diff options
author | djm@openbsd.org <djm@openbsd.org> | 2015-01-14 20:05:27 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2015-01-15 21:37:34 +1100 |
commit | 141efe49542f7156cdbc2e4cd0a041d8b1aab622 (patch) | |
tree | a9142350f2b8689f4d42548ca272ed577b32a881 /sshd.c | |
parent | 0088c57af302cda278bd26d8c3ae81d5b6f7c289 (diff) |
upstream commit
move authfd.c and its tentacles to the new buffer/key
API; ok markus@
Diffstat (limited to 'sshd.c')
-rw-r--r-- | sshd.c | 43 |
1 files changed, 31 insertions, 12 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshd.c,v 1.431 2015/01/07 18:15:07 tedu Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.432 2015/01/14 20:05:27 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -123,6 +123,7 @@ | |||
123 | #include "roaming.h" | 123 | #include "roaming.h" |
124 | #include "ssh-sandbox.h" | 124 | #include "ssh-sandbox.h" |
125 | #include "version.h" | 125 | #include "version.h" |
126 | #include "ssherr.h" | ||
126 | 127 | ||
127 | #ifndef O_NOCTTY | 128 | #ifndef O_NOCTTY |
128 | #define O_NOCTTY 0 | 129 | #define O_NOCTTY 0 |
@@ -191,7 +192,7 @@ char *server_version_string = NULL; | |||
191 | Kex *xxx_kex; | 192 | Kex *xxx_kex; |
192 | 193 | ||
193 | /* Daemon's agent connection */ | 194 | /* Daemon's agent connection */ |
194 | AuthenticationConnection *auth_conn = NULL; | 195 | int auth_sock = -1; |
195 | int have_agent = 0; | 196 | int have_agent = 0; |
196 | 197 | ||
197 | /* | 198 | /* |
@@ -655,7 +656,7 @@ privsep_preauth_child(void) | |||
655 | static int | 656 | static int |
656 | privsep_preauth(Authctxt *authctxt) | 657 | privsep_preauth(Authctxt *authctxt) |
657 | { | 658 | { |
658 | int status; | 659 | int status, r; |
659 | pid_t pid; | 660 | pid_t pid; |
660 | struct ssh_sandbox *box = NULL; | 661 | struct ssh_sandbox *box = NULL; |
661 | 662 | ||
@@ -673,8 +674,14 @@ privsep_preauth(Authctxt *authctxt) | |||
673 | debug2("Network child is on pid %ld", (long)pid); | 674 | debug2("Network child is on pid %ld", (long)pid); |
674 | 675 | ||
675 | pmonitor->m_pid = pid; | 676 | pmonitor->m_pid = pid; |
676 | if (have_agent) | 677 | if (have_agent) { |
677 | auth_conn = ssh_get_authentication_connection(); | 678 | r = ssh_get_authentication_socket(&auth_sock); |
679 | if (r != 0) { | ||
680 | error("Could not get agent socket: %s", | ||
681 | ssh_err(r)); | ||
682 | have_agent = 0; | ||
683 | } | ||
684 | } | ||
678 | if (box != NULL) | 685 | if (box != NULL) |
679 | ssh_sandbox_parent_preauth(box, pid); | 686 | ssh_sandbox_parent_preauth(box, pid); |
680 | monitor_child_preauth(authctxt, pmonitor); | 687 | monitor_child_preauth(authctxt, pmonitor); |
@@ -1397,7 +1404,7 @@ main(int ac, char **av) | |||
1397 | { | 1404 | { |
1398 | extern char *optarg; | 1405 | extern char *optarg; |
1399 | extern int optind; | 1406 | extern int optind; |
1400 | int opt, i, j, on = 1; | 1407 | int r, opt, i, j, on = 1; |
1401 | int sock_in = -1, sock_out = -1, newsock = -1; | 1408 | int sock_in = -1, sock_out = -1, newsock = -1; |
