summaryrefslogtreecommitdiff
path: root/authfd.c
diff options
context:
space:
mode:
Diffstat (limited to 'authfd.c')
-rw-r--r--authfd.c41
1 files changed, 12 insertions, 29 deletions
diff --git a/authfd.c b/authfd.c
index c78db6d94..a186e0117 100644
--- a/authfd.c
+++ b/authfd.c
@@ -35,7 +35,7 @@
35 */ 35 */
36 36
37#include "includes.h" 37#include "includes.h"
38RCSID("$OpenBSD: authfd.c,v 1.61 2003/06/28 16:23:06 deraadt Exp $"); 38RCSID("$OpenBSD: authfd.c,v 1.58 2003/01/23 13:50:27 markus Exp $");
39 39
40#include <openssl/evp.h> 40#include <openssl/evp.h>
41 41
@@ -122,8 +122,8 @@ ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply
122 PUT_32BIT(buf, len); 122 PUT_32BIT(buf, len);
123 123
124 /* Send the length and then the packet to the agent. */ 124 /* Send the length and then the packet to the agent. */
125 if (atomicio(vwrite, auth->fd, buf, 4) != 4 || 125 if (atomicio(write, auth->fd, buf, 4) != 4 ||
126 atomicio(vwrite, auth->fd, buffer_ptr(request), 126 atomicio(write, auth->fd, buffer_ptr(request),
127 buffer_len(request)) != buffer_len(request)) { 127 buffer_len(request)) != buffer_len(request)) {
128 error("Error writing to authentication socket."); 128 error("Error writing to authentication socket.");
129 return 0; 129 return 0;
@@ -332,7 +332,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio
332 buffer_get_bignum(&auth->identities, key->rsa->n); 332 buffer_get_bignum(&auth->identities, key->rsa->n);
333 *comment = buffer_get_string(&auth->identities, NULL); 333 *comment = buffer_get_string(&auth->identities, NULL);
334 if (bits != BN_num_bits(key->rsa->n)) 334 if (bits != BN_num_bits(key->rsa->n))
335 logit("Warning: identity keysize mismatch: actual %d, announced %u", 335 log("Warning: identity keysize mismatch: actual %d, announced %u",
336 BN_num_bits(key->rsa->n), bits); 336 BN_num_bits(key->rsa->n), bits);
337 break; 337 break;
338 case 2: 338 case 2:
@@ -373,7 +373,7 @@ ssh_decrypt_challenge(AuthenticationConnection *auth,
373 if (key->type != KEY_RSA1) 373 if (key->type != KEY_RSA1)
374 return 0; 374 return 0;
375 if (response_type == 0) { 375 if (response_type == 0) {
376 logit("Compatibility with ssh protocol version 1.0 no longer supported."); 376 log("Compatibility with ssh protocol version 1.0 no longer supported.");
377 return 0; 377 return 0;
378 } 378 }
379 buffer_init(&buffer); 379 buffer_init(&buffer);
@@ -392,7 +392,7 @@ ssh_decrypt_challenge(AuthenticationConnection *auth,
392 type = buffer_get_char(&buffer); 392 type = buffer_get_char(&buffer);
393 393
394 if (agent_failed(type)) { 394 if (agent_failed(type)) {
395 logit("Agent admitted failure to authenticate using the key."); 395 log("Agent admitted failure to authenticate using the key.");
396 } else if (type != SSH_AGENT_RSA_RESPONSE) { 396 } else if (type != SSH_AGENT_RSA_RESPONSE) {
397 fatal("Bad authentication response: %d", type); 397 fatal("Bad authentication response: %d", type);
398 } else { 398 } else {
@@ -441,7 +441,7 @@ ssh_agent_sign(AuthenticationConnection *auth,
441 } 441 }
442 type = buffer_get_char(&msg); 442 type = buffer_get_char(&msg);
443 if (agent_failed(type)) { 443 if (agent_failed(type)) {
444 logit("Agent admitted failure to sign using the key."); 444 log("Agent admitted failure to sign using the key.");
445 } else if (type != SSH2_AGENT_SIGN_RESPONSE) { 445 } else if (type != SSH2_AGENT_SIGN_RESPONSE) {
446 fatal("Bad authentication response: %d", type); 446 fatal("Bad authentication response: %d", type);
447 } else { 447 } else {
@@ -589,33 +589,16 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key)
589} 589}
590 590
591int 591int
592ssh_update_card(AuthenticationConnection *auth, int add, 592ssh_update_card(AuthenticationConnection *auth, int add, const char *reader_id, const char *pin)
593 const char *reader_id, const char *pin, u_int life, u_int confirm)
594{ 593{
595 Buffer msg; 594 Buffer msg;
596 int type, constrained = (life || confirm); 595 int type;
597
598 if (add) {
599 type = constrained ?
600 SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED :
601 SSH_AGENTC_ADD_SMARTCARD_KEY;
602 } else
603 type = SSH_AGENTC_REMOVE_SMARTCARD_KEY;
604 596
605 buffer_init(&msg); 597 buffer_init(&msg);
606 buffer_put_char(&msg, type); 598 buffer_put_char(&msg, add ? SSH_AGENTC_ADD_SMARTCARD_KEY :
599 SSH_AGENTC_REMOVE_SMARTCARD_KEY);
607 buffer_put_cstring(&msg, reader_id); 600 buffer_put_cstring(&msg, reader_id);
608 buffer_put_cstring(&msg, pin); 601 buffer_put_cstring(&msg, pin);
609
610 if (constrained) {
611 if (life != 0) {
612 buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_LIFETIME);
613 buffer_put_int(&msg, life);
614 }
615 if (confirm != 0)
616 buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_CONFIRM);
617 }
618
619 if (ssh_request_reply(auth, &msg, &msg) == 0) { 602 if (ssh_request_reply(auth, &msg, &msg) == 0) {
620 buffer_free(&msg); 603 buffer_free(&msg);
621 return 0; 604 return 0;
@@ -658,7 +641,7 @@ decode_reply(int type)
658 case SSH_AGENT_FAILURE: 641 case SSH_AGENT_FAILURE:
659 case SSH_COM_AGENT2_FAILURE: 642 case SSH_COM_AGENT2_FAILURE:
660 case SSH2_AGENT_FAILURE: 643 case SSH2_AGENT_FAILURE:
661 logit("SSH_AGENT_FAILURE"); 644 log("SSH_AGENT_FAILURE");
662 return 0; 645 return 0;
663 case SSH_AGENT_SUCCESS: 646 case SSH_AGENT_SUCCESS:
664 return 1; 647 return 1;