diff options
Diffstat (limited to 'sshconnect2.c')
| -rw-r--r-- | sshconnect2.c | 29 |
1 files changed, 15 insertions, 14 deletions
diff --git a/sshconnect2.c b/sshconnect2.c index 2736856fa..258d7cf56 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
| @@ -23,7 +23,7 @@ | |||
| 23 | */ | 23 | */ |
| 24 | 24 | ||
| 25 | #include "includes.h" | 25 | #include "includes.h" |
| 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.100 2002/05/23 19:24:30 markus Exp $"); | 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.101 2002/05/24 08:45:14 markus Exp $"); |
| 27 | 27 | ||
| 28 | #include "ssh.h" | 28 | #include "ssh.h" |
| 29 | #include "ssh2.h" | 29 | #include "ssh2.h" |
| @@ -900,11 +900,16 @@ ssh_keysign( | |||
| 900 | u_char *data, u_int datalen) | 900 | u_char *data, u_int datalen) |
| 901 | { | 901 | { |
| 902 | Buffer b; | 902 | Buffer b; |
| 903 | struct stat st; | ||
| 903 | pid_t pid; | 904 | pid_t pid; |
| 904 | int to[2], from[2], status, version = 1; | 905 | int to[2], from[2], status, version = 1; |
| 905 | 906 | ||
| 906 | debug("ssh_keysign called"); | 907 | debug("ssh_keysign called"); |
| 907 | 908 | ||
| 909 | if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) { | ||
| 910 | error("ssh_keysign: no installed: %s", strerror(errno)); | ||
| 911 | return -1; | ||
| 912 | } | ||
| 908 | if (fflush(stdout) != 0) | 913 | if (fflush(stdout) != 0) |
| 909 | error("ssh_keysign: fflush: %s", strerror(errno)); | 914 | error("ssh_keysign: fflush: %s", strerror(errno)); |
| 910 | if (pipe(to) < 0) { | 915 | if (pipe(to) < 0) { |
| @@ -940,18 +945,10 @@ ssh_keysign( | |||
| 940 | msg_send(to[1], version, &b); | 945 | msg_send(to[1], version, &b); |
| 941 | 946 | ||
| 942 | if (msg_recv(from[0], &b) < 0) { | 947 | if (msg_recv(from[0], &b) < 0) { |
| 943 | debug("ssh_keysign: no reply"); | 948 | error("ssh_keysign: no reply"); |
| 944 | buffer_clear(&b); | ||
| 945 | return -1; | ||
| 946 | } | ||
| 947 | if (buffer_get_char(&b) != version) { | ||
| 948 | debug("ssh_keysign: bad version"); | ||
| 949 | buffer_clear(&b); | 949 | buffer_clear(&b); |
| 950 | return -1; | 950 | return -1; |
| 951 | } | 951 | } |
| 952 | *sigp = buffer_get_string(&b, lenp); | ||
| 953 | buffer_clear(&b); | ||
| 954 | |||
| 955 | close(from[0]); | 952 | close(from[0]); |
| 956 | close(to[1]); | 953 | close(to[1]); |
| 957 | 954 | ||
| @@ -959,13 +956,17 @@ ssh_keysign( | |||
| 959 | if (errno != EINTR) | 956 | if (errno != EINTR) |
| 960 | break; | 957 | break; |
| 961 | 958 | ||
| 959 | if (buffer_get_char(&b) != version) { | ||
| 960 | error("ssh_keysign: bad version"); | ||
| 961 | buffer_clear(&b); | ||
| 962 | return -1; | ||
| 963 | } | ||
| 964 | *sigp = buffer_get_string(&b, lenp); | ||
| 965 | buffer_clear(&b); | ||
| 966 | |||
| 962 | return 0; | 967 | return 0; |
| 963 | } | 968 | } |
| 964 | 969 | ||
| 965 | /* | ||
| 966 | * this will be move to an external program (ssh-keysign) ASAP. ssh-keysign | ||
| 967 | * will be setuid-root and the sbit can be removed from /usr/bin/ssh. | ||
| 968 | */ | ||
| 969 | int | 970 | int |
| 970 | userauth_hostbased(Authctxt *authctxt) | 971 | userauth_hostbased(Authctxt *authctxt) |
| 971 | { | 972 | { |