upstream commit

move authfd.c and its tentacles to the new buffer/key API; ok markus@
author: djm@openbsd.org <djm@openbsd.org> 2015-01-14 20:05:27 +0000
committer: Damien Miller <djm@mindrot.org> 2015-01-15 21:37:34 +1100
commit: 141efe49542f7156cdbc2e4cd0a041d8b1aab622 (patch)
tree: a9142350f2b8689f4d42548ca272ed577b32a881 /sshd.c
parent: 0088c57af302cda278bd26d8c3ae81d5b6f7c289 (diff)
1 files changed, 31 insertions, 12 deletions
diff --git a/sshd.c b/sshd.c
index 202e1706f..4f97da820 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.431 2015/01/07 18:15:07 tedu Exp $ */
+/* $OpenBSD: sshd.c,v 1.432 2015/01/14 20:05:27 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -123,6 +123,7 @@
 #include "roaming.h"
 #include "ssh-sandbox.h"
 #include "version.h"
+#include "ssherr.h"
 #ifndef O_NOCTTY
 #define O_NOCTTY        0
@@ -191,7 +192,7 @@ char *server_version_string = NULL;
 Kex *xxx_kex;
 /* Daemon's agent connection */
-AuthenticationConnection *auth_conn = NULL;
+int auth_sock = -1;
 int have_agent = 0;
 /*
@@ -655,7 +656,7 @@ privsep_preauth_child(void)
 static int
 privsep_preauth(Authctxt *authctxt)
 {
-        int status;
+        int status, r;
        pid_t pid;
        struct ssh_sandbox *box = NULL;
@@ -673,8 +674,14 @@ privsep_preauth(Authctxt *authctxt)
                debug2("Network child is on pid %ld", (long)pid);
                pmonitor->m_pid = pid;
-                if (have_agent)
+                if (have_agent) {
-                        auth_conn = ssh_get_authentication_connection();
+                        r = ssh_get_authentication_socket(&auth_sock);
+                        if (r != 0) {
+                                error("Could not get agent socket: %s",
+                                    ssh_err(r));
+                                have_agent = 0;
+                        }
+                }
                if (box != NULL)
                        ssh_sandbox_parent_preauth(box, pid);
                monitor_child_preauth(authctxt, pmonitor);
@@ -1397,7 +1404,7 @@ main(int ac, char **av)
 {
        extern char *optarg;
        extern int optind;
-        int opt, i, j, on = 1;
+        int r, opt, i, j, on = 1;
        int sock_in = -1, sock_out = -1, newsock = -1;
        const char *remote_ip;
        int remote_port;
@@ -1706,7 +1713,7 @@ main(int ac, char **av)
                if (strcmp(options.host_key_agent, SSH_AUTHSOCKET_ENV_NAME))
                        setenv(SSH_AUTHSOCKET_ENV_NAME,
                            options.host_key_agent, 1);
-                have_agent = ssh_agent_present();
+                have_agent = ssh_get_authentication_socket(NULL);
        }
        for (i = 0; i < options.num_host_key_files; i++) {
@@ -2103,8 +2110,12 @@ main(int ac, char **av)
        if (use_privsep) {
                if (privsep_preauth(authctxt) == 1)
                        goto authenticated;
-        } else if (compat20 && have_agent)
+        } else if (compat20 && have_agent) {
-                auth_conn = ssh_get_authentication_connection();
+                if ((r = ssh_get_authentication_socket(&auth_sock)) != 0) {
+                        error("Unable to get agent socket: %s", ssh_err(r));
+                        have_agent = -1;
+                }
+        }
