diff options
Diffstat (limited to 'sshconnect2.c')
-rw-r--r-- | sshconnect2.c | 78 |
1 files changed, 67 insertions, 11 deletions
diff --git a/sshconnect2.c b/sshconnect2.c index 22ad39e7f..1f49067ad 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -28,7 +28,7 @@ | |||
28 | */ | 28 | */ |
29 | 29 | ||
30 | #include "includes.h" | 30 | #include "includes.h" |
31 | RCSID("$OpenBSD: sshconnect2.c,v 1.16 2000/07/16 08:27:22 markus Exp $"); | 31 | RCSID("$OpenBSD: sshconnect2.c,v 1.17 2000/08/19 21:34:44 markus Exp $"); |
32 | 32 | ||
33 | #include <openssl/bn.h> | 33 | #include <openssl/bn.h> |
34 | #include <openssl/rsa.h> | 34 | #include <openssl/rsa.h> |
@@ -54,6 +54,7 @@ RCSID("$OpenBSD: sshconnect2.c,v 1.16 2000/07/16 08:27:22 markus Exp $"); | |||
54 | #include "dsa.h" | 54 | #include "dsa.h" |
55 | #include "sshconnect.h" | 55 | #include "sshconnect.h" |
56 | #include "authfile.h" | 56 | #include "authfile.h" |
57 | #include "authfd.h" | ||
57 | 58 | ||
58 | /* import */ | 59 | /* import */ |
59 | extern char *client_version_string; | 60 | extern char *client_version_string; |
@@ -291,7 +292,7 @@ typedef int sign_fn( | |||
291 | unsigned char **sigp, int *lenp, | 292 | unsigned char **sigp, int *lenp, |
292 | unsigned char *data, int datalen); | 293 | unsigned char *data, int datalen); |
293 | 294 | ||
294 | void | 295 | int |
295 | ssh2_sign_and_send_pubkey(Key *k, sign_fn *do_sign, | 296 | ssh2_sign_and_send_pubkey(Key *k, sign_fn *do_sign, |
296 | const char *server_user, const char *host, const char *service) | 297 | const char *server_user, const char *host, const char *service) |
297 | { | 298 | { |
@@ -299,6 +300,7 @@ ssh2_sign_and_send_pubkey(Key *k, sign_fn *do_sign, | |||
299 | unsigned char *blob, *signature; | 300 | unsigned char *blob, *signature; |
300 | int bloblen, slen; | 301 | int bloblen, slen; |
301 | int skip = 0; | 302 | int skip = 0; |
303 | int ret = -1; | ||
302 | 304 | ||
303 | dsa_make_key_blob(k, &blob, &bloblen); | 305 | dsa_make_key_blob(k, &blob, &bloblen); |
304 | 306 | ||
@@ -323,8 +325,12 @@ ssh2_sign_and_send_pubkey(Key *k, sign_fn *do_sign, | |||
323 | buffer_put_string(&b, blob, bloblen); | 325 | buffer_put_string(&b, blob, bloblen); |
324 | 326 | ||
325 | /* generate signature */ | 327 | /* generate signature */ |
326 | do_sign(k, &signature, &slen, buffer_ptr(&b), buffer_len(&b)); | 328 | ret = do_sign(k, &signature, &slen, buffer_ptr(&b), buffer_len(&b)); |
327 | key_free(k); /* XXX */ | 329 | if (ret == -1) { |
330 | xfree(blob); | ||
331 | buffer_free(&b); | ||
332 | return 0; | ||
333 | } | ||
328 | #ifdef DEBUG_DSS | 334 | #ifdef DEBUG_DSS |
329 | buffer_dump(&b); | 335 | buffer_dump(&b); |
330 | #endif | 336 | #endif |
@@ -357,6 +363,8 @@ ssh2_sign_and_send_pubkey(Key *k, sign_fn *do_sign, | |||
357 | /* send */ | 363 | /* send */ |
358 | packet_send(); | 364 | packet_send(); |
359 | packet_write_wait(); | 365 | packet_write_wait(); |
366 | |||
367 | return 1; | ||
360 | } | 368 | } |
361 | 369 | ||
362 | int | 370 | int |
@@ -364,6 +372,7 @@ ssh2_try_pubkey(char *filename, | |||
364 | const char *server_user, const char *host, const char *service) | 372 | const char *server_user, const char *host, const char *service) |
365 | { | 373 | { |
366 | Key *k; | 374 | Key *k; |
375 | int ret = 0; | ||
367 | struct stat st; | 376 | struct stat st; |
368 | 377 | ||
