summaryrefslogtreecommitdiff
path: root/ssh-agent.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssh-agent.c')
-rw-r--r--ssh-agent.c26
1 files changed, 22 insertions, 4 deletions
diff --git a/ssh-agent.c b/ssh-agent.c
index a335ea33d..c38906d94 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-agent.c,v 1.204 2015/07/08 20:24:02 markus Exp $ */ 1/* $OpenBSD: ssh-agent.c,v 1.212 2016/02/15 09:47:49 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -368,6 +368,18 @@ process_authentication_challenge1(SocketEntry *e)
368} 368}
369#endif 369#endif
370 370
371static char *
372agent_decode_alg(struct sshkey *key, u_int flags)
373{
374 if (key->type == KEY_RSA) {
375 if (flags & SSH_AGENT_RSA_SHA2_256)
376 return "rsa-sha2-256";
377 else if (flags & SSH_AGENT_RSA_SHA2_512)
378 return "rsa-sha2-512";
379 }
380 return NULL;
381}
382
371/* ssh2 only */ 383/* ssh2 only */
372static void 384static void
373process_sign_request2(SocketEntry *e) 385process_sign_request2(SocketEntry *e)
@@ -389,7 +401,7 @@ process_sign_request2(SocketEntry *e)
389 if (flags & SSH_AGENT_OLD_SIGNATURE) 401 if (flags & SSH_AGENT_OLD_SIGNATURE)
390 compat = SSH_BUG_SIGBLOB; 402 compat = SSH_BUG_SIGBLOB;
391 if ((r = sshkey_from_blob(blob, blen, &key)) != 0) { 403 if ((r = sshkey_from_blob(blob, blen, &key)) != 0) {
392 error("%s: cannot parse key blob: %s", __func__, ssh_err(ok)); 404 error("%s: cannot parse key blob: %s", __func__, ssh_err(r));
393 goto send; 405 goto send;
394 } 406 }
395 if ((id = lookup_identity(key, 2)) == NULL) { 407 if ((id = lookup_identity(key, 2)) == NULL) {
@@ -401,8 +413,8 @@ process_sign_request2(SocketEntry *e)
401 goto send; 413 goto send;
402 } 414 }
403 if ((r = sshkey_sign(id->key, &signature, &slen, 415 if ((r = sshkey_sign(id->key, &signature, &slen,
404 data, dlen, compat)) != 0) { 416 data, dlen, agent_decode_alg(key, flags), compat)) != 0) {
405 error("%s: sshkey_sign: %s", __func__, ssh_err(ok)); 417 error("%s: sshkey_sign: %s", __func__, ssh_err(r));
406 goto send; 418 goto send;
407 } 419 }
408 /* Success */ 420 /* Success */
@@ -1188,6 +1200,7 @@ main(int ac, char **av)
1188 size_t len; 1200 size_t len;
1189 mode_t prev_mask; 1201 mode_t prev_mask;
1190 1202
1203 ssh_malloc_init(); /* must be called before any mallocs */
1191 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ 1204 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
1192 sanitise_stdfd(); 1205 sanitise_stdfd();
1193 1206
@@ -1330,6 +1343,7 @@ main(int ac, char **av)
1330 printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name, 1343 printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name,
1331 SSH_AUTHSOCKET_ENV_NAME); 1344 SSH_AUTHSOCKET_ENV_NAME);
1332 printf("echo Agent pid %ld;\n", (long)parent_pid); 1345 printf("echo Agent pid %ld;\n", (long)parent_pid);
1346 fflush(stdout);
1333 goto skip; 1347 goto skip;
1334 } 1348 }
1335 pid = fork(); 1349 pid = fork();
@@ -1402,6 +1416,10 @@ skip:
1402 signal(SIGTERM, cleanup_handler); 1416 signal(SIGTERM, cleanup_handler);
1403 nalloc = 0; 1417 nalloc = 0;
1404 1418
1419 if (pledge("stdio cpath unix id proc exec", NULL) == -1)
1420 fatal("%s: pledge: %s", __progname, strerror(errno));
1421 platform_pledge_agent();
1422
1405 while (1) { 1423 while (1) {
1406 prepare_select(&readsetp, &writesetp, &max_fd, &nalloc, &tvp); 1424 prepare_select(&readsetp, &writesetp, &max_fd, &nalloc, &tvp);
1407 result = select(max_fd + 1, readsetp, writesetp, NULL, tvp); 1425 result = select(max_fd + 1, readsetp, writesetp, NULL, tvp);