        /* perform the key exchange */
        /* authenticate user and start session */
@@ -2425,6 +2436,8 @@ void
 sshd_hostkey_sign(Key *privkey, Key *pubkey, u_char **signature, u_int *slen,
    u_char *data, u_int dlen)
 {
+        int r;
        if (privkey) {
                if (PRIVSEP(key_sign(privkey, signature, slen, data, dlen) < 0))
                        fatal("%s: key_sign failed", __func__);
@@ -2432,9 +2445,15 @@ sshd_hostkey_sign(Key *privkey, Key *pubkey, u_char **signature, u_int *slen,
                if (mm_key_sign(pubkey, signature, slen, data, dlen) < 0)
                        fatal("%s: pubkey_sign failed", __func__);
        } else {
-                if (ssh_agent_sign(auth_conn, pubkey, signature, slen, data,
+                size_t xxx_slen;
-                    dlen))
-                        fatal("%s: ssh_agent_sign failed", __func__);
+                if ((r = ssh_agent_sign(auth_sock, pubkey, signature, &xxx_slen,
+                    data, dlen, datafellows)) != 0)
+                        fatal("%s: ssh_agent_sign failed: %s",
+                            __func__, ssh_err(r));
+                /* XXX: Old API is u_int; new size_t */
+                if (slen != NULL)
+                        *slen = xxx_slen;
        }
 }
author	djm@openbsd.org <djm@openbsd.org>	2015-01-14 20:05:27 +0000
committer	Damien Miller <djm@mindrot.org>	2015-01-15 21:37:34 +1100
commit	141efe49542f7156cdbc2e4cd0a041d8b1aab622 (patch)
tree	a9142350f2b8689f4d42548ca272ed577b32a881 /sshd.c
parent	0088c57af302cda278bd26d8c3ae81d5b6f7c289 (diff)

diff --git a/sshd.c b/sshd.c index 202e1706f..4f97da820 100644 --- a/sshd.c +++ b/sshd.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: sshd.c,v 1.431 2015/01/07 18:15:07 tedu Exp $ */	1	/* $OpenBSD: sshd.c,v 1.432 2015/01/14 20:05:27 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -123,6 +123,7 @@
123	#include "roaming.h"	123	#include "roaming.h"
124	#include "ssh-sandbox.h"	124	#include "ssh-sandbox.h"
125	#include "version.h"	125	#include "version.h"
		126	#include "ssherr.h"
126		127
127	#ifndef O_NOCTTY	128	#ifndef O_NOCTTY
128	#define O_NOCTTY 0	129	#define O_NOCTTY 0
@@ -191,7 +192,7 @@ char *server_version_string = NULL;
191	Kex *xxx_kex;	192	Kex *xxx_kex;
192		193
193	/* Daemon's agent connection */	194	/* Daemon's agent connection */
194	AuthenticationConnection *auth_conn = NULL;	195	int auth_sock = -1;
195	int have_agent = 0;	196	int have_agent = 0;
196		197
197	/*	198	/*
@@ -655,7 +656,7 @@ privsep_preauth_child(void)
655	static int	656	static int
656	privsep_preauth(Authctxt *authctxt)	657	privsep_preauth(Authctxt *authctxt)
657	{	658	{
658	int status;	659	int status, r;
659	pid_t pid;	660	pid_t pid;
660	struct ssh_sandbox *box = NULL;	661	struct ssh_sandbox *box = NULL;
661		662
@@ -673,8 +674,14 @@ privsep_preauth(Authctxt *authctxt)
673	debug2("Network child is on pid %ld", (long)pid);	674	debug2("Network child is on pid %ld", (long)pid);
674		675
675	pmonitor->m_pid = pid;	676	pmonitor->m_pid = pid;
676	if (have_agent)	677	if (have_agent) {
677	auth_conn = ssh_get_authentication_connection();	678	r = ssh_get_authentication_socket(&auth_sock);
		679	if (r != 0) {
		680	error("Could not get agent socket: %s",
		681	ssh_err(r));
		682	have_agent = 0;
