diff options
Diffstat (limited to 'authfd.c')
| -rw-r--r-- | authfd.c | 41 |
1 files changed, 29 insertions, 12 deletions
| @@ -35,7 +35,7 @@ | |||
| 35 | */ | 35 | */ |
| 36 | 36 | ||
| 37 | #include "includes.h" | 37 | #include "includes.h" |
| 38 | RCSID("$OpenBSD: authfd.c,v 1.58 2003/01/23 13:50:27 markus Exp $"); | 38 | RCSID("$OpenBSD: authfd.c,v 1.61 2003/06/28 16:23:06 deraadt Exp $"); |
| 39 | 39 | ||
| 40 | #include <openssl/evp.h> | 40 | #include <openssl/evp.h> |
| 41 | 41 | ||
| @@ -122,8 +122,8 @@ ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply | |||
| 122 | PUT_32BIT(buf, len); | 122 | PUT_32BIT(buf, len); |
| 123 | 123 | ||
| 124 | /* Send the length and then the packet to the agent. */ | 124 | /* Send the length and then the packet to the agent. */ |
| 125 | if (atomicio(write, auth->fd, buf, 4) != 4 || | 125 | if (atomicio(vwrite, auth->fd, buf, 4) != 4 || |
| 126 | atomicio(write, auth->fd, buffer_ptr(request), | 126 | atomicio(vwrite, auth->fd, buffer_ptr(request), |
| 127 | buffer_len(request)) != buffer_len(request)) { | 127 | buffer_len(request)) != buffer_len(request)) { |
| 128 | error("Error writing to authentication socket."); | 128 | error("Error writing to authentication socket."); |
| 129 | return 0; | 129 | return 0; |
| @@ -332,7 +332,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio | |||
| 332 | buffer_get_bignum(&auth->identities, key->rsa->n); | 332 | buffer_get_bignum(&auth->identities, key->rsa->n); |
| 333 | *comment = buffer_get_string(&auth->identities, NULL); | 333 | *comment = buffer_get_string(&auth->identities, NULL); |
| 334 | if (bits != BN_num_bits(key->rsa->n)) | 334 | if (bits != BN_num_bits(key->rsa->n)) |
| 335 | log("Warning: identity keysize mismatch: actual %d, announced %u", | 335 | logit("Warning: identity keysize mismatch: actual %d, announced %u", |
| 336 | BN_num_bits(key->rsa->n), bits); | 336 | BN_num_bits(key->rsa->n), bits); |
| 337 | break; | 337 | break; |
| 338 | case 2: | 338 | case 2: |
| @@ -373,7 +373,7 @@ ssh_decrypt_challenge(AuthenticationConnection *auth, | |||
| 373 | if (key->type != KEY_RSA1) | 373 | if (key->type != KEY_RSA1) |
| 374 | return 0; | 374 | return 0; |
| 375 | if (response_type == 0) { | 375 | if (response_type == 0) { |
| 376 | log("Compatibility with ssh protocol version 1.0 no longer supported."); | 376 | logit("Compatibility with ssh protocol version 1.0 no longer supported."); |
| 377 | return 0; | 377 | return 0; |
| 378 | } | 378 | } |
| 379 | buffer_init(&buffer); | 379 | buffer_init(&buffer); |
| @@ -392,7 +392,7 @@ ssh_decrypt_challenge(AuthenticationConnection *auth, | |||
| 392 | type = buffer_get_char(&buffer); | 392 | type = buffer_get_char(&buffer); |
| 393 | 393 | ||
| 394 | if (agent_failed(type)) { | 394 | if (agent_failed(type)) { |
| 395 | log("Agent admitted failure to authenticate using the key."); | 395 | logit("Agent admitted failure to authenticate using the key."); |
| 396 | } else if (type != SSH_AGENT_RSA_RESPONSE) { | 396 | } else if (type != SSH_AGENT_RSA_RESPONSE) { |
