diff options
-rw-r--r-- | ChangeLog | 20 | ||||
-rw-r--r-- | authfd.c | 73 | ||||
-rw-r--r-- | authfd.h | 14 | ||||
-rw-r--r-- | channels.c | 8 | ||||
-rw-r--r-- | clientloop.c | 4 | ||||
-rw-r--r-- | dsa.c | 14 | ||||
-rw-r--r-- | ssh-add.c | 18 | ||||
-rw-r--r-- | ssh-agent.c | 9 | ||||
-rw-r--r-- | ssh.c | 4 | ||||
-rw-r--r-- | sshconnect1.c | 4 | ||||
-rw-r--r-- | sshconnect2.c | 73 | ||||
-rw-r--r-- | sshd.c | 3 |
12 files changed, 165 insertions, 79 deletions
@@ -1,8 +1,24 @@ | |||
1 | 20000721 | ||
2 | - (djm) OpenBSD CVS updates: | ||
3 | - markus@cvs.openbsd.org 2000/07/16 02:27:22 | ||
4 | [authfd.c authfd.h channels.c clientloop.c ssh-add.c ssh-agent.c ssh.c] | ||
5 | [sshconnect1.c sshconnect2.c] | ||
6 | make ssh-add accept dsa keys (the agent does not) | ||
7 | - djm@cvs.openbsd.org 2000/07/17 19:25:02 | ||
8 | [sshd.c] | ||
9 | Another closing of stdin; ok deraadt | ||
10 | - markus@cvs.openbsd.org 2000/07/19 18:33:12 | ||
11 | [dsa.c] | ||
12 | missing free, reorder | ||
13 | - markus@cvs.openbsd.org 2000/07/20 16:23:14 | ||
14 | [ssh-keygen.1] | ||
15 | document input and output files | ||
16 | |||
1 | 20000720 | 17 | 20000720 |
2 | - Spec file fix from Petr Novotny <Petr.Novotny@antek.cz> | 18 | - (djm) Spec file fix from Petr Novotny <Petr.Novotny@antek.cz> |
3 | 19 | ||
4 | 20000716 | 20 | 20000716 |
5 | - Release 2.1.1p4 | 21 | - (djm) Release 2.1.1p4 |
6 | 22 | ||
7 | 20000715 | 23 | 20000715 |
8 | - (djm) OpenBSD CVS updates | 24 | - (djm) OpenBSD CVS updates |
@@ -14,17 +14,21 @@ | |||
14 | */ | 14 | */ |
15 | 15 | ||
16 | #include "includes.h" | 16 | #include "includes.h" |
17 | RCSID("$OpenBSD: authfd.c,v 1.21 2000/06/26 09:22:29 markus Exp $"); | 17 | RCSID("$OpenBSD: authfd.c,v 1.22 2000/07/16 08:27:20 markus Exp $"); |
18 | 18 | ||
19 | #include "ssh.h" | 19 | #include "ssh.h" |
20 | #include "rsa.h" | 20 | #include "rsa.h" |
21 | #include "authfd.h" | ||
22 | #include "buffer.h" | 21 | #include "buffer.h" |
23 | #include "bufaux.h" | 22 | #include "bufaux.h" |
24 | #include "xmalloc.h" | 23 | #include "xmalloc.h" |
25 | #include "getput.h" | 24 | #include "getput.h" |
26 | 25 | ||
27 | #include <openssl/rsa.h> | 26 | #include <openssl/rsa.h> |
27 | #include <openssl/dsa.h> | ||
28 | #include <openssl/evp.h> | ||
29 | #include "key.h" | ||
30 | #include "authfd.h" | ||
31 | #include "kex.h" | ||
28 | 32 | ||
29 | /* helper */ | 33 | /* helper */ |
30 | int ssh_agent_get_reply(AuthenticationConnection *auth); | 34 | int ssh_agent_get_reply(AuthenticationConnection *auth); |
@@ -138,10 +142,7 @@ ssh_get_first_identity(AuthenticationConnection *auth, | |||
138 | * Send a message to the agent requesting for a list of the | 142 | * Send a message to the agent requesting for a list of the |
139 | * identities it can represent. | 143 | * identities it can represent. |
140 | */ | 144 | */ |
141 | msg[0] = 0; | 145 | PUT_32BIT(msg, 1); |
142 | msg[1] = 0; | ||
143 | msg[2] = 0; | ||
144 | msg[3] = 1; | ||
145 | msg[4] = SSH_AGENTC_REQUEST_RSA_IDENTITIES; | 146 | msg[4] = SSH_AGENTC_REQUEST_RSA_IDENTITIES; |
146 | if (atomicio(write, auth->fd, msg, 5) != 5) { | 147 | if (atomicio(write, auth->fd, msg, 5) != 5) { |
