+20000721
+ - (djm) OpenBSD CVS updates:
+ - markus@cvs.openbsd.org 2000/07/16 02:27:22
+ [authfd.c authfd.h channels.c clientloop.c ssh-add.c ssh-agent.c ssh.c]
+ [sshconnect1.c sshconnect2.c]
+ make ssh-add accept dsa keys (the agent does not)
+ - djm@cvs.openbsd.org 2000/07/17 19:25:02
+ [sshd.c]
+ Another closing of stdin; ok deraadt
+ - markus@cvs.openbsd.org 2000/07/19 18:33:12
+ [dsa.c]
+ missing free, reorder
+ - markus@cvs.openbsd.org 2000/07/20 16:23:14
+ [ssh-keygen.1]
+ document input and output files
+
20000720
- - Spec file fix from Petr Novotny <Petr.Novotny@antek.cz>
+ -
(djm) Spec file fix from Petr Novotny <Petr.Novotny@antek.cz>
20000716
- - Release 2.1.1p4
+ - (djm) Release 2.1.1p4
20000715
- (djm) OpenBSD CVS updates
*/
#include "includes.h"
-RCSID("$OpenBSD: authfd.c,v 1.21 2000/06/26 09:22:29 markus Exp $");
+RCSID("$OpenBSD: authfd.c,v 1.22 2000/07/16 08:27:20 markus Exp $");
#include "ssh.h"
#include "rsa.h"
-#include "authfd.h"
#include "buffer.h"
#include "bufaux.h"
#include "xmalloc.h"
#include "getput.h"
#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/evp.h>
+#include "key.h"
+#include "authfd.h"
+#include "kex.h"
/* helper */
int ssh_agent_get_reply(AuthenticationConnection *auth);
* Send a message to the agent requesting for a list of the
* identities it can represent.
*/
- msg[0] = 0;
- msg[1] = 0;
- msg[2] = 0;
- msg[3] = 1;
+ PUT_32BIT(msg, 1);
msg[4] = SSH_AGENTC_REQUEST_RSA_IDENTITIES;
if (atomicio(write, auth->fd, msg, 5) != 5) {
error("write auth->fd: %.100s", strerror(errno));
return 1;
}
+/* Encode key for a message to the agent. */
+
+void
+ssh_encode_identity_rsa(Buffer *b, RSA *key, const char *comment)
+{
+ buffer_clear(b);
+ buffer_put_char(b, SSH_AGENTC_ADD_RSA_IDENTITY);
+ buffer_put_int(b, BN_num_bits(key->n));
+ buffer_put_bignum(b, key->n);
+ buffer_put_bignum(b, key->e);
+ buffer_put_bignum(b, key->d);
+ /* To keep within the protocol: p < q for ssh. in SSL p > q */
+ buffer_put_bignum(b, key->iqmp); /* ssh key->u */
+ buffer_put_bignum(b, key->q); /* ssh key->p, SSL key->q */
+ buffer_put_bignum(b, key->p); /* ssh key->q, SSL key->p */
+ buffer_put_string(b, comment, strlen(comment));
+}
+
+void
+ssh_encode_identity_dsa(Buffer *b, DSA *key, const char *comment)
+{
+ buffer_clear(b);
+ buffer_put_char(b, SSH2_AGENTC_ADD_IDENTITY);
+ buffer_put_cstring(b, KEX_DSS);
+ buffer_put_bignum2(b, key->p);
+ buffer_put_bignum2(b, key->q);
+ buffer_put_bignum2(b, key->g);
+ buffer_put_bignum2(b, key->pub_key);
+ buffer_put_bignum2(b, key->priv_key);
+ buffer_put_string(b, comment, strlen(comment));
+}
+
/*
* Adds an identity to the authentication server. This call is not meant to
* be used by normal applications.