| 397 | fatal("Bad authentication response: %d", type); | 397 | fatal("Bad authentication response: %d", type); |
| 398 | } else { | 398 | } else { |
| @@ -441,7 +441,7 @@ ssh_agent_sign(AuthenticationConnection *auth, | |||
| 441 | } | 441 | } |
| 442 | type = buffer_get_char(&msg); | 442 | type = buffer_get_char(&msg); |
| 443 | if (agent_failed(type)) { | 443 | if (agent_failed(type)) { |
| 444 | log("Agent admitted failure to sign using the key."); | 444 | logit("Agent admitted failure to sign using the key."); |
| 445 | } else if (type != SSH2_AGENT_SIGN_RESPONSE) { | 445 | } else if (type != SSH2_AGENT_SIGN_RESPONSE) { |
| 446 | fatal("Bad authentication response: %d", type); | 446 | fatal("Bad authentication response: %d", type); |
| 447 | } else { | 447 | } else { |
| @@ -589,16 +589,33 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key) | |||
| 589 | } | 589 | } |
| 590 | 590 | ||
| 591 | int | 591 | int |
| 592 | ssh_update_card(AuthenticationConnection *auth, int add, const char *reader_id, const char *pin) | 592 | ssh_update_card(AuthenticationConnection *auth, int add, |
| 593 | const char *reader_id, const char *pin, u_int life, u_int confirm) | ||
| 593 | { | 594 | { |
| 594 | Buffer msg; | 595 | Buffer msg; |
| 595 | int type; | 596 | int type, constrained = (life || confirm); |
| 597 | |||
| 598 | if (add) { | ||
| 599 | type = constrained ? | ||
| 600 | SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED : | ||
| 601 | SSH_AGENTC_ADD_SMARTCARD_KEY; | ||
| 602 | } else | ||
| 603 | type = SSH_AGENTC_REMOVE_SMARTCARD_KEY; | ||
| 596 | 604 | ||
| 597 | buffer_init(&msg); | 605 | buffer_init(&msg); |
| 598 | buffer_put_char(&msg, add ? SSH_AGENTC_ADD_SMARTCARD_KEY : | 606 | buffer_put_char(&msg, type); |
| 599 | SSH_AGENTC_REMOVE_SMARTCARD_KEY); | ||
| 600 | buffer_put_cstring(&msg, reader_id); | 607 | buffer_put_cstring(&msg, reader_id); |
| 601 | buffer_put_cstring(&msg, pin); | 608 | buffer_put_cstring(&msg, pin); |
| 609 | |||
| 610 | if (constrained) { | ||
| 611 | if (life != 0) { | ||
| 612 | buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_LIFETIME); | ||
| 613 | buffer_put_int(&msg, life); | ||
| 614 | } | ||
| 615 | if (confirm != 0) | ||
| 616 | buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_CONFIRM); | ||
| 617 | } | ||
| 618 | |||
| 602 | if (ssh_request_reply(auth, &msg, &msg) == 0) { | 619 | if (ssh_request_reply(auth, &msg, &msg) == 0) { |
| 603 | buffer_free(&msg); | 620 | buffer_free(&msg); |
| 604 | return 0; | 621 | return 0; |
| @@ -641,7 +658,7 @@ decode_reply(int type) | |||
| 641 | case SSH_AGENT_FAILURE: | 658 | case SSH_AGENT_FAILURE: |
| 642 | case SSH_COM_AGENT2_FAILURE: | 659 | case SSH_COM_AGENT2_FAILURE: |
| 643 | case SSH2_AGENT_FAILURE: | 660 | case SSH2_AGENT_FAILURE: |
| 644 | log("SSH_AGENT_FAILURE"); | 661 | logit("SSH_AGENT_FAILURE"); |
| 645 | return 0; | 662 | return 0; |
| 646 | case SSH_AGENT_SUCCESS: | 663 | case SSH_AGENT_SUCCESS: |
| 647 | return 1; | 664 | return 1; |