summaryrefslogtreecommitdiff
path: root/authfd.c
diff options
context:
space:
mode:
Diffstat (limited to 'authfd.c')
-rw-r--r--authfd.c142
1 files changed, 31 insertions, 111 deletions
diff --git a/authfd.c b/authfd.c
index 69d77d7dd..69fe2ae41 100644
--- a/authfd.c
+++ b/authfd.c
@@ -14,7 +14,7 @@
14 */ 14 */
15 15
16#include "includes.h" 16#include "includes.h"
17RCSID("$OpenBSD: authfd.c,v 1.20 2000/06/20 01:39:38 markus Exp $"); 17RCSID("$OpenBSD: authfd.c,v 1.21 2000/06/26 09:22:29 markus Exp $");
18 18
19#include "ssh.h" 19#include "ssh.h"
20#include "rsa.h" 20#include "rsa.h"
@@ -26,6 +26,9 @@ RCSID("$OpenBSD: authfd.c,v 1.20 2000/06/20 01:39:38 markus Exp $");
26 26
27#include <openssl/rsa.h> 27#include <openssl/rsa.h>
28 28
29/* helper */
30int ssh_agent_get_reply(AuthenticationConnection *auth);
31
29/* Returns the number of the authentication fd, or -1 if there is none. */ 32/* Returns the number of the authentication fd, or -1 if there is none. */
30 33
31int 34int
@@ -344,7 +347,7 @@ ssh_add_identity(AuthenticationConnection *auth,
344{ 347{
345 Buffer buffer; 348 Buffer buffer;
346 unsigned char buf[8192]; 349 unsigned char buf[8192];
347 int len, l, type; 350 int len;
348 351
349 /* Format a message to the agent. */ 352 /* Format a message to the agent. */
350 buffer_init(&buffer); 353 buffer_init(&buffer);
@@ -368,57 +371,11 @@ ssh_add_identity(AuthenticationConnection *auth,
368 atomicio(write, auth->fd, buffer_ptr(&buffer), 371 atomicio(write, auth->fd, buffer_ptr(&buffer),
369 buffer_len(&buffer)) != buffer_len(&buffer)) { 372 buffer_len(&buffer)) != buffer_len(&buffer)) {
370 error("Error writing to authentication socket."); 373 error("Error writing to authentication socket.");
371error_cleanup:
372 buffer_free(&buffer); 374 buffer_free(&buffer);
373 return 0; 375 return 0;
374 } 376 }
375 /* Wait for response from the agent. First read the length of the 377 buffer_free(&buffer);
376 response packet. */ 378 return ssh_agent_get_reply(auth);
377 len = 4;
378 while (len > 0) {
379 l = read(auth->fd, buf + 4 - len, len);
380 if (l <= 0) {
381 error("Error reading response length from authentication socket.");
382 goto error_cleanup;
383 }
384 len -= l;
385 }
386
387 /* Extract the length, and check it for sanity. */
388 len = GET_32BIT(buf);
389 if (len > 256 * 1024)
390 fatal("Add identity response too long: %d", len);
391
392 /* Read the rest of the response in tothe buffer. */
393 buffer_clear(&buffer);
394 while (len > 0) {
395 l = len;
396 if (l > sizeof(buf))
397 l = sizeof(buf);
398 l = read(auth->fd, buf, l);
399 if (l <= 0) {
400 error("Error reading response from authentication socket.");
401 goto error_cleanup;
402 }
403 buffer_append(&buffer, (char *) buf, l);
404 len -= l;
405 }
406
407 /* Get the type of the packet. */
408 type = buffer_get_char(&buffer);
409 switch (type) {
410 case SSH_AGENT_FAILURE:
411 buffer_free(&buffer);
412 return 0;
413 case SSH_AGENT_SUCCESS:
414 buffer_free(&buffer);
415 return 1;
416 default:
417 fatal("Bad response to add identity from authentication agent: %d",
418 type);
419 }
420 /* NOTREACHED */
421 return 0;
422} 379}
423 380
424/* 381/*
@@ -430,8 +387,8 @@ int
430ssh_remove_identity(AuthenticationConnection *auth, RSA *key) 387ssh_remove_identity(AuthenticationConnection *auth, RSA *key)
431{ 388{
432 Buffer buffer; 389 Buffer buffer;
433 unsigned char buf[8192]; 390 unsigned char buf[5];
434 int len, l, type; 391 int len;
435 392
436 /* Format a message to the agent. */ 393 /* Format a message to the agent. */
437 buffer_init(&buffer); 394 buffer_init(&buffer);
@@ -449,59 +406,11 @@ ssh_remove_identity(AuthenticationConnection *auth, RSA *key)
449 atomicio(write, auth->fd, buffer_ptr(&buffer), 406 atomicio(write, auth->fd, buffer_ptr(&buffer),
450 buffer_len(&buffer)) != buffer_len(&buffer)) { 407 buffer_len(&buffer)) != buffer_len(&buffer)) {
451 error("Error writing to authentication socket."); 408 error("Error writing to authentication socket.");
452error_cleanup:
453 buffer_free(&buffer); 409 buffer_free(&buffer);
454 return 0; 410 return 0;
455 } 411 }
456 /* 412 buffer_free(&buffer);
457 * Wait for response from the agent. First read the length of the 413 return ssh_agent_get_reply(auth);
458 * response packet.
