X-Git-Url: http://andersk.mit.edu/gitweb/gssapi-openssh.git/blobdiff_plain/c9f39d2c2cb442069d6568c47f70168e1f255e15..db5d66a5072fed3b0983cd21ee48f5c290939ca6:/openssh/authfd.c diff --git a/openssh/authfd.c b/openssh/authfd.c index 662350c..d6366ee 100644 --- a/openssh/authfd.c +++ b/openssh/authfd.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfd.c,v 1.64 2004/08/11 21:44:31 avsm Exp $"); +RCSID("$OpenBSD: authfd.c,v 1.45 2001/09/19 19:35:30 stevesk Exp $"); #include @@ -53,30 +53,13 @@ RCSID("$OpenBSD: authfd.c,v 1.64 2004/08/11 21:44:31 avsm Exp $"); #include "log.h" #include "atomicio.h" -static int agent_present = 0; - /* helper */ int decode_reply(int type); /* macro to check for "agent failure" message */ #define agent_failed(x) \ ((x == SSH_AGENT_FAILURE) || (x == SSH_COM_AGENT2_FAILURE) || \ - (x == SSH2_AGENT_FAILURE)) - -int -ssh_agent_present(void) -{ - int authfd; - - if (agent_present) - return 1; - if ((authfd = ssh_get_authentication_socket()) == -1) - return 0; - else { - ssh_close_authentication_socket(authfd); - return 1; - } -} + (x == SSH2_AGENT_FAILURE)) /* Returns the number of the authentication fd, or -1 if there is none. */ @@ -107,15 +90,13 @@ ssh_get_authentication_socket(void) close(sock); return -1; } - agent_present = 1; return sock; } static int ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply) { - int l; - u_int len; + int l, len; char buf[1024]; /* Get the length of the message, and format it in the buffer. */ @@ -123,8 +104,8 @@ ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply PUT_32BIT(buf, len); /* Send the length and then the packet to the agent. */ - if (atomicio(vwrite, auth->fd, buf, 4) != 4 || - atomicio(vwrite, auth->fd, buffer_ptr(request), + if (atomicio(write, auth->fd, buf, 4) != 4 || + atomicio(write, auth->fd, buffer_ptr(request), buffer_len(request)) != buffer_len(request)) { error("Error writing to authentication socket."); return 0; @@ -133,15 +114,22 @@ ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply * Wait for response from the agent. First read the length of the * response packet. */ - if (atomicio(read, auth->fd, buf, 4) != 4) { - error("Error reading response length from authentication socket."); - return 0; + len = 4; + while (len > 0) { + l = read(auth->fd, buf + 4 - len, len); + if (l == -1 && (errno == EAGAIN || errno == EINTR)) + continue; + if (l <= 0) { + error("Error reading response length from authentication socket."); + return 0; + } + len -= l; } /* Extract the length, and check it for sanity. */ len = GET_32BIT(buf); if (len > 256 * 1024) - fatal("Authentication response too long: %u", len); + fatal("Authentication response too long: %d", len); /* Read the rest of the response in to the buffer. */ buffer_clear(reply); @@ -149,12 +137,14 @@ ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply l = len; if (l > sizeof(buf)) l = sizeof(buf); - l = atomicio(read, auth->fd, buf, l); + l = read(auth->fd, buf, l); + if (l == -1 && (errno == EAGAIN || errno == EINTR)) + continue; if (l <= 0) { error("Error reading response from authentication socket."); return 0; } - buffer_append(reply, buf, l); + buffer_append(reply, (char *) buf, l); len -= l; } return 1; @@ -217,26 +207,6 @@ ssh_close_authentication_connection(AuthenticationConnection *auth) xfree(auth); } -/* Lock/unlock agent */ -int -ssh_lock_agent(AuthenticationConnection *auth, int lock, const char *password) -{ - int type; - Buffer msg; - - buffer_init(&msg); - buffer_put_char(&msg, lock ? SSH_AGENTC_LOCK : SSH_AGENTC_UNLOCK); - buffer_put_cstring(&msg, password); - - if (ssh_request_reply(auth, &msg, &msg) == 0) { - buffer_free(&msg); - return 0; - } - type = buffer_get_char(&msg); - buffer_free(&msg); - return decode_reply(type); -} - /* * Returns the first authentication identity held by the agent. */ @@ -247,7 +217,7 @@ ssh_get_num_identities(AuthenticationConnection *auth, int version) int type, code1 = 0, code2 = 0; Buffer request; - switch (version) { + switch(version){ case 1: code1 = SSH_AGENTC_REQUEST_RSA_IDENTITIES; code2 = SSH_AGENT_RSA_IDENTITIES_ANSWER; @@ -284,7 +254,7 @@ ssh_get_num_identities(AuthenticationConnection *auth, int version) /* Get the number of entries in the response and check it for sanity. */ auth->howmany = buffer_get_int(&auth->identities); - if ((u_int)auth->howmany > 1024) + if (auth->howmany > 1024) fatal("Too many identities in authentication reply: %d", auth->howmany); @@ -316,7 +286,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio * Get the next entry from the packet. These will abort with a fatal * error if the packet is too short or contains corrupt data. */ - switch (version) { + switch(version){ case 1: key = key_new(KEY_RSA1); bits = buffer_get_int(&auth->identities); @@ -324,7 +294,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio buffer_get_bignum(&auth->identities, key->rsa->n); *comment = buffer_get_string(&auth->identities, NULL); if (bits != BN_num_bits(key->rsa->n)) - logit("Warning: identity keysize mismatch: actual %d, announced %u", + log("Warning: identity keysize mismatch: actual %d, announced %u", BN_num_bits(key->rsa->n), bits); break; case 2: @@ -365,7 +335,7 @@ ssh_decrypt_challenge(AuthenticationConnection *auth, if (key->type != KEY_RSA1) return 0; if (response_type == 0) { - logit("Compatibility with ssh protocol version 1.0 no longer supported."); + log("Compatibility with ssh protocol version 1.0 no longer supported."); return 0; } buffer_init(&buffer); @@ -374,7 +344,7 @@ ssh_decrypt_challenge(AuthenticationConnection *auth, buffer_put_bignum(&buffer, key->rsa->e); buffer_put_bignum(&buffer, key->rsa->n); buffer_put_bignum(&buffer, challenge); - buffer_append(&buffer, session_id, 16); + buffer_append(&buffer, (char *) session_id, 16); buffer_put_int(&buffer, response_type); if (ssh_request_reply(auth, &buffer, &buffer) == 0) { @@ -384,7 +354,7 @@ ssh_decrypt_challenge(AuthenticationConnection *auth, type = buffer_get_char(&buffer); if (agent_failed(type)) { - logit("Agent admitted failure to authenticate using the key."); + log("Agent admitted failure to authenticate using the key."); } else if (type != SSH_AGENT_RSA_RESPONSE) { fatal("Bad authentication response: %d", type); } else { @@ -404,8 +374,8 @@ ssh_decrypt_challenge(AuthenticationConnection *auth, int ssh_agent_sign(AuthenticationConnection *auth, Key *key, - u_char **sigp, u_int *lenp, - u_char *data, u_int datalen) + u_char **sigp, int *lenp, + u_char *data, int datalen) { extern int datafellows; Buffer msg; @@ -433,7 +403,7 @@ ssh_agent_sign(AuthenticationConnection *auth, } type = buffer_get_char(&msg); if (agent_failed(type)) { - logit("Agent admitted failure to sign using the key."); + log("Agent admitted failure to sign using the key."); } else if (type != SSH2_AGENT_SIGN_RESPONSE) { fatal("Bad authentication response: %d", type); } else { @@ -449,6 +419,8 @@ ssh_agent_sign(AuthenticationConnection *auth, static void ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) { + buffer_clear(b); + buffer_put_char(b, SSH_AGENTC_ADD_RSA_IDENTITY); buffer_put_int(b, BN_num_bits(key->n)); buffer_put_bignum(b, key->n); buffer_put_bignum(b, key->e); @@ -463,8 +435,10 @@ ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) static void ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) { + buffer_clear(b); + buffer_put_char(b, SSH2_AGENTC_ADD_IDENTITY); buffer_put_cstring(b, key_ssh_name(key)); - switch (key->type) { + switch(key->type){ case KEY_RSA: buffer_put_bignum2(b, key->rsa->n); buffer_put_bignum2(b, key->rsa->e); @@ -490,28 +464,19 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) */ int -ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key, - const char *comment, u_int life, u_int confirm) +ssh_add_identity(AuthenticationConnection *auth, Key *key, const char *comment) { Buffer msg; - int type, constrained = (life || confirm); + int type; buffer_init(&msg); switch (key->type) { case KEY_RSA1: - type = constrained ? - SSH_AGENTC_ADD_RSA_ID_CONSTRAINED : - SSH_AGENTC_ADD_RSA_IDENTITY; - buffer_put_char(&msg, type); ssh_encode_identity_rsa1(&msg, key->rsa, comment); break; case KEY_RSA: case KEY_DSA: - type = constrained ? - SSH2_AGENTC_ADD_ID_CONSTRAINED : - SSH2_AGENTC_ADD_IDENTITY; - buffer_put_char(&msg, type); ssh_encode_identity_ssh2(&msg, key, comment); break; default: @@ -519,14 +484,6 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key, return 0; break; } - if (constrained) { - if (life != 0) { - buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_LIFETIME); - buffer_put_int(&msg, life); - } - if (confirm != 0) - buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_CONFIRM); - } if (ssh_request_reply(auth, &msg, &msg) == 0) { buffer_free(&msg); return 0; @@ -536,12 +493,6 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key, return decode_reply(type); } -int -ssh_add_identity(AuthenticationConnection *auth, Key *key, const char *comment) -{ - return ssh_add_identity_constrained(auth, key, comment, 0, 0); -} - /* * Removes an identity from the authentication server. This call is not * meant to be used by normal applications. @@ -581,33 +532,15 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key) } int -ssh_update_card(AuthenticationConnection *auth, int add, - const char *reader_id, const char *pin, u_int life, u_int confirm) +ssh_update_card(AuthenticationConnection *auth, int add, const char *reader_id) { Buffer msg; - int type, constrained = (life || confirm); - - if (add) { - type = constrained ? - SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED : - SSH_AGENTC_ADD_SMARTCARD_KEY; - } else - type = SSH_AGENTC_REMOVE_SMARTCARD_KEY; + int type; buffer_init(&msg); - buffer_put_char(&msg, type); + buffer_put_char(&msg, add ? SSH_AGENTC_ADD_SMARTCARD_KEY : + SSH_AGENTC_REMOVE_SMARTCARD_KEY); buffer_put_cstring(&msg, reader_id); - buffer_put_cstring(&msg, pin); - - if (constrained) { - if (life != 0) { - buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_LIFETIME); - buffer_put_int(&msg, life); - } - if (confirm != 0) - buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_CONFIRM); - } - if (ssh_request_reply(auth, &msg, &msg) == 0) { buffer_free(&msg); return 0; @@ -650,7 +583,7 @@ decode_reply(int type) case SSH_AGENT_FAILURE: case SSH_COM_AGENT2_FAILURE: case SSH2_AGENT_FAILURE: - logit("SSH_AGENT_FAILURE"); + log("SSH_AGENT_FAILURE"); return 0; case SSH_AGENT_SUCCESS: return 1;