147 | error("write auth->fd: %.100s", strerror(errno)); | 148 | error("write auth->fd: %.100s", strerror(errno)); |
@@ -336,31 +337,64 @@ error_cleanup: | |||
336 | return 1; | 337 | return 1; |
337 | } | 338 | } |
338 | 339 | ||
340 | /* Encode key for a message to the agent. */ | ||
341 | |||
342 | void | ||
343 | ssh_encode_identity_rsa(Buffer *b, RSA *key, const char *comment) | ||
344 | { | ||
345 | buffer_clear(b); | ||
346 | buffer_put_char(b, SSH_AGENTC_ADD_RSA_IDENTITY); | ||
347 | buffer_put_int(b, BN_num_bits(key->n)); | ||
348 | buffer_put_bignum(b, key->n); | ||
349 | buffer_put_bignum(b, key->e); | ||
350 | buffer_put_bignum(b, key->d); | ||
351 | /* To keep within the protocol: p < q for ssh. in SSL p > q */ | ||
352 | buffer_put_bignum(b, key->iqmp); /* ssh key->u */ | ||
353 | buffer_put_bignum(b, key->q); /* ssh key->p, SSL key->q */ | ||
354 | buffer_put_bignum(b, key->p); /* ssh key->q, SSL key->p */ | ||
355 | buffer_put_string(b, comment, strlen(comment)); | ||
356 | } | ||
357 | |||
358 | void | ||
359 | ssh_encode_identity_dsa(Buffer *b, DSA *key, const char *comment) | ||
360 | { | ||
361 | buffer_clear(b); | ||
362 | buffer_put_char(b, SSH2_AGENTC_ADD_IDENTITY); | ||
363 | buffer_put_cstring(b, KEX_DSS); | ||
364 | buffer_put_bignum2(b, key->p); | ||
365 | buffer_put_bignum2(b, key->q); | ||
366 | buffer_put_bignum2(b, key->g); | ||
367 | buffer_put_bignum2(b, key->pub_key); | ||
368 | buffer_put_bignum2(b, key->priv_key); | ||
369 | buffer_put_string(b, comment, strlen(comment)); | ||
370 | } | ||
371 | |||
339 | /* | 372 | /* |
340 | * Adds an identity to the authentication server. This call is not meant to | 373 | * Adds an identity to the authentication server. This call is not meant to |
341 | * be used by normal applications. | 374 | * be used by normal applications. |
342 | */ | 375 | */ |
343 | 376 | ||
344 | int | 377 | int |
345 | ssh_add_identity(AuthenticationConnection *auth, | 378 | ssh_add_identity(AuthenticationConnection *auth, Key *key, const char *comment) |
346 | RSA * key, const char *comment) | ||
347 | { | 379 | { |
348 | Buffer buffer; | 380 | Buffer buffer; |
349 | unsigned char buf[8192]; | 381 | unsigned char buf[8192]; |
350 | int len; | 382 | int len; |
351 | 383 | ||
352 | /* Format a message to the agent. */ | ||
353 | buffer_init(&buffer); | 384 | buffer_init(&buffer); |
354 | buffer_put_char(&buffer, SSH_AGENTC_ADD_RSA_IDENTITY); | 385 | |
355 | buffer_put_int(&buffer, BN_num_bits(key->n)); | 386 | switch (key->type) { |
356 | buffer_put_bignum(&buffer, key->n); | 387 | case KEY_RSA: |
357 | buffer_put_bignum(&buffer, key->e); | 388 | ssh_encode_identity_rsa(&buffer, key->rsa, comment); |
358 | buffer_put_bignum(&buffer, key->d); | 389 | break; |
359 | /* To keep within the protocol: p < q for ssh. in SSL p > q */ | 390 | case KEY_DSA: |
360 | buffer_put_bignum(&buffer, key->iqmp); /* ssh key->u */ | 391 | ssh_encode_identity_dsa(&buffer, key->dsa, comment); |
361 | buffer_put_bignum(&buffer, key->q); /* ssh key->p, SSL key->q */ | 392 | break; |
362 | buffer_put_bignum(&buffer, key->p); /* ssh key->q, SSL key->p */ | 393 | default: |
363 | buffer_put_string(&buffer, comment, strlen(comment)); | 394 | buffer_free(&buffer); |
395 | return 0; | ||
