1 files changed, 34 insertions, 18 deletions
diff --git a/ssh-agent.c b/ssh-agent.c
index a936134fe..c05c61468 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -35,7 +35,7 @@
 #include "includes.h"
 #include "openbsd-compat/sys-queue.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.108 2003/03/13 11:44:50 markus Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.111 2003/06/12 19:12:03 markus Exp $");
 #include <openssl/evp.h>
 #include <openssl/md5.h>
@@ -261,7 +261,7 @@ process_authentication_challenge1(SocketEntry *e)
                /* The response is MD5 of decrypted challenge plus session id. */
                len = BN_num_bytes(challenge);
                if (len <= 0 || len > 32) {
-                        log("process_authentication_challenge: bad challenge length %d", len);
+                        logit("process_authentication_challenge: bad challenge length %d", len);
                        goto failure;
                }
                memset(buf, 0, 32);
@@ -350,7 +350,7 @@ process_remove_identity(SocketEntry *e, int version)
                buffer_get_bignum(&e->request, key->rsa->n);
                if (bits != key_size(key))
-                        log("Warning: identity keysize mismatch: actual %u, announced %u",
+                        logit("Warning: identity keysize mismatch: actual %u, announced %u",
                            key_size(key), bits);
                break;
        case 2:
@@ -580,13 +580,29 @@ static void
 process_add_smartcard_key (SocketEntry *e)
 {
        char *sc_reader_id = NULL, *pin;
-        int i, version, success = 0;
+        int i, version, success = 0, death = 0, confirm = 0;
        Key **keys, *k;
        Identity *id;
        Idtab *tab;
        sc_reader_id = buffer_get_string(&e->request, NULL);
        pin = buffer_get_string(&e->request, NULL);
+        while (buffer_len(&e->request)) {
+                switch (buffer_get_char(&e->request)) {
+                case SSH_AGENT_CONSTRAIN_LIFETIME:
+                        death = time(NULL) + buffer_get_int(&e->request);
+                        break;
+                case SSH_AGENT_CONSTRAIN_CONFIRM:
+                        confirm = 1;
+                        break;
+                default:
+                        break;
+                }
+        }
+        if (lifetime && !death)
+                death = time(NULL) + lifetime;
        keys = sc_get_keys(sc_reader_id, pin);
        xfree(sc_reader_id);
        xfree(pin);
@@ -602,9 +618,9 @@ process_add_smartcard_key (SocketEntry *e)
                if (lookup_identity(k, version) == NULL) {
                        id = xmalloc(sizeof(Identity));
                        id->key = k;
-                        id->comment = xstrdup("smartcard key");
+                        id->comment = sc_get_key_label(k);
-                        id->death = 0;
+                        id->death = death;
-                        id->confirm = 0;
+                        id->confirm = confirm;
                        TAILQ_INSERT_TAIL(&tab->idlist, id, next);
                        tab->nentries++;
                        success = 1;
@@ -748,6 +764,7 @@ process_message(SocketEntry *e)
                break;
 #ifdef SMARTCARD
        case SSH_AGENTC_ADD_SMARTCARD_KEY:
+        case SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED:
                process_add_smartcard_key(e);
                break;
        case SSH_AGENTC_REMOVE_SMARTCARD_KEY:
@@ -767,7 +784,7 @@ process_message(SocketEntry *e)
 static void
 new_socket(sock_type type, int fd)
 {
-        u_int i, old_alloc, new_alloc;
+        u_int i, old_alloc;
        if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0)
                error("fcntl O_NONBLOCK: %s", strerror(errno));
@@ -778,26 +795,25 @@ new_socket(sock_type type, int fd)
        for (i = 0; i < sockets_alloc; i++)
                if (sockets[i].type == AUTH_UNUSED) {
                        sockets[i].fd = fd;
+                        sockets[i].type = type;
                        buffer_init(&sockets[i].input);
                        buffer_init(&sockets[i].output);
                        buffer_init(&sockets[i].request);
-                        sockets[i].type = type;
                        return;
                }
        old_alloc = sockets_alloc;
-        new_alloc = sockets_alloc + 10;
+        sockets_alloc += 10;
        if (sockets)
-                sockets = xrealloc(sockets, new_alloc * sizeof(sockets[0]));
+                sockets = xrealloc(sockets, sockets_alloc * sizeof(sockets[0]));
        else
-                sockets = xmalloc(new_alloc * sizeof(sockets[0]));
+                sockets = xmalloc(sockets_alloc * sizeof(sockets[0]));
-        for (i = old_alloc; i < new_alloc; i++)
+        for (i = old_alloc; i < sockets_alloc; i++)
                sockets[i].type = AUTH_UNUSED;
-        sockets_alloc = new_alloc;
+        sockets[old_alloc].type = type;
        sockets[old_alloc].fd = fd;
        buffer_init(&sockets[old_alloc].input);
        buffer_init(&sockets[old_alloc].output);
        buffer_init(&sockets[old_alloc].request);
-        sockets[old_alloc].type = type;
 }
 static int
@@ -963,7 +979,7 @@ check_parent_exists(int sig)
                /* printf("Parent has died - Authentication agent exiting.\n"); */
                cleanup_handler(sig); /* safe */
        }
-        signal(SIGALRM, check_parent_exists);
+        mysignal(SIGALRM, check_parent_exists);
        alarm(10);
        errno = save_errno;
 }
@@ -1008,7 +1024,7 @@ main(int ac, char **av)
        SSLeay_add_all_algorithms();
-        __progname = get_progname(av[0]);
+        __progname = ssh_get_progname(av[0]);
        init_rng();
        seed_rng();
@@ -1195,7 +1211,7 @@ skip:
        fatal_add_cleanup(cleanup_socket, NULL);
        new_socket(AUTH_SOCKET, sock);
        if (ac > 0) {
-                signal(SIGALRM, check_parent_exists);
+                mysignal(SIGALRM, check_parent_exists);
                alarm(10);
        }
        idtab_init();