diff options
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | ssh-agent.c | 97 |
2 files changed, 60 insertions, 43 deletions
| @@ -106,6 +106,10 @@ | |||
| 106 | [ssh-agent.1 ssh-agent.c] | 106 | [ssh-agent.1 ssh-agent.c] |
| 107 | '-a bind_address' binds the agent to user-specified unix-domain | 107 | '-a bind_address' binds the agent to user-specified unix-domain |
| 108 | socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago). | 108 | socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago). |
| 109 | - markus@cvs.openbsd.org 2002/06/05 16:48:54 | ||
| 110 | [ssh-agent.c] | ||
| 111 | copy current request into an extra buffer and just flush this | ||
| 112 | request on errors, ok provos@ | ||
| 109 | 113 | ||
| 110 | 20020604 | 114 | 20020604 |
| 111 | - (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed | 115 | - (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed |
| @@ -790,4 +794,4 @@ | |||
| 790 | - (stevesk) entropy.c: typo in debug message | 794 | - (stevesk) entropy.c: typo in debug message |
| 791 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ | 795 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ |
| 792 | 796 | ||
| 793 | $Id: ChangeLog,v 1.2172 2002/06/06 21:46:57 mouring Exp $ | 797 | $Id: ChangeLog,v 1.2173 2002/06/06 21:48:57 mouring Exp $ |
diff --git a/ssh-agent.c b/ssh-agent.c index d3321478b..13a88afd9 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
| @@ -35,7 +35,7 @@ | |||
| 35 | 35 | ||
| 36 | #include "includes.h" | 36 | #include "includes.h" |
| 37 | #include "openbsd-compat/fake-queue.h" | 37 | #include "openbsd-compat/fake-queue.h" |
| 38 | RCSID("$OpenBSD: ssh-agent.c,v 1.86 2002/06/05 16:08:07 markus Exp $"); | 38 | RCSID("$OpenBSD: ssh-agent.c,v 1.87 2002/06/05 16:48:54 markus Exp $"); |
| 39 | 39 | ||
| 40 | #include <openssl/evp.h> | 40 | #include <openssl/evp.h> |
| 41 | #include <openssl/md5.h> | 41 | #include <openssl/md5.h> |
| @@ -66,6 +66,7 @@ typedef struct { | |||
| 66 | sock_type type; | 66 | sock_type type; |
| 67 | Buffer input; | 67 | Buffer input; |
| 68 | Buffer output; | 68 | Buffer output; |
| 69 | Buffer request; | ||
| 69 | } SocketEntry; | 70 | } SocketEntry; |
| 70 | 71 | ||
| 71 | u_int sockets_alloc = 0; | 72 | u_int sockets_alloc = 0; |
| @@ -190,16 +191,16 @@ process_authentication_challenge1(SocketEntry *e) | |||
| 190 | if ((challenge = BN_new()) == NULL) | 191 | if ((challenge = BN_new()) == NULL) |
| 191 | fatal("process_authentication_challenge1: BN_new failed"); | 192 | fatal("process_authentication_challenge1: BN_new failed"); |
| 192 | 193 | ||
| 193 | buffer_get_int(&e->input); /* ignored */ | 194 | buffer_get_int(&e->request); /* ignored */ |
| 194 | buffer_get_bignum(&e->input, key->rsa->e); | 195 | buffer_get_bignum(&e->request, key->rsa->e); |
| 195 | buffer_get_bignum(&e->input, key->rsa->n); | 196 | buffer_get_bignum(&e->request, key->rsa->n); |
| 196 | buffer_get_bignum(&e->input, challenge); | 197 | buffer_get_bignum(&e->request, challenge); |
| 197 | 198 | ||
| 198 | /* Only protocol 1.1 is supported */ | 199 | /* Only protocol 1.1 is supported */ |
| 199 | if (buffer_len(&e->input) == 0) | 200 | if (buffer_len(&e->request) == 0) |
| 200 | goto failure; | 201 | goto failure; |
| 201 | buffer_get(&e->input, session_id, 16); | 202 | buffer_get(&e->request, session_id, 16); |
| 202 | response_type = buffer_get_int(&e->input); | 203 | response_type = buffer_get_int(&e->request); |
| 203 | if (response_type != 1) | 204 | if (response_type != 1) |
| 204 | goto failure; | 205 | goto failure; |