396 | break; | ||
397 | } | ||
364 | 398 | ||
365 | /* Get the length of the message, and format it in the buffer. */ | 399 | /* Get the length of the message, and format it in the buffer. */ |
366 | len = buffer_len(&buffer); | 400 | len = buffer_len(&buffer); |
@@ -487,6 +521,7 @@ ssh_agent_get_reply(AuthenticationConnection *auth) | |||
487 | buffer_free(&buffer); | 521 | buffer_free(&buffer); |
488 | switch (type) { | 522 | switch (type) { |
489 | case SSH_AGENT_FAILURE: | 523 | case SSH_AGENT_FAILURE: |
524 | log("SSH_AGENT_FAILURE"); | ||
490 | return 0; | 525 | return 0; |
491 | case SSH_AGENT_SUCCESS: | 526 | case SSH_AGENT_SUCCESS: |
492 | return 1; | 527 | return 1; |
@@ -13,7 +13,7 @@ | |||
13 | * | 13 | * |
14 | */ | 14 | */ |
15 | 15 | ||
16 | /* RCSID("$OpenBSD: authfd.h,v 1.8 2000/06/20 01:39:38 markus Exp $"); */ | 16 | /* RCSID("$OpenBSD: authfd.h,v 1.9 2000/07/16 08:27:21 markus Exp $"); */ |
17 | 17 | ||
18 | #ifndef AUTHFD_H | 18 | #ifndef AUTHFD_H |
19 | #define AUTHFD_H | 19 | #define AUTHFD_H |
@@ -31,6 +31,16 @@ | |||
31 | #define SSH_AGENTC_REMOVE_RSA_IDENTITY 8 | 31 | #define SSH_AGENTC_REMOVE_RSA_IDENTITY 8 |
32 | #define SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES 9 | 32 | #define SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES 9 |
33 | 33 | ||
34 | #define SSH2_AGENTC_REQUEST_IDENTITIES 11 | ||
35 | #define SSH2_AGENT_IDENTITIES_ANSWER 12 | ||
36 | #define SSH2_AGENTC_SIGN_REQUEST 13 | ||
37 | #define SSH2_AGENT_SIGN_RESPONSE 14 | ||
38 | #define SSH2_AGENT_FAILURE SSH_AGENT_FAILURE | ||
39 | #define SSH2_AGENT_SUCCESS SSH_AGENT_SUCCESS | ||
40 | #define SSH2_AGENTC_ADD_IDENTITY 17 | ||
41 | #define SSH2_AGENTC_REMOVE_IDENTITY 18 | ||
42 | #define SSH2_AGENTC_REMOVE_ALL_IDENTITIES 19 | ||
43 | |||
34 | typedef struct { | 44 | typedef struct { |
35 | int fd; | 45 | int fd; |
36 | Buffer packet; | 46 | Buffer packet; |
@@ -96,7 +106,7 @@ ssh_decrypt_challenge(AuthenticationConnection * auth, | |||
96 | * successfully added. | 106 | * successfully added. |
97 | */ | 107 | */ |
98 | int | 108 | int |
99 | ssh_add_identity(AuthenticationConnection * connection, RSA * key, | 109 | ssh_add_identity(AuthenticationConnection * connection, Key *key, |
100 | const char *comment); | 110 | const char *comment); |
101 | 111 | ||
102 | /* | 112 | /* |
diff --git a/channels.c b/channels.c index 3710b2fd4..ea395293a 100644 --- a/channels.c +++ b/channels.c | |||
@@ -17,13 +17,12 @@ | |||
17 | */ | 17 | */ |
18 | 18 | ||
19 | #include "includes.h" | 19 | #include "includes.h" |
20 | RCSID("$OpenBSD: channels.c,v 1.63 2000/06/25 20:17:57 provos Exp $"); | 20 | RCSID("$OpenBSD: channels.c,v 1.64 2000/07/16 08:27:21 markus Exp $"); |
21 | 21 | ||
22 | #include "ssh.h" | 22 | #include "ssh.h" |
23 | #include "packet.h" | 23 | #include "packet.h" |
24 | #include "xmalloc.h" | 24 | #include "xmalloc.h" |
25 | #include "buffer.h" | 25 | #include "buffer.h" |
26 | #include "authfd.h" | ||
27 | #include "uidswap.h" | 26 | #include "uidswap.h" |
28 | #include "readconf.h" | 27 | #include "readconf.h" |
29 | #include "servconf.h" | 28 | #include "servconf.h" |
@@ -34,6 +33,11 @@ RCSID("$OpenBSD: channels.c,v 1.63 2000/06/25 20:17:57 provos Exp $"); | |||