369 | if (stat(filename, &st) != 0) { | 378 | if (stat(filename, &st) != 0) { |
@@ -389,13 +398,53 @@ ssh2_try_pubkey(char *filename, | |||
389 | return 0; | 398 | return 0; |
390 | } | 399 | } |
391 | } | 400 | } |
392 | ssh2_sign_and_send_pubkey(k, dsa_sign, server_user, host, service); | 401 | ret = ssh2_sign_and_send_pubkey(k, dsa_sign, server_user, host, service); |
393 | return 1; | 402 | key_free(k); |
403 | return ret; | ||
404 | } | ||
405 | |||
406 | int agent_sign( | ||
407 | Key *key, | ||
408 | unsigned char **sigp, int *lenp, | ||
409 | unsigned char *data, int datalen) | ||
410 | { | ||
411 | int ret = -1; | ||
412 | AuthenticationConnection *ac = ssh_get_authentication_connection(); | ||
413 | if (ac != NULL) { | ||
414 | ret = ssh_agent_sign(ac, key, sigp, lenp, data, datalen); | ||
415 | ssh_close_authentication_connection(ac); | ||
416 | } | ||
417 | return ret; | ||
418 | } | ||
419 | |||
420 | int | ||
421 | ssh2_try_agent(AuthenticationConnection *ac, | ||
422 | const char *server_user, const char *host, const char *service) | ||
423 | { | ||
424 | static int called = 0; | ||
425 | char *comment; | ||
426 | Key *k; | ||
427 | int ret; | ||
428 | |||
429 | if (called == 0) { | ||
430 | k = ssh_get_first_identity(ac, &comment, 2); | ||
431 | called ++; | ||
432 | } else { | ||
433 | k = ssh_get_next_identity(ac, &comment, 2); | ||
434 | } | ||
435 | if (k == NULL) | ||
436 | return 0; | ||
437 | debug("trying DSA agent key %s", comment); | ||
438 | xfree(comment); | ||
439 | ret = ssh2_sign_and_send_pubkey(k, agent_sign, server_user, host, service); | ||
440 | key_free(k); | ||
441 | return ret; | ||
394 | } | 442 | } |
395 | 443 | ||
396 | void | 444 | void |
397 | ssh_userauth2(const char *server_user, char *host) | 445 | ssh_userauth2(const char *server_user, char *host) |
398 | { | 446 | { |
447 | AuthenticationConnection *ac = ssh_get_authentication_connection(); | ||
399 | int type; | 448 | int type; |
400 | int plen; | 449 | int plen; |
401 | int sent; | 450 | int sent; |
@@ -450,12 +499,17 @@ ssh_userauth2(const char *server_user, char *host) | |||
450 | debug("partial success"); | 499 | debug("partial success"); |
451 | if (options.dsa_authentication && | 500 | if (options.dsa_authentication && |
452 | strstr(auths, "publickey") != NULL) { | 501 | strstr(auths, "publickey") != NULL) { |
453 | while (i < options.num_identity_files2) { | 502 | if (ac != NULL) |
454 | sent = ssh2_try_pubkey( | 503 | sent = ssh2_try_agent(ac, |
455 | options.identity_files2[i++], | ||
456 | server_user, host, service); | 504 | server_user, host, service); |
457 | if (sent) | 505 | if (!sent) { |
458 | break; | 506 | while (i < options.num_identity_files2) { |
507 | sent = ssh2_try_pubkey( | ||
508 | options.identity_files2[i++], | ||
509 | server_user, host, service); | ||
510 | if (sent) | ||
511 | break; | ||
512 | } | ||
459 | } | 513 | } |
460 | } | 514 | } |
461 | if (!sent) { | 515 | if (!sent) { |
@@ -469,6 +523,8 @@ ssh_userauth2(const char *server_user, char *host) | |||
469 | fatal("Permission denied (%s).", auths); | 523 | fatal("Permission denied (%s).", auths); |
470 | xfree(auths); | 524 | xfree(auths); |
471 | } | 525 | } |
526 | if (ac != NULL) | ||
527 | ssh_close_authentication_connection(ac); | ||
472 | packet_done(); | 528 | packet_done(); |
473 | debug("ssh-userauth2 successfull"); | 529 | debug("ssh-userauth2 successfull"); |
474 | } | 530 | } |