summaryrefslogtreecommitdiff
path: root/ssh-agent.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssh-agent.c')
-rw-r--r--ssh-agent.c37
1 files changed, 27 insertions, 10 deletions
diff --git a/ssh-agent.c b/ssh-agent.c
index eb593de73..c05c61468 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -35,7 +35,7 @@
35 35
36#include "includes.h" 36#include "includes.h"
37#include "openbsd-compat/sys-queue.h" 37#include "openbsd-compat/sys-queue.h"
38RCSID("$OpenBSD: ssh-agent.c,v 1.108 2003/03/13 11:44:50 markus Exp $"); 38RCSID("$OpenBSD: ssh-agent.c,v 1.111 2003/06/12 19:12:03 markus Exp $");
39 39
40#include <openssl/evp.h> 40#include <openssl/evp.h>
41#include <openssl/md5.h> 41#include <openssl/md5.h>
@@ -261,7 +261,7 @@ process_authentication_challenge1(SocketEntry *e)
261 /* The response is MD5 of decrypted challenge plus session id. */ 261 /* The response is MD5 of decrypted challenge plus session id. */
262 len = BN_num_bytes(challenge); 262 len = BN_num_bytes(challenge);
263 if (len <= 0 || len > 32) { 263 if (len <= 0 || len > 32) {
264 log("process_authentication_challenge: bad challenge length %d", len); 264 logit("process_authentication_challenge: bad challenge length %d", len);
265 goto failure; 265 goto failure;
266 } 266 }
267 memset(buf, 0, 32); 267 memset(buf, 0, 32);
@@ -350,7 +350,7 @@ process_remove_identity(SocketEntry *e, int version)
350 buffer_get_bignum(&e->request, key->rsa->n); 350 buffer_get_bignum(&e->request, key->rsa->n);
351 351
352 if (bits != key_size(key)) 352 if (bits != key_size(key))
353 log("Warning: identity keysize mismatch: actual %u, announced %u", 353 logit("Warning: identity keysize mismatch: actual %u, announced %u",
354 key_size(key), bits); 354 key_size(key), bits);
355 break; 355 break;
356 case 2: 356 case 2:
@@ -580,13 +580,29 @@ static void
580process_add_smartcard_key (SocketEntry *e) 580process_add_smartcard_key (SocketEntry *e)
581{ 581{
582 char *sc_reader_id = NULL, *pin; 582 char *sc_reader_id = NULL, *pin;
583 int i, version, success = 0; 583 int i, version, success = 0, death = 0, confirm = 0;
584 Key **keys, *k; 584 Key **keys, *k;
585 Identity *id; 585 Identity *id;
586 Idtab *tab; 586 Idtab *tab;
587 587
588 sc_reader_id = buffer_get_string(&e->request, NULL); 588 sc_reader_id = buffer_get_string(&e->request, NULL);
589 pin = buffer_get_string(&e->request, NULL); 589 pin = buffer_get_string(&e->request, NULL);
590
591 while (buffer_len(&e->request)) {
592 switch (buffer_get_char(&e->request)) {
593 case SSH_AGENT_CONSTRAIN_LIFETIME:
594 death = time(NULL) + buffer_get_int(&e->request);
595 break;
596 case SSH_AGENT_CONSTRAIN_CONFIRM:
597 confirm = 1;
598 break;
599 default:
600 break;
601 }
602 }
603 if (lifetime && !death)
604 death = time(NULL) + lifetime;
605
590 keys = sc_get_keys(sc_reader_id, pin); 606 keys = sc_get_keys(sc_reader_id, pin);
591 xfree(sc_reader_id); 607 xfree(sc_reader_id);
592 xfree(pin); 608 xfree(pin);
@@ -602,9 +618,9 @@ process_add_smartcard_key (SocketEntry *e)
602 if (lookup_identity(k, version) == NULL) { 618 if (lookup_identity(k, version) == NULL) {
603 id = xmalloc(sizeof(Identity)); 619 id = xmalloc(sizeof(Identity));
604 id->key = k; 620 id->key = k;
605 id->comment = xstrdup("smartcard key"); 621 id->comment = sc_get_key_label(k);
606 id->death = 0; 622 id->death = death;
607 id->confirm = 0; 623 id->confirm = confirm;
608 TAILQ_INSERT_TAIL(&tab->idlist, id, next); 624 TAILQ_INSERT_TAIL(&tab->idlist, id, next);
609 tab->nentries++; 625 tab->nentries++;
610 success = 1; 626 success = 1;
@@ -748,6 +764,7 @@ process_message(SocketEntry *e)
748 break; 764 break;
749#ifdef SMARTCARD 765#ifdef SMARTCARD
750 case SSH_AGENTC_ADD_SMARTCARD_KEY: 766 case SSH_AGENTC_ADD_SMARTCARD_KEY:
767 case SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED:
751 process_add_smartcard_key(e); 768 process_add_smartcard_key(e);
752 break; 769 break;
753 case SSH_AGENTC_REMOVE_SMARTCARD_KEY: 770 case SSH_AGENTC_REMOVE_SMARTCARD_KEY:
@@ -962,7 +979,7 @@ check_parent_exists(int sig)
962 /* printf("Parent has died - Authentication agent exiting.\n"); */ 979 /* printf("Parent has died - Authentication agent exiting.\n"); */
963 cleanup_handler(sig); /* safe */ 980 cleanup_handler(sig); /* safe */
964 } 981 }
965 signal(SIGALRM, check_parent_exists); 982 mysignal(SIGALRM, check_parent_exists);
966 alarm(10); 983 alarm(10);
967 errno = save_errno; 984 errno = save_errno;
968} 985}
@@ -1007,7 +1024,7 @@ main(int ac, char **av)
1007 1024
1008 SSLeay_add_all_algorithms(); 1025 SSLeay_add_all_algorithms();
1009 1026
1010 __progname = get_progname(av[0]); 1027 __progname = ssh_get_progname(av[0]);
1011 init_rng(); 1028 init_rng();
1012 seed_rng(); 1029 seed_rng();
1013 1030
@@ -1194,7 +1211,7 @@ skip:
1194 fatal_add_cleanup(cleanup_socket, NULL); 1211 fatal_add_cleanup(cleanup_socket, NULL);
1195 new_socket(AUTH_SOCKET, sock); 1212 new_socket(AUTH_SOCKET, sock);
1196 if (ac > 0) { 1213 if (ac > 0) {
1197 signal(SIGALRM, check_parent_exists); 1214 mysignal(SIGALRM, check_parent_exists);
1198 alarm(10); 1215 alarm(10);
1199 } 1216 }
1200 idtab_init(); 1217 idtab_init();