34 | 33 | ||
35 | #include "ssh2.h" | 34 | #include "ssh2.h" |
36 | 35 | ||
36 | #include <openssl/rsa.h> | ||
37 | #include <openssl/dsa.h> | ||
38 | #include "key.h" | ||
39 | #include "authfd.h" | ||
40 | |||
37 | /* Maximum number of fake X11 displays to try. */ | 41 | /* Maximum number of fake X11 displays to try. */ |
38 | #define MAX_DISPLAYS 1000 | 42 | #define MAX_DISPLAYS 1000 |
39 | 43 | ||
diff --git a/clientloop.c b/clientloop.c index f7ac7b3b0..67fa36d91 100644 --- a/clientloop.c +++ b/clientloop.c | |||
@@ -16,13 +16,12 @@ | |||
16 | */ | 16 | */ |
17 | 17 | ||
18 | #include "includes.h" | 18 | #include "includes.h" |
19 | RCSID("$OpenBSD: clientloop.c,v 1.28 2000/07/13 23:14:08 provos Exp $"); | 19 | RCSID("$OpenBSD: clientloop.c,v 1.29 2000/07/16 08:27:21 markus Exp $"); |
20 | 20 | ||
21 | #include "xmalloc.h" | 21 | #include "xmalloc.h" |
22 | #include "ssh.h" | 22 | #include "ssh.h" |
23 | #include "packet.h" | 23 | #include "packet.h" |
24 | #include "buffer.h" | 24 | #include "buffer.h" |
25 | #include "authfd.h" | ||
26 | #include "readconf.h" | 25 | #include "readconf.h" |
27 | 26 | ||
28 | #include "ssh2.h" | 27 | #include "ssh2.h" |
@@ -30,7 +29,6 @@ RCSID("$OpenBSD: clientloop.c,v 1.28 2000/07/13 23:14:08 provos Exp $"); | |||
30 | #include "channels.h" | 29 | #include "channels.h" |
31 | #include "dispatch.h" | 30 | #include "dispatch.h" |
32 | 31 | ||
33 | |||
34 | /* Flag indicating that stdin should be redirected from /dev/null. */ | 32 | /* Flag indicating that stdin should be redirected from /dev/null. */ |
35 | extern int stdin_null_flag; | 33 | extern int stdin_null_flag; |
36 | 34 | ||
@@ -28,7 +28,7 @@ | |||
28 | */ | 28 | */ |
29 | 29 | ||
30 | #include "includes.h" | 30 | #include "includes.h" |
31 | RCSID("$OpenBSD: dsa.c,v 1.9 2000/06/20 01:39:41 markus Exp $"); | 31 | RCSID("$OpenBSD: dsa.c,v 1.10 2000/07/20 00:33:12 markus Exp $"); |
32 | 32 | ||
33 | #include "ssh.h" | 33 | #include "ssh.h" |
34 | #include "xmalloc.h" | 34 | #include "xmalloc.h" |
@@ -53,8 +53,7 @@ RCSID("$OpenBSD: dsa.c,v 1.9 2000/06/20 01:39:41 markus Exp $"); | |||
53 | #define SIGBLOB_LEN (2*INTBLOB_LEN) | 53 | #define SIGBLOB_LEN (2*INTBLOB_LEN) |
54 | 54 | ||
55 | Key * | 55 | Key * |
56 | dsa_key_from_blob( | 56 | dsa_key_from_blob(char *blob, int blen) |
57 | char *blob, int blen) | ||
58 | { | 57 | { |
59 | Buffer b; | 58 | Buffer b; |
60 | char *ktype; | 59 | char *ktype; |
@@ -66,16 +65,17 @@ dsa_key_from_blob( | |||
66 | dump_base64(stderr, blob, blen); | 65 | dump_base64(stderr, blob, blen); |
67 | #endif | 66 | #endif |
68 | /* fetch & parse DSA/DSS pubkey */ | 67 | /* fetch & parse DSA/DSS pubkey */ |
69 | key = key_new(KEY_DSA); | ||
70 | dsa = key->dsa; | ||
71 | buffer_init(&b); | 68 | buffer_init(&b); |
72 | buffer_append(&b, blob, blen); | 69 | buffer_append(&b, blob, blen); |
73 | ktype = buffer_get_string(&b, NULL); | 70 | ktype = buffer_get_string(&b, NULL); |
74 | if (strcmp(KEX_DSS, ktype) != 0) { | 71 | if (strcmp(KEX_DSS, ktype) != 0) { |
75 | error("dsa_key_from_blob: cannot handle type %s", ktype); | 72 | error("dsa_key_from_blob: cannot handle type %s", ktype); |
76 | key_free(key); | 73 | buffer_free(&b); |
