summaryrefslogtreecommitdiff
path: root/sshconnect2.c
diff options
context:
space:
mode:
Diffstat (limited to 'sshconnect2.c')
-rw-r--r--sshconnect2.c78
1 files changed, 67 insertions, 11 deletions
diff --git a/sshconnect2.c b/sshconnect2.c
index 22ad39e7f..1f49067ad 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -28,7 +28,7 @@
28 */ 28 */
29 29
30#include "includes.h" 30#include "includes.h"
31RCSID("$OpenBSD: sshconnect2.c,v 1.16 2000/07/16 08:27:22 markus Exp $"); 31RCSID("$OpenBSD: sshconnect2.c,v 1.17 2000/08/19 21:34:44 markus Exp $");
32 32
33#include <openssl/bn.h> 33#include <openssl/bn.h>
34#include <openssl/rsa.h> 34#include <openssl/rsa.h>
@@ -54,6 +54,7 @@ RCSID("$OpenBSD: sshconnect2.c,v 1.16 2000/07/16 08:27:22 markus Exp $");
54#include "dsa.h" 54#include "dsa.h"
55#include "sshconnect.h" 55#include "sshconnect.h"
56#include "authfile.h" 56#include "authfile.h"
57#include "authfd.h"
57 58
58/* import */ 59/* import */
59extern char *client_version_string; 60extern char *client_version_string;
@@ -291,7 +292,7 @@ typedef int sign_fn(
291 unsigned char **sigp, int *lenp, 292 unsigned char **sigp, int *lenp,
292 unsigned char *data, int datalen); 293 unsigned char *data, int datalen);
293 294
294void 295int
295ssh2_sign_and_send_pubkey(Key *k, sign_fn *do_sign, 296ssh2_sign_and_send_pubkey(Key *k, sign_fn *do_sign,
296 const char *server_user, const char *host, const char *service) 297 const char *server_user, const char *host, const char *service)
297{ 298{
@@ -299,6 +300,7 @@ ssh2_sign_and_send_pubkey(Key *k, sign_fn *do_sign,
299 unsigned char *blob, *signature; 300 unsigned char *blob, *signature;
300 int bloblen, slen; 301 int bloblen, slen;
301 int skip = 0; 302 int skip = 0;
303 int ret = -1;
302 304
303 dsa_make_key_blob(k, &blob, &bloblen); 305 dsa_make_key_blob(k, &blob, &bloblen);
304 306
@@ -323,8 +325,12 @@ ssh2_sign_and_send_pubkey(Key *k, sign_fn *do_sign,
323 buffer_put_string(&b, blob, bloblen); 325 buffer_put_string(&b, blob, bloblen);
324 326
325 /* generate signature */ 327 /* generate signature */
326 do_sign(k, &signature, &slen, buffer_ptr(&b), buffer_len(&b)); 328 ret = do_sign(k, &signature, &slen, buffer_ptr(&b), buffer_len(&b));
327 key_free(k); /* XXX */ 329 if (ret == -1) {
330 xfree(blob);
331 buffer_free(&b);
332 return 0;
333 }
328#ifdef DEBUG_DSS 334#ifdef DEBUG_DSS
329 buffer_dump(&b); 335 buffer_dump(&b);
330#endif 336#endif
@@ -357,6 +363,8 @@ ssh2_sign_and_send_pubkey(Key *k, sign_fn *do_sign,
357 /* send */ 363 /* send */
358 packet_send(); 364 packet_send();
359 packet_write_wait(); 365 packet_write_wait();
366
367 return 1;
360} 368}
361 369
362int 370int
@@ -364,6 +372,7 @@ ssh2_try_pubkey(char *filename,
364 const char *server_user, const char *host, const char *service) 372 const char *server_user, const char *host, const char *service)
365{ 373{
366 Key *k; 374 Key *k;
375 int ret = 0;
367 struct stat st; 376 struct stat st;
368 377
369 if (stat(filename, &st) != 0) { 378 if (stat(filename, &st) != 0) {
@@ -389,13 +398,53 @@ ssh2_try_pubkey(char *filename,
389 return 0; 398 return 0;
390 } 399 }
391 } 400 }
392 ssh2_sign_and_send_pubkey(k, dsa_sign, server_user, host, service); 401 ret = ssh2_sign_and_send_pubkey(k, dsa_sign, server_user, host, service);
393 return 1; 402 key_free(k);
403 return ret;
404}
405
406int agent_sign(
407 Key *key,
408 unsigned char **sigp, int *lenp,
409 unsigned char *data, int datalen)
410{
411 int ret = -1;
412 AuthenticationConnection *ac = ssh_get_authentication_connection();
413 if (ac != NULL) {
414 ret = ssh_agent_sign(ac, key, sigp, lenp, data, datalen);
415 ssh_close_authentication_connection(ac);
416 }
417 return ret;
418}
419
420int
421ssh2_try_agent(AuthenticationConnection *ac,
422 const char *server_user, const char *host, const char *service)
423{
424 static int called = 0;
425 char *comment;
426 Key *k;
427 int ret;
428
429 if (called == 0) {
430 k = ssh_get_first_identity(ac, &comment, 2);
431 called ++;
432 } else {
433 k = ssh_get_next_identity(ac, &comment, 2);
434 }
435 if (k == NULL)
436 return 0;
437 debug("trying DSA agent key %s", comment);
438 xfree(comment);
439 ret = ssh2_sign_and_send_pubkey(k, agent_sign, server_user, host, service);
440 key_free(k);
441 return ret;
394} 442}
395 443
396void 444void
397ssh_userauth2(const char *server_user, char *host) 445ssh_userauth2(const char *server_user, char *host)
398{ 446{
447 AuthenticationConnection *ac = ssh_get_authentication_connection();
399 int type; 448 int type;
400 int plen; 449 int plen;
401 int sent; 450 int sent;
@@ -450,12 +499,17 @@ ssh_userauth2(const char *server_user, char *host)
450 debug("partial success"); 499 debug("partial success");
451 if (options.dsa_authentication && 500 if (options.dsa_authentication &&
452 strstr(auths, "publickey") != NULL) { 501 strstr(auths, "publickey") != NULL) {
453 while (i < options.num_identity_files2) { 502 if (ac != NULL)
454 sent = ssh2_try_pubkey( 503 sent = ssh2_try_agent(ac,
455 options.identity_files2[i++],
456 server_user, host, service); 504 server_user, host, service);
457 if (sent) 505 if (!sent) {
458 break; 506 while (i < options.num_identity_files2) {
507 sent = ssh2_try_pubkey(
508 options.identity_files2[i++],
509 server_user, host, service);
510 if (sent)
511 break;
512 }
459 } 513 }
460 } 514 }
461 if (!sent) { 515 if (!sent) {
@@ -469,6 +523,8 @@ ssh_userauth2(const char *server_user, char *host)
469 fatal("Permission denied (%s).", auths); 523 fatal("Permission denied (%s).", auths);
470 xfree(auths); 524 xfree(auths);
471 } 525 }
526 if (ac != NULL)
527 ssh_close_authentication_connection(ac);
472 packet_done(); 528 packet_done();
473 debug("ssh-userauth2 successfull"); 529 debug("ssh-userauth2 successfull");
474} 530}
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-16 06:30:14 +0000