Import of OpenSSH 3.7p1

[gssapi-openssh.git] / openssh / ssh-agent.c

diff --git a/openssh/ssh-agent.c b/openssh/ssh-agent.c
index eb593de73f12e7b86e064b12fa100e8298a1e54e..c05c61468c93e22ce0d62413b72acf12aadbb414 100644 (file)
--- a/openssh/ssh-agent.c
+++ b/openssh/ssh-agent.c
@@ -35,7 +35,7 @@
 
 #include "includes.h"
 #include "openbsd-compat/sys-queue.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.108 2003/03/13 11:44:50 markus Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.111 2003/06/12 19:12:03 markus Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/md5.h>
@@ -261,7 +261,7 @@ process_authentication_challenge1(SocketEntry *e)
                /* The response is MD5 of decrypted challenge plus session id. */
                len = BN_num_bytes(challenge);
                if (len <= 0 || len > 32) {
-                       log("process_authentication_challenge: bad challenge length %d", len);
+                       logit("process_authentication_challenge: bad challenge length %d", len);
                        goto failure;
                }
                memset(buf, 0, 32);
@@ -350,7 +350,7 @@ process_remove_identity(SocketEntry *e, int version)
                buffer_get_bignum(&e->request, key->rsa->n);
 
                if (bits != key_size(key))
-                       log("Warning: identity keysize mismatch: actual %u, announced %u",
+                       logit("Warning: identity keysize mismatch: actual %u, announced %u",
                            key_size(key), bits);
                break;
        case 2:
@@ -580,13 +580,29 @@ static void
 process_add_smartcard_key (SocketEntry *e)
 {
        char *sc_reader_id = NULL, *pin;
-       int i, version, success = 0;
+       int i, version, success = 0, death = 0, confirm = 0;
        Key **keys, *k;
        Identity *id;
        Idtab *tab;
 
        sc_reader_id = buffer_get_string(&e->request, NULL);
        pin = buffer_get_string(&e->request, NULL);
+
+       while (buffer_len(&e->request)) {
+               switch (buffer_get_char(&e->request)) {
+               case SSH_AGENT_CONSTRAIN_LIFETIME:
+                       death = time(NULL) + buffer_get_int(&e->request);
+                       break;
+               case SSH_AGENT_CONSTRAIN_CONFIRM:
+                       confirm = 1;
+                       break;
+               default:
+                       break;
+               }
+       }
+       if (lifetime && !death)
+               death = time(NULL) + lifetime;
+
        keys = sc_get_keys(sc_reader_id, pin);
        xfree(sc_reader_id);
        xfree(pin);
@@ -602,9 +618,9 @@ process_add_smartcard_key (SocketEntry *e)
                if (lookup_identity(k, version) == NULL) {
                        id = xmalloc(sizeof(Identity));
                        id->key = k;
-                       id->comment = xstrdup("smartcard key");
-                       id->death = 0;
-                       id->confirm = 0;
+                       id->comment = sc_get_key_label(k);
+                       id->death = death;
+                       id->confirm = confirm;
                        TAILQ_INSERT_TAIL(&tab->idlist, id, next);
                        tab->nentries++;
                        success = 1;
@@ -748,6 +764,7 @@ process_message(SocketEntry *e)
                break;
 #ifdef SMARTCARD
        case SSH_AGENTC_ADD_SMARTCARD_KEY:
+       case SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED:
                process_add_smartcard_key(e);
                break;
        case SSH_AGENTC_REMOVE_SMARTCARD_KEY:
@@ -962,7 +979,7 @@ check_parent_exists(int sig)
                /* printf("Parent has died - Authentication agent exiting.\n"); */
                cleanup_handler(sig); /* safe */
        }
-       signal(SIGALRM, check_parent_exists);
+       mysignal(SIGALRM, check_parent_exists);
        alarm(10);
        errno = save_errno;
 }
@@ -1007,7 +1024,7 @@ main(int ac, char **av)
 
        SSLeay_add_all_algorithms();
 
-       __progname = get_progname(av[0]);
+       __progname = ssh_get_progname(av[0]);
        init_rng();
        seed_rng();
 
@@ -1194,7 +1211,7 @@ skip:
        fatal_add_cleanup(cleanup_socket, NULL);
        new_socket(AUTH_SOCKET, sock);
        if (ac > 0) {
-               signal(SIGALRM, check_parent_exists);
+               mysignal(SIGALRM, check_parent_exists);
                alarm(10);
        }
        idtab_init();