74 | xfree(ktype); | ||
77 | return NULL; | 75 | return NULL; |
78 | } | 76 | } |
77 | key = key_new(KEY_DSA); | ||
78 | dsa = key->dsa; | ||
79 | buffer_get_bignum2(&b, dsa->p); | 79 | buffer_get_bignum2(&b, dsa->p); |
80 | buffer_get_bignum2(&b, dsa->q); | 80 | buffer_get_bignum2(&b, dsa->q); |
81 | buffer_get_bignum2(&b, dsa->g); | 81 | buffer_get_bignum2(&b, dsa->g); |
@@ -84,8 +84,8 @@ dsa_key_from_blob( | |||
84 | if(rlen != 0) | 84 | if(rlen != 0) |
85 | error("dsa_key_from_blob: remaining bytes in key blob %d", rlen); | 85 | error("dsa_key_from_blob: remaining bytes in key blob %d", rlen); |
86 | buffer_free(&b); | 86 | buffer_free(&b); |
87 | xfree(ktype); | ||
87 | 88 | ||
88 | debug("keytype %s", ktype); | ||
89 | #ifdef DEBUG_DSS | 89 | #ifdef DEBUG_DSS |
90 | DSA_print_fp(stderr, dsa, 8); | 90 | DSA_print_fp(stderr, dsa, 8); |
91 | #endif | 91 | #endif |
@@ -7,7 +7,7 @@ | |||
7 | */ | 7 | */ |
8 | 8 | ||
9 | #include "includes.h" | 9 | #include "includes.h" |
10 | RCSID("$OpenBSD: ssh-add.c,v 1.17 2000/06/20 01:39:44 markus Exp $"); | 10 | RCSID("$OpenBSD: ssh-add.c,v 1.18 2000/07/16 08:27:21 markus Exp $"); |
11 | 11 | ||
12 | #include <openssl/rsa.h> | 12 | #include <openssl/rsa.h> |
13 | #include <openssl/dsa.h> | 13 | #include <openssl/dsa.h> |
@@ -15,9 +15,9 @@ RCSID("$OpenBSD: ssh-add.c,v 1.17 2000/06/20 01:39:44 markus Exp $"); | |||
15 | #include "rsa.h" | 15 | #include "rsa.h" |
16 | #include "ssh.h" | 16 | #include "ssh.h" |
17 | #include "xmalloc.h" | 17 | #include "xmalloc.h" |
18 | #include "authfd.h" | ||
19 | #include "fingerprint.h" | 18 | #include "fingerprint.h" |
20 | #include "key.h" | 19 | #include "key.h" |
20 | #include "authfd.h" | ||
21 | #include "authfile.h" | 21 | #include "authfile.h" |
22 | 22 | ||
23 | #ifdef HAVE___PROGNAME | 23 | #ifdef HAVE___PROGNAME |
@@ -102,11 +102,17 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
102 | char buf[1024], msg[1024]; | 102 | char buf[1024], msg[1024]; |
103 | int success; | 103 | int success; |
104 | int interactive = isatty(STDIN_FILENO); | 104 | int interactive = isatty(STDIN_FILENO); |
105 | int type = KEY_RSA; | ||
105 | 106 | ||
107 | /* | ||
108 | * try to load the public key. right now this only works for RSA, | ||
109 | * since DSA keys are fully encrypted | ||
110 | */ | ||
106 | public = key_new(KEY_RSA); | 111 | public = key_new(KEY_RSA); |
107 | if (!load_public_key(filename, public, &saved_comment)) { | 112 | if (!load_public_key(filename, public, &saved_comment)) { |
108 | printf("Bad key file %s: %s\n", filename, strerror(errno)); | 113 | /* ok, so we will asume this is a DSA key */ |
109 | return; | 114 | type = KEY_DSA; |
115 | saved_comment = xstrdup(filename); | ||
110 | } | 116 | } |
111 | key_free(public); | 117 | key_free(public); |
112 | 118 | ||
@@ -118,7 +124,7 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
118 | } | 124 | } |
119 | 125 | ||
120 | /* At first, try empty passphrase */ | 126 | /* At first, try empty passphrase */ |
121 | private = key_new(KEY_RSA); | 127 | private = key_new(type); |
122 | success = load_private_key(filename, "", private, &comment); | 128 | success = load_private_key(filename, "", private, &comment); |
123 | if (!success) { | 129 | if (!success) { |
