ssh2_try_agent(ac, |
455 | options.identity_files2[i++], | ||
456 | server_user, host, service); | 504 | server_user, host, service); |
457 | if (sent) | 505 | if (!sent) { |
458 | break; | 506 | while (i < options.num_identity_files2) { |
507 | sent = ssh2_try_pubkey( | ||
508 | options.identity_files2[i++], | ||
509 | server_user, host, service); | ||
510 | if (sent) | ||
511 | break; | ||
512 | } | ||
459 | } | 513 | } |
460 | } | 514 | } |
461 | if (!sent) { | 515 | if (!sent) { |
@@ -469,6 +523,8 @@ ssh_userauth2(const char *server_user, char *host) | |||
469 | fatal("Permission denied (%s).", auths); | 523 | fatal("Permission denied (%s).", auths); |
470 | xfree(auths); | 524 | xfree(auths); |
471 | } | 525 | } |
526 | if (ac != NULL) | ||
527 | ssh_close_authentication_connection(ac); | ||
472 | packet_done(); | 528 | packet_done(); |
473 | debug("ssh-userauth2 successfull"); | 529 | debug("ssh-userauth2 successfull"); |
474 | } | 530 | } |