| 205 | 206 | ||
| @@ -255,10 +256,10 @@ process_sign_request2(SocketEntry *e) | |||
| 255 | 256 | ||
| 256 | datafellows = 0; | 257 | datafellows = 0; |
| 257 | 258 | ||
| 258 | blob = buffer_get_string(&e->input, &blen); | 259 | blob = buffer_get_string(&e->request, &blen); |
| 259 | data = buffer_get_string(&e->input, &dlen); | 260 | data = buffer_get_string(&e->request, &dlen); |
| 260 | 261 | ||
| 261 | flags = buffer_get_int(&e->input); | 262 | flags = buffer_get_int(&e->request); |
| 262 | if (flags & SSH_AGENT_OLD_SIGNATURE) | 263 | if (flags & SSH_AGENT_OLD_SIGNATURE) |
| 263 | datafellows = SSH_BUG_SIGBLOB; | 264 | datafellows = SSH_BUG_SIGBLOB; |
| 264 | 265 | ||
| @@ -299,16 +300,16 @@ process_remove_identity(SocketEntry *e, int version) | |||
| 299 | switch (version) { | 300 | switch (version) { |
| 300 | case 1: | 301 | case 1: |
| 301 | key = key_new(KEY_RSA1); | 302 | key = key_new(KEY_RSA1); |
| 302 | bits = buffer_get_int(&e->input); | 303 | bits = buffer_get_int(&e->request); |
| 303 | buffer_get_bignum(&e->input, key->rsa->e); | 304 | buffer_get_bignum(&e->request, key->rsa->e); |
| 304 | buffer_get_bignum(&e->input, key->rsa->n); | 305 | buffer_get_bignum(&e->request, key->rsa->n); |
| 305 | 306 | ||
| 306 | if (bits != key_size(key)) | 307 | if (bits != key_size(key)) |
| 307 | log("Warning: identity keysize mismatch: actual %d, announced %d", | 308 | log("Warning: identity keysize mismatch: actual %d, announced %d", |
| 308 | key_size(key), bits); | 309 | key_size(key), bits); |
| 309 | break; | 310 | break; |
| 310 | case 2: | 311 | case 2: |
| 311 | blob = buffer_get_string(&e->input, &blen); | 312 | blob = buffer_get_string(&e->request, &blen); |
| 312 | key = key_from_blob(blob, blen); | 313 | key = key_from_blob(blob, blen); |
| 313 | xfree(blob); | 314 | xfree(blob); |
| 314 | break; | 315 | break; |
| @@ -374,51 +375,51 @@ process_add_identity(SocketEntry *e, int version) | |||
| 374 | switch (version) { | 375 | switch (version) { |
| 375 | case 1: | 376 | case 1: |
| 376 | k = key_new_private(KEY_RSA1); | 377 | k = key_new_private(KEY_RSA1); |
| 377 | buffer_get_int(&e->input); /* ignored */ | 378 | buffer_get_int(&e->request); /* ignored */ |
| 378 | buffer_get_bignum(&e->input, k->rsa->n); | 379 | buffer_get_bignum(&e->request, k->rsa->n); |
| 379 | buffer_get_bignum(&e->input, k->rsa->e); | 380 | buffer_get_bignum(&e->request, k->rsa->e); |
| 380 | buffer_get_bignum(&e->input, k->rsa->d); | 381 | buffer_get_bignum(&e->request, k->rsa->d); |
| 381 | buffer_get_bignum(&e->input, k->rsa->iqmp); | 382 | buffer_get_bignum(&e->request, k->rsa->iqmp); |
| 382 | 383 | ||
| 383 | /* SSH and SSL have p and q swapped */ | 384 | /* SSH and SSL have p and q swapped */ |
| 384 | buffer_get_bignum(&e->input, k->rsa->q); /* p */ | 385 | buffer_get_bignum(&e->request, k->rsa->q); /* p */ |
| 385 | buffer_get_bignum(&e->input, k->rsa->p); /* q */ | 386 | buffer_get_bignum(&e->request, k->rsa->p); /* q */ |
| 386 | 387 | ||
| 387 | /* Generate additional parameters */ | 388 | /* Generate additional parameters */ |
| 388 | rsa_generate_additional_parameters(k->rsa); | 389 | rsa_generate_additional_parameters(k->rsa); |
| 389 | break; | 390 | break; |
| 390 | case 2: | 391 | case 2: |
| 391 | type_name = buffer_get_string(&e->input, NULL); | 392 | type_name = buffer_get_string(&e->request, NULL); |
| 392 | type = key_type_from_name(type_name); | 393 | type = key_type_from_name(type_name); |
| 393 | xfree(type_name); | 394 | xfree(type_name); |
| 394 | switch (type) { | 395 | switch (type) { |