124 | printf("Need passphrase for %.200s\n", filename); | 130 | printf("Need passphrase for %.200s\n", filename); |
@@ -150,7 +156,7 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
150 | } | 156 | } |
151 | xfree(saved_comment); | 157 | xfree(saved_comment); |
152 | 158 | ||
153 | if (ssh_add_identity(ac, private->rsa, comment)) | 159 | if (ssh_add_identity(ac, private, comment)) |
154 | fprintf(stderr, "Identity added: %s (%s)\n", filename, comment); | 160 | fprintf(stderr, "Identity added: %s (%s)\n", filename, comment); |
155 | else | 161 | else |
156 | fprintf(stderr, "Could not add identity: %s\n", filename); | 162 | fprintf(stderr, "Could not add identity: %s\n", filename); |
diff --git a/ssh-agent.c b/ssh-agent.c index 148bcff6e..e8383b5df 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-agent.c,v 1.31 2000/04/29 18:11:52 markus Exp $ */ | 1 | /* $OpenBSD: ssh-agent.c,v 1.32 2000/07/16 08:27:21 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -9,11 +9,10 @@ | |||
9 | */ | 9 | */ |
10 | 10 | ||
11 | #include "includes.h" | 11 | #include "includes.h" |
12 | RCSID("$OpenBSD: ssh-agent.c,v 1.31 2000/04/29 18:11:52 markus Exp $"); | 12 | RCSID("$OpenBSD: ssh-agent.c,v 1.32 2000/07/16 08:27:21 markus Exp $"); |
13 | 13 | ||
14 | #include "ssh.h" | 14 | #include "ssh.h" |
15 | #include "rsa.h" | 15 | #include "rsa.h" |
16 | #include "authfd.h" | ||
17 | #include "buffer.h" | 16 | #include "buffer.h" |
18 | #include "bufaux.h" | 17 | #include "bufaux.h" |
19 | #include "xmalloc.h" | 18 | #include "xmalloc.h" |
@@ -22,6 +21,10 @@ RCSID("$OpenBSD: ssh-agent.c,v 1.31 2000/04/29 18:11:52 markus Exp $"); | |||
22 | #include "mpaux.h" | 21 | #include "mpaux.h" |
23 | 22 | ||
24 | #include <openssl/md5.h> | 23 | #include <openssl/md5.h> |
24 | #include <openssl/dsa.h> | ||
25 | #include <openssl/rsa.h> | ||
26 | #include "key.h" | ||
27 | #include "authfd.h" | ||
25 | 28 | ||
26 | typedef struct { | 29 | typedef struct { |
27 | int fd; | 30 | int fd; |
@@ -11,7 +11,7 @@ | |||
11 | */ | 11 | */ |
12 | 12 | ||
13 | #include "includes.h" | 13 | #include "includes.h" |
14 | RCSID("$OpenBSD: ssh.c,v 1.57 2000/07/15 04:01:37 djm Exp $"); | 14 | RCSID("$OpenBSD: ssh.c,v 1.58 2000/07/16 08:27:22 markus Exp $"); |
15 | 15 | ||
16 | #include <openssl/evp.h> | 16 | #include <openssl/evp.h> |
17 | #include <openssl/dsa.h> | 17 | #include <openssl/dsa.h> |
@@ -21,7 +21,6 @@ RCSID("$OpenBSD: ssh.c,v 1.57 2000/07/15 04:01:37 djm Exp $"); | |||
21 | #include "ssh.h" | 21 | #include "ssh.h" |
22 | #include "packet.h" | 22 | #include "packet.h" |
23 | #include "buffer.h" | 23 | #include "buffer.h" |
24 | #include "authfd.h" | ||
25 | #include "readconf.h" | 24 | #include "readconf.h" |
26 | #include "uidswap.h" | 25 | #include "uidswap.h" |
27 | 26 | ||
@@ -29,6 +28,7 @@ RCSID("$OpenBSD: ssh.c,v 1.57 2000/07/15 04:01:37 djm Exp $"); | |||
29 | #include "compat.h" | 28 | #include "compat.h" |
30 | #include "channels.h" | 29 | #include "channels.h" |
31 | #include "key.h" | 30 | #include "key.h" |
31 | #include "authfd.h" | ||
32 | #include "authfile.h" | 32 | #include "authfile.h" |
33 | 33 | ||
34 | #ifdef HAVE___PROGNAME | 34 | #ifdef HAVE___PROGNAME |
