X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/20e79e98a3cf9322c70e30079f22d325f6fb1d0c..5c5546be1ad22eed40e38cde2f4171dfeef75821:/ssh-keysign.c diff --git a/ssh-keysign.c b/ssh-keysign.c index 6a435684..dae3a2e8 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -22,12 +22,15 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: ssh-keysign.c,v 1.5 2002/06/26 22:27:32 markus Exp $"); +RCSID("$OpenBSD: ssh-keysign.c,v 1.19 2005/09/13 23:40:07 djm Exp $"); #include +#include +#include #include "log.h" #include "key.h" +#include "ssh.h" #include "ssh2.h" #include "misc.h" #include "xmalloc.h" @@ -37,19 +40,20 @@ RCSID("$OpenBSD: ssh-keysign.c,v 1.5 2002/06/26 22:27:32 markus Exp $"); #include "msg.h" #include "canohost.h" #include "pathnames.h" +#include "readconf.h" +#include "uidswap.h" + +/* XXX readconf.c needs these */ +uid_t original_real_uid; -#ifdef HAVE___PROGNAME extern char *__progname; -#else -char *__progname; -#endif static int valid_request(struct passwd *pw, char *host, Key **ret, u_char *data, u_int datalen) { Buffer b; - Key *key; + Key *key = NULL; u_char *pkblob; u_int blen, len; char *pkalg, *p; @@ -119,6 +123,7 @@ valid_request(struct passwd *pw, char *host, Key **ret, u_char *data, /* end of message */ if (buffer_len(&b) != 0) fail++; + buffer_free(&b); debug3("valid_request: fail %d", fail); @@ -134,18 +139,31 @@ int main(int argc, char **argv) { Buffer b; + Options options; Key *keys[2], *key; struct passwd *pw; int key_fd[2], i, found, version = 2, fd; u_char *signature, *data; char *host; u_int slen, dlen; + u_int32_t rnd[256]; + + /* Ensure that stdin and stdout are connected */ + if ((fd = open(_PATH_DEVNULL, O_RDWR)) < 2) + exit(1); + /* Leave /dev/null fd iff it is attached to stderr */ + if (fd > 2) + close(fd); key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); - seteuid(getuid()); - setuid(getuid()); + original_real_uid = getuid(); /* XXX readconf.c needs this */ + if ((pw = getpwuid(original_real_uid)) == NULL) + fatal("getpwuid failed"); + pw = pwcopy(pw); + + permanently_set_uid(pw); init_rng(); seed_rng(); @@ -155,14 +173,21 @@ main(int argc, char **argv) log_init("ssh-keysign", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 0); #endif + /* verify that ssh-keysign is enabled by the admin */ + initialize_options(&options); + (void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options, 0); + fill_default_options(&options); + if (options.enable_ssh_keysign != 1) + fatal("ssh-keysign not enabled in %s", + _PATH_HOST_CONFIG_FILE); + if (key_fd[0] == -1 && key_fd[1] == -1) fatal("could not open any host key"); - if ((pw = getpwuid(getuid())) == NULL) - fatal("getpwuid failed"); - pw = pwcopy(pw); - SSLeay_add_all_algorithms(); + for (i = 0; i < 256; i++) + rnd[i] = arc4random(); + RAND_seed(rnd, sizeof(rnd)); found = 0; for (i = 0; i < 2; i++) { @@ -179,8 +204,8 @@ main(int argc, char **argv) fatal("no hostkey found"); buffer_init(&b); - if (msg_recv(STDIN_FILENO, &b) < 0) - fatal("msg_recv failed"); + if (ssh_msg_recv(STDIN_FILENO, &b) < 0) + fatal("ssh_msg_recv failed"); if (buffer_get_char(&b) != version) fatal("bad version"); fd = buffer_get_int(&b); @@ -212,7 +237,8 @@ main(int argc, char **argv) /* send reply */ buffer_clear(&b); buffer_put_string(&b, signature, slen); - msg_send(STDOUT_FILENO, version, &b); + if (ssh_msg_send(STDOUT_FILENO, version, &b) == -1) + fatal("ssh_msg_send failed"); return (0); }