| 395 | case KEY_DSA: | 396 | case KEY_DSA: |
| 396 | k = key_new_private(type); | 397 | k = key_new_private(type); |
| 397 | buffer_get_bignum2(&e->input, k->dsa->p); | 398 | buffer_get_bignum2(&e->request, k->dsa->p); |
| 398 | buffer_get_bignum2(&e->input, k->dsa->q); | 399 | buffer_get_bignum2(&e->request, k->dsa->q); |
| 399 | buffer_get_bignum2(&e->input, k->dsa->g); | 400 | buffer_get_bignum2(&e->request, k->dsa->g); |
| 400 | buffer_get_bignum2(&e->input, k->dsa->pub_key); | 401 | buffer_get_bignum2(&e->request, k->dsa->pub_key); |
| 401 | buffer_get_bignum2(&e->input, k->dsa->priv_key); | 402 | buffer_get_bignum2(&e->request, k->dsa->priv_key); |
| 402 | break; | 403 | break; |
| 403 | case KEY_RSA: | 404 | case KEY_RSA: |
| 404 | k = key_new_private(type); | 405 | k = key_new_private(type); |
| 405 | buffer_get_bignum2(&e->input, k->rsa->n); | 406 | buffer_get_bignum2(&e->request, k->rsa->n); |
| 406 | buffer_get_bignum2(&e->input, k->rsa->e); | 407 | buffer_get_bignum2(&e->request, k->rsa->e); |
| 407 | buffer_get_bignum2(&e->input, k->rsa->d); | 408 | buffer_get_bignum2(&e->request, k->rsa->d); |
| 408 | buffer_get_bignum2(&e->input, k->rsa->iqmp); | 409 | buffer_get_bignum2(&e->request, k->rsa->iqmp); |
| 409 | buffer_get_bignum2(&e->input, k->rsa->p); | 410 | buffer_get_bignum2(&e->request, k->rsa->p); |
| 410 | buffer_get_bignum2(&e->input, k->rsa->q); | 411 | buffer_get_bignum2(&e->request, k->rsa->q); |
| 411 | 412 | ||
| 412 | /* Generate additional parameters */ | 413 | /* Generate additional parameters */ |
| 413 | rsa_generate_additional_parameters(k->rsa); | 414 | rsa_generate_additional_parameters(k->rsa); |
| 414 | break; | 415 | break; |
| 415 | default: | 416 | default: |
| 416 | buffer_clear(&e->input); | 417 | buffer_clear(&e->request); |
| 417 | goto send; | 418 | goto send; |
| 418 | } | 419 | } |
| 419 | break; | 420 | break; |
| 420 | } | 421 | } |
| 421 | comment = buffer_get_string(&e->input, NULL); | 422 | comment = buffer_get_string(&e->request, NULL); |
| 422 | if (k == NULL) { | 423 | if (k == NULL) { |
| 423 | xfree(comment); | 424 | xfree(comment); |
| 424 | goto send; | 425 | goto send; |
| @@ -452,8 +453,8 @@ process_add_smartcard_key (SocketEntry *e) | |||
| 452 | char *sc_reader_id = NULL, *pin; | 453 | char *sc_reader_id = NULL, *pin; |
| 453 | int i, version, success = 0; | 454 | int i, version, success = 0; |
| 454 | 455 | ||
| 455 | sc_reader_id = buffer_get_string(&e->input, NULL); | 456 | sc_reader_id = buffer_get_string(&e->request, NULL); |
| 456 | pin = buffer_get_string(&e->input, NULL); | 457 | pin = buffer_get_string(&e->request, NULL); |
| 457 | keys = sc_get_keys(sc_reader_id, pin); | 458 | keys = sc_get_keys(sc_reader_id, pin); |
| 458 | xfree(sc_reader_id); | 459 | xfree(sc_reader_id); |
| 459 | xfree(pin); | 460 | xfree(pin); |
| @@ -494,8 +495,8 @@ process_remove_smartcard_key(SocketEntry *e) | |||
| 494 | char *sc_reader_id = NULL, *pin; | 495 | char *sc_reader_id = NULL, *pin; |
| 495 | int i, version, success = 0; | 496 | int i, version, success = 0; |
| 496 | 497 | ||
| 497 | sc_reader_id = buffer_get_string(&e->input, NULL); | 498 | sc_reader_id = buffer_get_string(&e->request, NULL); |
| 498 | pin = buffer_get_string(&e->input, NULL); | 499 | pin = buffer_get_string(&e->request, NULL); |
| 499 | keys = sc_get_keys(sc_reader_id, pin); | 500 | keys = sc_get_keys(sc_reader_id, pin); |
| 500 | xfree(sc_reader_id); | 501 | xfree(sc_reader_id); |
| 501 | xfree(pin); | 502 | xfree(pin); |
| @@ -541,12 +542,20 @@ process_message(SocketEntry *e) | |||
