change "No more 4-term BSD licenses in our tree" to

[openssh.git] / authfd.c

diff --git a/authfd.c b/authfd.c
index f04e0858b04806e2da4c53e59dbcb702bbf8ddf3..7e96269a468cd1a8840dcc487464d1142aefba6d 100644 (file)
--- a/authfd.c
+++ b/authfd.c
@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: authfd.c,v 1.57 2002/09/11 18:27:26 stevesk Exp $");
+RCSID("$OpenBSD: authfd.c,v 1.59 2003/04/08 20:21:28 itojun Exp $");
 
 #include <openssl/evp.h>
 
@@ -332,7 +332,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio
                buffer_get_bignum(&auth->identities, key->rsa->n);
                *comment = buffer_get_string(&auth->identities, NULL);
                if (bits != BN_num_bits(key->rsa->n))
-                       log("Warning: identity keysize mismatch: actual %d, announced %u",
+                       logit("Warning: identity keysize mismatch: actual %d, announced %u",
                            BN_num_bits(key->rsa->n), bits);
                break;
        case 2:
@@ -373,7 +373,7 @@ ssh_decrypt_challenge(AuthenticationConnection *auth,
        if (key->type != KEY_RSA1)
                return 0;
        if (response_type == 0) {
-               log("Compatibility with ssh protocol version 1.0 no longer supported.");
+               logit("Compatibility with ssh protocol version 1.0 no longer supported.");
                return 0;
        }
        buffer_init(&buffer);
@@ -392,7 +392,7 @@ ssh_decrypt_challenge(AuthenticationConnection *auth,
        type = buffer_get_char(&buffer);
 
        if (agent_failed(type)) {
-               log("Agent admitted failure to authenticate using the key.");
+               logit("Agent admitted failure to authenticate using the key.");
        } else if (type != SSH_AGENT_RSA_RESPONSE) {
                fatal("Bad authentication response: %d", type);
        } else {
@@ -441,7 +441,7 @@ ssh_agent_sign(AuthenticationConnection *auth,
        }
        type = buffer_get_char(&msg);
        if (agent_failed(type)) {
-               log("Agent admitted failure to sign using the key.");
+               logit("Agent admitted failure to sign using the key.");
        } else if (type != SSH2_AGENT_SIGN_RESPONSE) {
                fatal("Bad authentication response: %d", type);
        } else {
@@ -499,10 +499,10 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment)
 
 int
 ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key,
-    const char *comment, u_int life)
+    const char *comment, u_int life, u_int confirm)
 {
        Buffer msg;
-       int type, constrained = (life != 0);
+       int type, constrained = (life || confirm);
 
        buffer_init(&msg);
 
@@ -532,6 +532,8 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key,
                        buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_LIFETIME);
                        buffer_put_int(&msg, life);
                }
+               if (confirm != 0)
+                       buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_CONFIRM);
        }
        if (ssh_request_reply(auth, &msg, &msg) == 0) {
                buffer_free(&msg);
@@ -545,7 +547,7 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key,
 int
 ssh_add_identity(AuthenticationConnection *auth, Key *key, const char *comment)
 {
-       return ssh_add_identity_constrained(auth, key, comment, 0);
+       return ssh_add_identity_constrained(auth, key, comment, 0, 0);
 }
 
 /*
@@ -639,7 +641,7 @@ decode_reply(int type)
        case SSH_AGENT_FAILURE:
        case SSH_COM_AGENT2_FAILURE:
        case SSH2_AGENT_FAILURE:
-               log("SSH_AGENT_FAILURE");
+               logit("SSH_AGENT_FAILURE");
                return 0;
        case SSH_AGENT_SUCCESS:
                return 1;