1402 | const char *remote_ip; | 1409 | const char *remote_ip; |
1403 | int remote_port; | 1410 | int remote_port; |
@@ -1706,7 +1713,7 @@ main(int ac, char **av) | |||
1706 | if (strcmp(options.host_key_agent, SSH_AUTHSOCKET_ENV_NAME)) | 1713 | if (strcmp(options.host_key_agent, SSH_AUTHSOCKET_ENV_NAME)) |
1707 | setenv(SSH_AUTHSOCKET_ENV_NAME, | 1714 | setenv(SSH_AUTHSOCKET_ENV_NAME, |
1708 | options.host_key_agent, 1); | 1715 | options.host_key_agent, 1); |
1709 | have_agent = ssh_agent_present(); | 1716 | have_agent = ssh_get_authentication_socket(NULL); |
1710 | } | 1717 | } |
1711 | 1718 | ||
1712 | for (i = 0; i < options.num_host_key_files; i++) { | 1719 | for (i = 0; i < options.num_host_key_files; i++) { |
@@ -2103,8 +2110,12 @@ main(int ac, char **av) | |||
2103 | if (use_privsep) { | 2110 | if (use_privsep) { |
2104 | if (privsep_preauth(authctxt) == 1) | 2111 | if (privsep_preauth(authctxt) == 1) |
2105 | goto authenticated; | 2112 | goto authenticated; |
2106 | } else if (compat20 && have_agent) | 2113 | } else if (compat20 && have_agent) { |
2107 | auth_conn = ssh_get_authentication_connection(); | 2114 | if ((r = ssh_get_authentication_socket(&auth_sock)) != 0) { |
2115 | error("Unable to get agent socket: %s", ssh_err(r)); | ||
2116 | have_agent = -1; | ||
2117 | } | ||
2118 | } | ||
2108 | 2119 | ||
2109 | /* perform the key exchange */ | 2120 | /* perform the key exchange */ |
2110 | /* authenticate user and start session */ | 2121 | /* authenticate user and start session */ |
@@ -2425,6 +2436,8 @@ void | |||
2425 | sshd_hostkey_sign(Key *privkey, Key *pubkey, u_char **signature, u_int *slen, | 2436 | sshd_hostkey_sign(Key *privkey, Key *pubkey, u_char **signature, u_int *slen, |
2426 | u_char *data, u_int dlen) | 2437 | u_char *data, u_int dlen) |
2427 | { | 2438 | { |
2439 | int r; | ||
2440 | |||
2428 | if (privkey) { | 2441 | if (privkey) { |
2429 | if (PRIVSEP(key_sign(privkey, signature, slen, data, dlen) < 0)) | 2442 | if (PRIVSEP(key_sign(privkey, signature, slen, data, dlen) < 0)) |
2430 | fatal("%s: key_sign failed", __func__); | 2443 | fatal("%s: key_sign failed", __func__); |
@@ -2432,9 +2445,15 @@ sshd_hostkey_sign(Key *privkey, Key *pubkey, u_char **signature, u_int *slen, | |||
2432 | if (mm_key_sign(pubkey, signature, slen, data, dlen) < 0) | 2445 | if (mm_key_sign(pubkey, signature, slen, data, dlen) < 0) |
2433 | fatal("%s: pubkey_sign failed", __func__); | 2446 | fatal("%s: pubkey_sign failed", __func__); |
2434 | } else { | 2447 | } else { |
2435 | if (ssh_agent_sign(auth_conn, pubkey, signature, slen, data, | 2448 | size_t xxx_slen; |
2436 | dlen)) | 2449 | |
2437 | fatal("%s: ssh_agent_sign failed", __func__); | 2450 | if ((r = ssh_agent_sign(auth_sock, pubkey, signature, &xxx_slen, |
2451 | data, dlen, datafellows)) != 0) | ||
2452 | fatal("%s: ssh_agent_sign failed: %s", | ||
2453 | __func__, ssh_err(r)); | ||
2454 | /* XXX: Old API is u_int; new size_t */ | ||
2455 | if (slen != NULL) | ||
2456 | *slen = xxx_slen; | ||
2438 | } | 2457 | } |
2439 | } | 2458 | } |
2440 | 2459 | ||