| 541 | shutdown(e->fd, SHUT_RDWR); | 542 | shutdown(e->fd, SHUT_RDWR); |
| 542 | close(e->fd); | 543 | close(e->fd); |
| 543 | e->type = AUTH_UNUSED; | 544 | e->type = AUTH_UNUSED; |
| 545 | buffer_free(&e->input); | ||
| 546 | buffer_free(&e->output); | ||
| 547 | buffer_free(&e->request); | ||
| 544 | return; | 548 | return; |
| 545 | } | 549 | } |
| 546 | if (buffer_len(&e->input) < msg_len + 4) | 550 | if (buffer_len(&e->input) < msg_len + 4) |
| 547 | return; | 551 | return; |
| 552 | |||
| 553 | /* move the current input to e->request */ | ||
| 548 | buffer_consume(&e->input, 4); | 554 | buffer_consume(&e->input, 4); |
| 549 | type = buffer_get_char(&e->input); | 555 | buffer_clear(&e->request); |
| 556 | buffer_append(&e->request, buffer_ptr(&e->input), msg_len); | ||
| 557 | buffer_consume(&e->input, msg_len); | ||
| 558 | type = buffer_get_char(&e->request); | ||
| 550 | 559 | ||
| 551 | debug("type %d", type); | 560 | debug("type %d", type); |
| 552 | switch (type) { | 561 | switch (type) { |
| @@ -593,7 +602,7 @@ process_message(SocketEntry *e) | |||
| 593 | default: | 602 | default: |
| 594 | /* Unknown message. Respond with failure. */ | 603 | /* Unknown message. Respond with failure. */ |
| 595 | error("Unknown message %d", type); | 604 | error("Unknown message %d", type); |
| 596 | buffer_clear(&e->input); | 605 | buffer_clear(&e->request); |
| 597 | buffer_put_int(&e->output, 1); | 606 | buffer_put_int(&e->output, 1); |
| 598 | buffer_put_char(&e->output, SSH_AGENT_FAILURE); | 607 | buffer_put_char(&e->output, SSH_AGENT_FAILURE); |
| 599 | break; | 608 | break; |
| @@ -616,6 +625,7 @@ new_socket(sock_type type, int fd) | |||
| 616 | sockets[i].type = type; | 625 | sockets[i].type = type; |
| 617 | buffer_init(&sockets[i].input); | 626 | buffer_init(&sockets[i].input); |
| 618 | buffer_init(&sockets[i].output); | 627 | buffer_init(&sockets[i].output); |
| 628 | buffer_init(&sockets[i].request); | ||
| 619 | return; | 629 | return; |
| 620 | } | 630 | } |
| 621 | old_alloc = sockets_alloc; | 631 | old_alloc = sockets_alloc; |
| @@ -630,6 +640,7 @@ new_socket(sock_type type, int fd) | |||
| 630 | sockets[old_alloc].fd = fd; | 640 | sockets[old_alloc].fd = fd; |
| 631 | buffer_init(&sockets[old_alloc].input); | 641 | buffer_init(&sockets[old_alloc].input); |
| 632 | buffer_init(&sockets[old_alloc].output); | 642 | buffer_init(&sockets[old_alloc].output); |
| 643 | buffer_init(&sockets[old_alloc].request); | ||
| 633 | } | 644 | } |
| 634 | 645 | ||
| 635 | static int | 646 | static int |
| @@ -727,6 +738,7 @@ after_select(fd_set *readset, fd_set *writeset) | |||
| 727 | sockets[i].type = AUTH_UNUSED; | 738 | sockets[i].type = AUTH_UNUSED; |
| 728 | buffer_free(&sockets[i].input); | 739 | buffer_free(&sockets[i].input); |
| 729 | buffer_free(&sockets[i].output); | 740 | buffer_free(&sockets[i].output); |
| 741 | buffer_free(&sockets[i].request); | ||
| 730 | break; | 742 | break; |
| 731 | } | 743 | } |
| 732 | buffer_consume(&sockets[i].output, len); | 744 | buffer_consume(&sockets[i].output, len); |
| @@ -745,6 +757,7 @@ after_select(fd_set *readset, fd_set *writeset) | |||
| 745 | sockets[i].type = AUTH_UNUSED; | 757 | sockets[i].type = AUTH_UNUSED; |
| 746 | buffer_free(&sockets[i].input); | 758 | buffer_free(&sockets[i].input); |
| 747 | buffer_free(&sockets[i].output); | 759 | buffer_free(&sockets[i].output); |
| 760 | buffer_free(&sockets[i].request); | ||
| 748 | break; | 761 | break; |
| 749 | } | 762 | } |
| 750 | buffer_append(&sockets[i].input, buf, len); | 763 | buffer_append(&sockets[i].input, buf, len); |