*/
int
-ssh_add_identity(AuthenticationConnection *auth,
- RSA * key, const char *comment)
+ssh_add_identity(AuthenticationConnection *auth, Key *key, const char *comment)
{
Buffer buffer;
unsigned char buf[8192];
int len;
- /* Format a message to the agent. */
buffer_init(&buffer);
- buffer_put_char(&buffer, SSH_AGENTC_ADD_RSA_IDENTITY);
- buffer_put_int(&buffer, BN_num_bits(key->n));
- buffer_put_bignum(&buffer, key->n);
- buffer_put_bignum(&buffer, key->e);
- buffer_put_bignum(&buffer, key->d);
- /* To keep within the protocol: p < q for ssh. in SSL p > q */
- buffer_put_bignum(&buffer, key->iqmp); /* ssh key->u */
- buffer_put_bignum(&buffer, key->q); /* ssh key->p, SSL key->q */
- buffer_put_bignum(&buffer, key->p); /* ssh key->q, SSL key->p */
- buffer_put_string(&buffer, comment, strlen(comment));
+
+ switch (key->type) {
+ case KEY_RSA:
+ ssh_encode_identity_rsa(&buffer, key->rsa, comment);
+ break;
+ case KEY_DSA:
+ ssh_encode_identity_dsa(&buffer, key->dsa, comment);
+ break;
+ default:
+ buffer_free(&buffer);
+ return 0;
+ break;
+ }
/* Get the length of the message, and format it in the buffer. */
len = buffer_len(&buffer);
buffer_free(&buffer);
switch (type) {
case SSH_AGENT_FAILURE:
+log("SSH_AGENT_FAILURE");
return 0;
case SSH_AGENT_SUCCESS:
return 1;
*
*/
-/* RCSID("$OpenBSD: authfd.h,v 1.8 2000/06/20 01:39:38 markus Exp $"); */
+/* RCSID("$OpenBSD: authfd.h,v 1.9 2000/07/16 08:27:21 markus Exp $"); */
#ifndef AUTHFD_H
#define AUTHFD_H
#define SSH_AGENTC_REMOVE_RSA_IDENTITY 8
#define SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES 9
+#define SSH2_AGENTC_REQUEST_IDENTITIES 11
+#define SSH2_AGENT_IDENTITIES_ANSWER 12
+#define SSH2_AGENTC_SIGN_REQUEST 13
+#define SSH2_AGENT_SIGN_RESPONSE 14
+#define SSH2_AGENT_FAILURE SSH_AGENT_FAILURE
+#define SSH2_AGENT_SUCCESS SSH_AGENT_SUCCESS
+#define SSH2_AGENTC_ADD_IDENTITY 17
+#define SSH2_AGENTC_REMOVE_IDENTITY 18
+#define SSH2_AGENTC_REMOVE_ALL_IDENTITIES 19
+
typedef struct {
int fd;
Buffer packet;
* successfully added.
*/
int
-ssh_add_identity(AuthenticationConnection * connection, RSA * key,
+ssh_add_identity(AuthenticationConnection * connection, Key *key,
const char *comment);
/*
*/
#include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.63 2000/06/25 20:17:57 provos Exp $");
+RCSID("$OpenBSD: channels.c,v 1.64 2000/07/16 08:27:21 markus Exp $");
#include "ssh.h"
#include "packet.h"
#include "xmalloc.h"
#include "buffer.h"
-#include "authfd.h"
#include "uidswap.h"
#include "readconf.h"
#include "servconf.h"
#include "ssh2.h"
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include "key.h"
+#include "authfd.h"
+
/* Maximum number of fake X11 displays to try. */
#define MAX_DISPLAYS 1000
*/
#include "includes.h"
-RCSID("$OpenBSD: clientloop.c,v 1.28 2000/07/13 23:14:08 provos Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.29 2000/07/16 08:27:21 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
#include "packet.h"
#include "buffer.h"
-#include "authfd.h"
#include "readconf.h"
#include "ssh2.h"
#include "channels.h"
#include "dispatch.h"
-
/* Flag indicating that stdin should be redirected from /dev/null. */
extern int stdin_null_flag;
*/
#include "includes.h"
-RCSID("$OpenBSD: dsa.c,v 1.9 2000/06/20 01:39:41 markus Exp $");
+RCSID("$OpenBSD: dsa.c,v 1.10 2000/07/20 00:33:12 markus Exp $");
