Initial revision

[gssapi-openssh.git] / openssh / ssh-keysign.c

diff --git a/openssh/ssh-keysign.c b/openssh/ssh-keysign.c
index 79aee17c0ca34eae4db39983fa774bab377a2e40..9e9ebe2f1717328db9c2d7ceaa6d5bd844e275be 100644 (file)
--- a/openssh/ssh-keysign.c
+++ b/openssh/ssh-keysign.c
@@ -22,7 +22,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keysign.c,v 1.7 2002/07/03 14:21:05 markus Exp $");
+RCSID("$OpenBSD: ssh-keysign.c,v 1.15 2004/01/19 21:25:15 markus Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/rand.h>
@@ -42,7 +42,8 @@ RCSID("$OpenBSD: ssh-keysign.c,v 1.7 2002/07/03 14:21:05 markus Exp $");
 #include "pathnames.h"
 #include "readconf.h"
 
-uid_t original_real_uid;       /* XXX readconf.c needs this */
+/* XXX readconf.c needs these */
+uid_t original_real_uid;
 
 #ifdef HAVE___PROGNAME
 extern char *__progname;
@@ -55,7 +56,7 @@ valid_request(struct passwd *pw, char *host, Key **ret, u_char *data,
     u_int datalen)
 {
        Buffer b;
-       Key *key;
+       Key *key = NULL;
        u_char *pkblob;
        u_int blen, len;
        char *pkalg, *p;
@@ -125,6 +126,7 @@ valid_request(struct passwd *pw, char *host, Key **ret, u_char *data,
        /* end of message */
        if (buffer_len(&b) != 0)
                fail++;
+       buffer_free(&b);
 
        debug3("valid_request: fail %d", fail);
 
@@ -168,8 +170,8 @@ main(int argc, char **argv)
        initialize_options(&options);
        (void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options);
        fill_default_options(&options);
-       if (options.hostbased_authentication != 1)
-               fatal("Hostbased authentication not enabled in %s",
+       if (options.enable_ssh_keysign != 1)
+               fatal("ssh-keysign not enabled in %s",
                    _PATH_HOST_CONFIG_FILE);
 
        if (key_fd[0] == -1 && key_fd[1] == -1)
@@ -192,13 +194,6 @@ main(int argc, char **argv)
                keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC,
                    NULL, NULL);
                close(key_fd[i]);
-               if (keys[i] != NULL && keys[i]->type == KEY_RSA) {
-                       if (RSA_blinding_on(keys[i]->rsa, NULL) != 1) {
-                               error("RSA_blinding_on failed");
-                               key_free(keys[i]);
-                               keys[i] = NULL;
-                       }
-               }
                if (keys[i] != NULL)
                        found = 1;
        }
@@ -239,7 +234,8 @@ main(int argc, char **argv)
        /* send reply */
        buffer_clear(&b);
        buffer_put_string(&b, signature, slen);
-       ssh_msg_send(STDOUT_FILENO, version, &b);
+       if (ssh_msg_send(STDOUT_FILENO, version, &b) == -1)
+               fatal("ssh_msg_send failed");
 
        return (0);
 }