diff --git a/sshconnect1.c b/sshconnect1.c index 4360d7283..aaebf17ff 100644 --- a/sshconnect1.c +++ b/sshconnect1.c | |||
@@ -9,7 +9,7 @@ | |||
9 | */ | 9 | */ |
10 | 10 | ||
11 | #include "includes.h" | 11 | #include "includes.h" |
12 | RCSID("$OpenBSD: sshconnect1.c,v 1.3 2000/05/08 17:12:16 markus Exp $"); | 12 | RCSID("$OpenBSD: sshconnect1.c,v 1.4 2000/07/16 08:27:22 markus Exp $"); |
13 | 13 | ||
14 | #include <openssl/bn.h> | 14 | #include <openssl/bn.h> |
15 | #include <openssl/dsa.h> | 15 | #include <openssl/dsa.h> |
@@ -21,12 +21,12 @@ RCSID("$OpenBSD: sshconnect1.c,v 1.3 2000/05/08 17:12:16 markus Exp $"); | |||
21 | #include "ssh.h" | 21 | #include "ssh.h" |
22 | #include "buffer.h" | 22 | #include "buffer.h" |
23 | #include "packet.h" | 23 | #include "packet.h" |
24 | #include "authfd.h" | ||
25 | #include "cipher.h" | 24 | #include "cipher.h" |
26 | #include "mpaux.h" | 25 | #include "mpaux.h" |
27 | #include "uidswap.h" | 26 | #include "uidswap.h" |
28 | #include "readconf.h" | 27 | #include "readconf.h" |
29 | #include "key.h" | 28 | #include "key.h" |
29 | #include "authfd.h" | ||
30 | #include "sshconnect.h" | 30 | #include "sshconnect.h" |
31 | #include "authfile.h" | 31 | #include "authfile.h" |
32 | 32 | ||
diff --git a/sshconnect2.c b/sshconnect2.c index ae96d534e..22ad39e7f 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -28,7 +28,7 @@ | |||
28 | */ | 28 | */ |
29 | 29 | ||
30 | #include "includes.h" | 30 | #include "includes.h" |
31 | RCSID("$OpenBSD: sshconnect2.c,v 1.15 2000/06/21 16:46:10 markus Exp $"); | 31 | RCSID("$OpenBSD: sshconnect2.c,v 1.16 2000/07/16 08:27:22 markus Exp $"); |
32 | 32 | ||
33 | #include <openssl/bn.h> | 33 | #include <openssl/bn.h> |
34 | #include <openssl/rsa.h> | 34 | #include <openssl/rsa.h> |
@@ -286,40 +286,20 @@ ssh2_try_passwd(const char *server_user, const char *host, const char *service) | |||
286 | return 1; | 286 | return 1; |
287 | } | 287 | } |
288 | 288 | ||
289 | int | 289 | typedef int sign_fn( |
290 | ssh2_try_pubkey(char *filename, | 290 | Key *key, |
291 | unsigned char **sigp, int *lenp, | ||
292 | unsigned char *data, int datalen); | ||
293 | |||
294 | void | ||
295 | ssh2_sign_and_send_pubkey(Key *k, sign_fn *do_sign, | ||
291 | const char *server_user, const char *host, const char *service) | 296 | const char *server_user, const char *host, const char *service) |
292 | { | 297 | { |
293 | Buffer b; | 298 | Buffer b; |
294 | Key *k; | ||
295 | unsigned char *blob, *signature; | 299 | unsigned char *blob, *signature; |
296 | int bloblen, slen; | 300 | int bloblen, slen; |
297 | struct stat st; | ||
298 | int skip = 0; | 301 | int skip = 0; |
299 | 302 | ||
300 | if (stat(filename, &st) != 0) { | ||
301 | debug("key does not exist: %s", filename); | ||
302 | return 0; | ||
303 | } | ||
304 | debug("try pubkey: %s", filename); | ||
305 | |||
306 | k = key_new(KEY_DSA); | ||
307 | if (!load_private_key(filename, "", k, NULL)) { | ||
308 | int success = 0; | ||
309 | char *passphrase; | ||
310 | char prompt[300]; | ||
311 | snprintf(prompt, sizeof prompt, | ||
312 | "Enter passphrase for DSA key '%.100s': ", | ||
313 | filename); | ||
314 | passphrase = read_passphrase(prompt, 0); | ||