#include "ssh.h"
#include "xmalloc.h"
#define SIGBLOB_LEN (2*INTBLOB_LEN)
Key *
-dsa_key_from_blob(
- char *blob, int blen)
+dsa_key_from_blob(char *blob, int blen)
{
Buffer b;
char *ktype;
dump_base64(stderr, blob, blen);
#endif
/* fetch & parse DSA/DSS pubkey */
- key = key_new(KEY_DSA);
- dsa = key->dsa;
buffer_init(&b);
buffer_append(&b, blob, blen);
ktype = buffer_get_string(&b, NULL);
if (strcmp(KEX_DSS, ktype) != 0) {
error("dsa_key_from_blob: cannot handle type %s", ktype);
- key_free(key);
+ buffer_free(&b);
+ xfree(ktype);
return NULL;
}
+ key = key_new(KEY_DSA);
+ dsa = key->dsa;
buffer_get_bignum2(&b, dsa->p);
buffer_get_bignum2(&b, dsa->q);
buffer_get_bignum2(&b, dsa->g);
if(rlen != 0)
error("dsa_key_from_blob: remaining bytes in key blob %d", rlen);
buffer_free(&b);
+ xfree(ktype);
- debug("keytype %s", ktype);
#ifdef DEBUG_DSS
DSA_print_fp(stderr, dsa, 8);
#endif
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-add.c,v 1.17 2000/06/20 01:39:44 markus Exp $");
+RCSID("$OpenBSD: ssh-add.c,v 1.18 2000/07/16 08:27:21 markus Exp $");
#include <openssl/rsa.h>
#include <openssl/dsa.h>
#include "rsa.h"
#include "ssh.h"
#include "xmalloc.h"
-#include "authfd.h"
#include "fingerprint.h"
#include "key.h"
+#include "authfd.h"
#include "authfile.h"
#ifdef HAVE___PROGNAME
char buf[1024], msg[1024];
int success;
int interactive = isatty(STDIN_FILENO);
+ int type = KEY_RSA;
+ /*
+ * try to load the public key. right now this only works for RSA,
+ * since DSA keys are fully encrypted
+ */
public = key_new(KEY_RSA);
if (!load_public_key(filename, public, &saved_comment)) {
- printf("Bad key file %s: %s\n", filename, strerror(errno));
- return;
+ /* ok, so we will asume this is a DSA key */
+ type = KEY_DSA;
+ saved_comment = xstrdup(filename);
}
key_free(public);
}
/* At first, try empty passphrase */
- private = key_new(KEY_RSA);
+ private = key_new(type);
success = load_private_key(filename, "", private, &comment);
if (!success) {
printf("Need passphrase for %.200s\n", filename);
}
xfree(saved_comment);
- if (ssh_add_identity(ac, private->rsa, comment))
+ if (ssh_add_identity(ac, private, comment))
fprintf(stderr, "Identity added: %s (%s)\n", filename, comment);
else
fprintf(stderr, "Could not add identity: %s\n", filename);
-/* $OpenBSD: ssh-agent.c,v 1.31 2000/04/29 18:11:52 markus Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.32 2000/07/16 08:27:21 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.31 2000/04/29 18:11:52 markus Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.32 2000/07/16 08:27:21 markus Exp $");
#include "ssh.h"
#include "rsa.h"
-#include "authfd.h"
#include "buffer.h"
#include "bufaux.h"
#include "xmalloc.h"
#include "mpaux.h"
#include <openssl/md5.h>
+#include <openssl/dsa.h>
+#include <openssl/rsa.h>
+#include "key.h"
+#include "authfd.h"
typedef struct {
int fd;
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.57 2000/07/15 04:01:37 djm Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.58 2000/07/16 08:27:22 markus Exp $");
#include <openssl/evp.h>
#include <openssl/dsa.h>
#include "ssh.h"
#include "packet.h"
#include "buffer.h"
-#include "authfd.h"
#include "readconf.h"
#include "uidswap.h"
#include "compat.h"
#include "channels.h"
#include "key.h"
+#include "authfd.h"
#include "authfile.h"
