diff options
Diffstat (limited to 'ssh-agent.c')
-rw-r--r-- | ssh-agent.c | 26 |
1 files changed, 22 insertions, 4 deletions
diff --git a/ssh-agent.c b/ssh-agent.c index a335ea33d..c38906d94 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-agent.c,v 1.204 2015/07/08 20:24:02 markus Exp $ */ | 1 | /* $OpenBSD: ssh-agent.c,v 1.212 2016/02/15 09:47:49 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -368,6 +368,18 @@ process_authentication_challenge1(SocketEntry *e) | |||
368 | } | 368 | } |
369 | #endif | 369 | #endif |
370 | 370 | ||
371 | static char * | ||
372 | agent_decode_alg(struct sshkey *key, u_int flags) | ||
373 | { | ||
374 | if (key->type == KEY_RSA) { | ||
375 | if (flags & SSH_AGENT_RSA_SHA2_256) | ||
376 | return "rsa-sha2-256"; | ||
377 | else if (flags & SSH_AGENT_RSA_SHA2_512) | ||
378 | return "rsa-sha2-512"; | ||
379 | } | ||
380 | return NULL; | ||
381 | } | ||
382 | |||
371 | /* ssh2 only */ | 383 | /* ssh2 only */ |
372 | static void | 384 | static void |
373 | process_sign_request2(SocketEntry *e) | 385 | process_sign_request2(SocketEntry *e) |
@@ -389,7 +401,7 @@ process_sign_request2(SocketEntry *e) | |||
389 | if (flags & SSH_AGENT_OLD_SIGNATURE) | 401 | if (flags & SSH_AGENT_OLD_SIGNATURE) |
390 | compat = SSH_BUG_SIGBLOB; | 402 | compat = SSH_BUG_SIGBLOB; |
391 | if ((r = sshkey_from_blob(blob, blen, &key)) != 0) { | 403 | if ((r = sshkey_from_blob(blob, blen, &key)) != 0) { |
392 | error("%s: cannot parse key blob: %s", __func__, ssh_err(ok)); | 404 | error("%s: cannot parse key blob: %s", __func__, ssh_err(r)); |
393 | goto send; | 405 | goto send; |
394 | } | 406 | } |
395 | if ((id = lookup_identity(key, 2)) == NULL) { | 407 | if ((id = lookup_identity(key, 2)) == NULL) { |
@@ -401,8 +413,8 @@ process_sign_request2(SocketEntry *e) | |||
401 | goto send; | 413 | goto send; |
402 | } | 414 | } |
403 | if ((r = sshkey_sign(id->key, &signature, &slen, | 415 | if ((r = sshkey_sign(id->key, &signature, &slen, |
404 | data, dlen, compat)) != 0) { | 416 | data, dlen, agent_decode_alg(key, flags), compat)) != 0) { |
405 | error("%s: sshkey_sign: %s", __func__, ssh_err(ok)); | 417 | error("%s: sshkey_sign: %s", __func__, ssh_err(r)); |
406 | goto send; | 418 | goto send; |
407 | } | 419 | } |
408 | /* Success */ | 420 | /* Success */ |
@@ -1188,6 +1200,7 @@ main(int ac, char **av) | |||
1188 | size_t len; | 1200 | size_t len; |
1189 | mode_t prev_mask; | 1201 | mode_t prev_mask; |
1190 | 1202 | ||
1203 | ssh_malloc_init(); /* must be called before any mallocs */ | ||
1191 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | 1204 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
1192 | sanitise_stdfd(); | 1205 | sanitise_stdfd(); |
1193 | 1206 | ||
@@ -1330,6 +1343,7 @@ main(int ac, char **av) | |||
1330 | printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name, | 1343 | printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name, |
1331 | SSH_AUTHSOCKET_ENV_NAME); | 1344 | SSH_AUTHSOCKET_ENV_NAME); |
1332 | printf("echo Agent pid %ld;\n", (long)parent_pid); | 1345 | printf("echo Agent pid %ld;\n", (long)parent_pid); |
1346 | fflush(stdout); | ||
1333 | goto skip; | 1347 | goto skip; |
1334 | } | 1348 | } |
1335 | pid = fork(); | 1349 | pid = fork(); |
@@ -1402,6 +1416,10 @@ skip: | |||
1402 | signal(SIGTERM, cleanup_handler); | 1416 | signal(SIGTERM, cleanup_handler); |
1403 | nalloc = 0; | 1417 | nalloc = 0; |
1404 | 1418 | ||
1419 | if (pledge("stdio cpath unix id proc exec", NULL) == -1) | ||
1420 | fatal("%s: pledge: %s", __progname, strerror(errno)); | ||
1421 | platform_pledge_agent(); | ||
1422 | |||
1405 | while (1) { | 1423 | while (1) { |
1406 | prepare_select(&readsetp, &writesetp, &max_fd, &nalloc, &tvp); | 1424 | prepare_select(&readsetp, &writesetp, &max_fd, &nalloc, &tvp); |
1407 | result = select(max_fd + 1, readsetp, writesetp, NULL, tvp); | 1425 | result = select(max_fd + 1, readsetp, writesetp, NULL, tvp); |