459 */
460 len = 4;
461 while (len > 0) {
462 l = read(auth->fd, buf + 4 - len, len);
463 if (l <= 0) {
464 error("Error reading response length from authentication socket.");
465 goto error_cleanup;
466 }
467 len -= l;
468 }
469
470 /* Extract the length, and check it for sanity. */
471 len = GET_32BIT(buf);
472 if (len > 256 * 1024)
473 fatal("Remove identity response too long: %d", len);
474
475 /* Read the rest of the response in tothe buffer. */
476 buffer_clear(&buffer);
477 while (len > 0) {
478 l = len;
479 if (l > sizeof(buf))
480 l = sizeof(buf);
481 l = read(auth->fd, buf, l);
482 if (l <= 0) {
483 error("Error reading response from authentication socket.");
484 goto error_cleanup;
485 }
486 buffer_append(&buffer, (char *) buf, l);
487 len -= l;
488 }
489
490 /* Get the type of the packet. */
491 type = buffer_get_char(&buffer);
492 switch (type) {
493 case SSH_AGENT_FAILURE:
494 buffer_free(&buffer);
495 return 0;
496 case SSH_AGENT_SUCCESS:
497 buffer_free(&buffer);
498 return 1;
499 default:
500 fatal("Bad response to remove identity from authentication agent: %d",
501 type);
502 }
503 /* NOTREACHED */
504 return 0;
505} 414}
506 415
507/* 416/*
@@ -512,9 +421,7 @@ error_cleanup:
512int 421int
513ssh_remove_all_identities(AuthenticationConnection *auth) 422ssh_remove_all_identities(AuthenticationConnection *auth)
514{ 423{
515 Buffer buffer; 424 unsigned char buf[5];
516 unsigned char buf[8192];
517 int len, l, type;
518 425
519 /* Get the length of the message, and format it in the buffer. */ 426 /* Get the length of the message, and format it in the buffer. */
520 PUT_32BIT(buf, 1); 427 PUT_32BIT(buf, 1);
@@ -525,6 +432,20 @@ ssh_remove_all_identities(AuthenticationConnection *auth)
525 error("Error writing to authentication socket."); 432 error("Error writing to authentication socket.");
526 return 0; 433 return 0;
527 } 434 }
435 return ssh_agent_get_reply(auth);
436}
437
438/*
439 * Read for reply from agent. returns 1 for success, 0 on error
440 */
441
442int
443ssh_agent_get_reply(AuthenticationConnection *auth)
444{
445 Buffer buffer;
446 unsigned char buf[8192];
447 int len, l, type;
448
528 /* 449 /*
529 * Wait for response from the agent. First read the length of the 450 * Wait for response from the agent. First read the length of the
530 * response packet. 451 * response packet.
@@ -534,6 +455,7 @@ ssh_remove_all_identities(AuthenticationConnection *auth)
534 l = read(auth->fd, buf + 4 - len, len); 455 l = read(auth->fd, buf + 4 - len, len);
535 if (l <= 0) { 456 if (l <= 0) {
536 error("Error reading response length from authentication socket."); 457 error("Error reading response length from authentication socket.");
458 buffer_free(&buffer);
537 return 0; 459 return 0;
538 } 460 }
539 len -= l; 461 len -= l;
@@ -542,9 +464,9 @@ ssh_remove_all_identities(AuthenticationConnection *auth)
542 /* Extract the length, and check it for sanity. */ 464 /* Extract the length, and check it for sanity. */
543 len = GET_32BIT(buf); 465 len = GET_32BIT(buf);
544 if (len > 256 * 1024) 466 if (len > 256 * 1024)
545 fatal("Remove identity response too long: %d", len); 467 fatal("Response from agent too long: %d", len);
546 468
547 /* Read the rest of the response into the buffer. */ 469 /* Read the rest of the response in to the buffer. */
548 buffer_init(&buffer); 470 buffer_init(&buffer);
549 while (len > 0) { 471 while (len > 0) {
550 l = len; 472 l = len;
@@ -562,16 +484,14 @@ ssh_remove_all_identities(AuthenticationConnection *auth)
562 484
563 /* Get the type of the packet. */ 485 /* Get the type of the packet. */
564 type = buffer_get_char(&buffer); 486 type = buffer_get_char(&buffer);
487 buffer_free(&buffer);
565 switch (type) { 488 switch (type) {
566 case SSH_AGENT_FAILURE: 489 case SSH_AGENT_FAILURE:
567 buffer_free(&buffer);
568 return 0; 490 return 0;
569 case SSH_AGENT_SUCCESS: 491 case SSH_AGENT_SUCCESS:
570 buffer_free(&buffer);
571 return 1; 492 return 1;
572 default: 493 default:
573 fatal("Bad response to remove identity from authentication agent: %d", 494 fatal("Bad response from authentication agent: %d", type);
574 type);
575 } 495 }
576 /* NOTREACHED */ 496 /* NOTREACHED */
577 return 0; 497 return 0;