315 | success = load_private_key(filename, passphrase, k, NULL); | ||
316 | memset(passphrase, 0, strlen(passphrase)); | ||
317 | xfree(passphrase); | ||
318 | if (!success) { | ||
319 | key_free(k); | ||
320 | return 0; | ||
321 | } | ||
322 | } | ||
323 | dsa_make_key_blob(k, &blob, &bloblen); | 303 | dsa_make_key_blob(k, &blob, &bloblen); |
324 | 304 | ||
325 | /* data to be signed */ | 305 | /* data to be signed */ |
@@ -343,8 +323,8 @@ ssh2_try_pubkey(char *filename, | |||
343 | buffer_put_string(&b, blob, bloblen); | 323 | buffer_put_string(&b, blob, bloblen); |
344 | 324 | ||
345 | /* generate signature */ | 325 | /* generate signature */ |
346 | dsa_sign(k, &signature, &slen, buffer_ptr(&b), buffer_len(&b)); | 326 | do_sign(k, &signature, &slen, buffer_ptr(&b), buffer_len(&b)); |
347 | key_free(k); | 327 | key_free(k); /* XXX */ |
348 | #ifdef DEBUG_DSS | 328 | #ifdef DEBUG_DSS |
349 | buffer_dump(&b); | 329 | buffer_dump(&b); |
350 | #endif | 330 | #endif |
@@ -377,6 +357,39 @@ ssh2_try_pubkey(char *filename, | |||
377 | /* send */ | 357 | /* send */ |
378 | packet_send(); | 358 | packet_send(); |
379 | packet_write_wait(); | 359 | packet_write_wait(); |
360 | } | ||
361 | |||
362 | int | ||
363 | ssh2_try_pubkey(char *filename, | ||
364 | const char *server_user, const char *host, const char *service) | ||
365 | { | ||
366 | Key *k; | ||
367 | struct stat st; | ||
368 | |||
369 | if (stat(filename, &st) != 0) { | ||
370 | debug("key does not exist: %s", filename); | ||
371 | return 0; | ||
372 | } | ||
373 | debug("try pubkey: %s", filename); | ||
374 | |||
375 | k = key_new(KEY_DSA); | ||
376 | if (!load_private_key(filename, "", k, NULL)) { | ||
377 | int success = 0; | ||
378 | char *passphrase; | ||
379 | char prompt[300]; | ||
380 | snprintf(prompt, sizeof prompt, | ||
381 | "Enter passphrase for DSA key '%.100s': ", | ||
382 | filename); | ||
383 | passphrase = read_passphrase(prompt, 0); | ||
384 | success = load_private_key(filename, passphrase, k, NULL); | ||
385 | memset(passphrase, 0, strlen(passphrase)); | ||
386 | xfree(passphrase); | ||
387 | if (!success) { | ||
388 | key_free(k); | ||
389 | return 0; | ||
390 | } | ||
391 | } | ||
392 | ssh2_sign_and_send_pubkey(k, dsa_sign, server_user, host, service); | ||
380 | return 1; | 393 | return 1; |
381 | } | 394 | } |
382 | 395 | ||
@@ -14,7 +14,7 @@ | |||
14 | */ | 14 | */ |
15 | 15 | ||
16 | #include "includes.h" | 16 | #include "includes.h" |
17 | RCSID("$OpenBSD: sshd.c,v 1.122 2000/07/11 08:11:34 deraadt Exp $"); | 17 | RCSID("$OpenBSD: sshd.c,v 1.123 2000/07/18 01:25:01 djm Exp $"); |
18 | 18 | ||
19 | #include "xmalloc.h" | 19 | #include "xmalloc.h" |
20 | #include "rsa.h" | 20 | #include "rsa.h" |
@@ -642,6 +642,7 @@ main(int ac, char **av) | |||
642 | s2 = dup(s1); | 642 | s2 = dup(s1); |
643 | sock_in = dup(0); | 643 | sock_in = dup(0); |
644 | sock_out = dup(1); | 644 | sock_out = dup(1); |
645 | startup_pipe = -1; | ||
645 | /* | 646 | /* |
646 | * We intentionally do not close the descriptors 0, 1, and 2 | 647 | * We intentionally do not close the descriptors 0, 1, and 2 |
647 | * as our code for setting the descriptors won\'t work if | 648 | * as our code for setting the descriptors won\'t work if |