summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog8
-rw-r--r--sshconnect2.c13
2 files changed, 15 insertions, 6 deletions
diff --git a/ChangeLog b/ChangeLog
index 46a2addaf..4851d4a93 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -59,6 +59,12 @@
59 use rijndael/aes from libcrypto (openssl >= 0.9.7) instead of 59 use rijndael/aes from libcrypto (openssl >= 0.9.7) instead of
60 our own implementation. allow use of AES hardware via libcrypto, 60 our own implementation. allow use of AES hardware via libcrypto,
61 ok deraadt@ 61 ok deraadt@
62 - markus@cvs.openbsd.org 2002/05/31 10:30:33
63 [sshconnect2.c]
64 extent ssh-keysign protocol:
65 pass # of socket-fd to ssh-keysign, keysign verfies locally used
66 ip-address using this socket-fd, restricts fake local hostnames
67 to actual local hostnames; ok stevesk@
62 68
6320020604 6920020604
64 - (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed 70 - (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed
@@ -743,4 +749,4 @@
743 - (stevesk) entropy.c: typo in debug message 749 - (stevesk) entropy.c: typo in debug message
744 - (djm) ssh-keygen -i needs seeded RNG; report from markus@ 750 - (djm) ssh-keygen -i needs seeded RNG; report from markus@
745 751
746$Id: ChangeLog,v 1.2161 2002/06/06 20:50:07 mouring Exp $ 752$Id: ChangeLog,v 1.2162 2002/06/06 20:51:04 mouring Exp $
diff --git a/sshconnect2.c b/sshconnect2.c
index 3a0eb761a..6950c5ee6 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: sshconnect2.c,v 1.102 2002/05/25 08:50:39 markus Exp $"); 26RCSID("$OpenBSD: sshconnect2.c,v 1.103 2002/05/31 10:30:33 markus Exp $");
27 27
28#include "ssh.h" 28#include "ssh.h"
29#include "ssh2.h" 29#include "ssh2.h"
@@ -902,7 +902,7 @@ ssh_keysign(
902 Buffer b; 902 Buffer b;
903 struct stat st; 903 struct stat st;
904 pid_t pid; 904 pid_t pid;
905 int to[2], from[2], status, version = 1; 905 int to[2], from[2], status, version = 2;
906 906
907 debug("ssh_keysign called"); 907 debug("ssh_keysign called");
908 908
@@ -933,6 +933,8 @@ ssh_keysign(
933 close(to[1]); 933 close(to[1]);
934 if (dup2(to[0], STDIN_FILENO) < 0) 934 if (dup2(to[0], STDIN_FILENO) < 0)
935 fatal("ssh_keysign: dup2: %s", strerror(errno)); 935 fatal("ssh_keysign: dup2: %s", strerror(errno));
936 close(from[1]);
937 close(to[0]);
936 execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *) 0); 938 execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *) 0);
937 fatal("ssh_keysign: exec(%s): %s", _PATH_SSH_KEY_SIGN, 939 fatal("ssh_keysign: exec(%s): %s", _PATH_SSH_KEY_SIGN,
938 strerror(errno)); 940 strerror(errno));
@@ -941,6 +943,7 @@ ssh_keysign(
941 close(to[0]); 943 close(to[0]);
942 944
943 buffer_init(&b); 945 buffer_init(&b);
946 buffer_put_int(&b, packet_get_connection_in()); /* send # of socket */
944 buffer_put_string(&b, data, datalen); 947 buffer_put_string(&b, data, datalen);
945 msg_send(to[1], version, &b); 948 msg_send(to[1], version, &b);
946 949
@@ -952,9 +955,9 @@ ssh_keysign(
952 close(from[0]); 955 close(from[0]);
953 close(to[1]); 956 close(to[1]);
954 957
955 while (waitpid(pid, &status, 0) < 0) 958 while (waitpid(pid, &status, 0) < 0)
956 if (errno != EINTR) 959 if (errno != EINTR)
957 break; 960 break;
958 961
959 if (buffer_get_char(&b) != version) { 962 if (buffer_get_char(&b) != version) {
960 error("ssh_keysign: bad version"); 963 error("ssh_keysign: bad version");