#ifdef HAVE___PROGNAME
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect1.c,v 1.3 2000/05/08 17:12:16 markus Exp $");
+RCSID("$OpenBSD: sshconnect1.c,v 1.4 2000/07/16 08:27:22 markus Exp $");
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include "ssh.h"
#include "buffer.h"
#include "packet.h"
-#include "authfd.h"
#include "cipher.h"
#include "mpaux.h"
#include "uidswap.h"
#include "readconf.h"
#include "key.h"
+#include "authfd.h"
#include "sshconnect.h"
#include "authfile.h"
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.15 2000/06/21 16:46:10 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.16 2000/07/16 08:27:22 markus Exp $");
#include <openssl/bn.h>
#include <openssl/rsa.h>
return 1;
}
-int
-ssh2_try_pubkey(char *filename,
+typedef int sign_fn(
+ Key *key,
+ unsigned char **sigp, int *lenp,
+ unsigned char *data, int datalen);
+
+void
+ssh2_sign_and_send_pubkey(Key *k, sign_fn *do_sign,
const char *server_user, const char *host, const char *service)
{
Buffer b;
- Key *k;
unsigned char *blob, *signature;
int bloblen, slen;
- struct stat st;
int skip = 0;
- if (stat(filename, &st) != 0) {
- debug("key does not exist: %s", filename);
- return 0;
- }
- debug("try pubkey: %s", filename);
-
- k = key_new(KEY_DSA);
- if (!load_private_key(filename, "", k, NULL)) {
- int success = 0;
- char *passphrase;
- char prompt[300];
- snprintf(prompt, sizeof prompt,
- "Enter passphrase for DSA key '%.100s': ",
- filename);
- passphrase = read_passphrase(prompt, 0);
- success = load_private_key(filename, passphrase, k, NULL);
- memset(passphrase, 0, strlen(passphrase));
- xfree(passphrase);
- if (!success) {
- key_free(k);
- return 0;
- }
- }
dsa_make_key_blob(k, &blob, &bloblen);
/* data to be signed */
buffer_put_string(&b, blob, bloblen);
/* generate signature */
- dsa_sign(k, &signature, &slen, buffer_ptr(&b), buffer_len(&b));
- key_free(k);
+ do_sign(k, &signature, &slen, buffer_ptr(&b), buffer_len(&b));
+ key_free(k); /* XXX */
#ifdef DEBUG_DSS
buffer_dump(&b);
#endif
/* send */
packet_send();
packet_write_wait();
+}
+
+int
+ssh2_try_pubkey(char *filename,
+ const char *server_user, const char *host, const char *service)
+{
+ Key *k;
+ struct stat st;
+
+ if (stat(filename, &st) != 0) {
+ debug("key does not exist: %s", filename);
+ return 0;
+ }
+ debug("try pubkey: %s", filename);
+
+ k = key_new(KEY_DSA);
+ if (!load_private_key(filename, "", k, NULL)) {
+ int success = 0;
+ char *passphrase;
+ char prompt[300];
+ snprintf(prompt, sizeof prompt,
+ "Enter passphrase for DSA key '%.100s': ",
+ filename);
+ passphrase = read_passphrase(prompt, 0);
+ success = load_private_key(filename, passphrase, k, NULL);
+ memset(passphrase, 0, strlen(passphrase));
+ xfree(passphrase);
+ if (!success) {
+ key_free(k);
+ return 0;
+ }
+ }
+ ssh2_sign_and_send_pubkey(k, dsa_sign, server_user, host, service);
return 1;
}
*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.122 2000/07/11 08:11:34 deraadt Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.123 2000/07/18 01:25:01 djm Exp $");
#include "xmalloc.h"
#include "rsa.h"
s2 = dup(s1);
sock_in = dup(0);
sock_out = dup(1);
+ startup_pipe = -1;
/*
* We intentionally do not close the descriptors 0, 1, and 2
* as our code for setting the descriptors won\'t work if
andersk / openssh.git / commitdiff