		683	}
		684	}
678	if (box != NULL)	685	if (box != NULL)
679	ssh_sandbox_parent_preauth(box, pid);	686	ssh_sandbox_parent_preauth(box, pid);
680	monitor_child_preauth(authctxt, pmonitor);	687	monitor_child_preauth(authctxt, pmonitor);
@@ -1397,7 +1404,7 @@ main(int ac, char **av)
1397	{	1404	{
1398	extern char *optarg;	1405	extern char *optarg;
1399	extern int optind;	1406	extern int optind;
1400	int opt, i, j, on = 1;	1407	int r, opt, i, j, on = 1;
1401	int sock_in = -1, sock_out = -1, newsock = -1;	1408	int sock_in = -1, sock_out = -1, newsock = -1;
1402	const char *remote_ip;	1409	const char *remote_ip;
1403	int remote_port;	1410	int remote_port;
@@ -1706,7 +1713,7 @@ main(int ac, char **av)
1706	if (strcmp(options.host_key_agent, SSH_AUTHSOCKET_ENV_NAME))	1713	if (strcmp(options.host_key_agent, SSH_AUTHSOCKET_ENV_NAME))
1707	setenv(SSH_AUTHSOCKET_ENV_NAME,	1714	setenv(SSH_AUTHSOCKET_ENV_NAME,
1708	options.host_key_agent, 1);	1715	options.host_key_agent, 1);
1709	have_agent = ssh_agent_present();	1716	have_agent = ssh_get_authentication_socket(NULL);
1710	}	1717	}
1711		1718
1712	for (i = 0; i < options.num_host_key_files; i++) {	1719	for (i = 0; i < options.num_host_key_files; i++) {
@@ -2103,8 +2110,12 @@ main(int ac, char **av)
2103	if (use_privsep) {	2110	if (use_privsep) {
2104	if (privsep_preauth(authctxt) == 1)	2111	if (privsep_preauth(authctxt) == 1)
2105	goto authenticated;	2112	goto authenticated;
2106	} else if (compat20 && have_agent)	2113	} else if (compat20 && have_agent) {
2107	auth_conn = ssh_get_authentication_connection();	2114	if ((r = ssh_get_authentication_socket(&auth_sock)) != 0) {
		2115	error("Unable to get agent socket: %s", ssh_err(r));
		2116	have_agent = -1;
		2117	}
		2118	}
2108		2119
2109	/* perform the key exchange */	2120	/* perform the key exchange */
2110	/* authenticate user and start session */	2121	/* authenticate user and start session */
@@ -2425,6 +2436,8 @@ void
2425	sshd_hostkey_sign(Key privkey, Key pubkey, u_char *signature, u_int slen,	2436	sshd_hostkey_sign(Key privkey, Key pubkey, u_char *signature, u_int slen,
2426	u_char *data, u_int dlen)	2437	u_char *data, u_int dlen)
2427	{	2438	{
		2439	int r;
		2440
2428	if (privkey) {	2441	if (privkey) {
2429	if (PRIVSEP(key_sign(privkey, signature, slen, data, dlen) < 0))	2442	if (PRIVSEP(key_sign(privkey, signature, slen, data, dlen) < 0))
2430	fatal("%s: key_sign failed", __func__);	2443	fatal("%s: key_sign failed", __func__);
@@ -2432,9 +2445,15 @@ sshd_hostkey_sign(Key privkey, Key pubkey, u_char *signature, u_int slen,
2432	if (mm_key_sign(pubkey, signature, slen, data, dlen) < 0)	2445	if (mm_key_sign(pubkey, signature, slen, data, dlen) < 0)
2433	fatal("%s: pubkey_sign failed", __func__);	2446	fatal("%s: pubkey_sign failed", __func__);
2434	} else {	2447	} else {
2435	if (ssh_agent_sign(auth_conn, pubkey, signature, slen, data,	2448	size_t xxx_slen;
2436	dlen))	2449
2437	fatal("%s: ssh_agent_sign failed", __func__);	2450	if ((r = ssh_agent_sign(auth_sock, pubkey, signature, &xxx_slen,
		2451	data, dlen, datafellows)) != 0)
		2452	fatal("%s: ssh_agent_sign failed: %s",
		2453	__func__, ssh_err(r));
		2454	/* XXX: Old API is u_int; new size_t */
		2455	if (slen != NULL)
		2456	*slen = xxx_slen;
2438	}	2457	}
2439	}	2458	}
2440		2459