- markus@cvs.openbsd.org 2002/06/05 16:48:54
[ssh-agent.c] copy current request into an extra buffer and just flush this request on errors, ok provos@
This commit is contained in:
parent
b7788f3ebe
commit
21d1ed8303
|
@ -106,6 +106,10 @@
|
|||
[ssh-agent.1 ssh-agent.c]
|
||||
'-a bind_address' binds the agent to user-specified unix-domain
|
||||
socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago).
|
||||
- markus@cvs.openbsd.org 2002/06/05 16:48:54
|
||||
[ssh-agent.c]
|
||||
copy current request into an extra buffer and just flush this
|
||||
request on errors, ok provos@
|
||||
|
||||
20020604
|
||||
- (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed
|
||||
|
@ -790,4 +794,4 @@
|
|||
- (stevesk) entropy.c: typo in debug message
|
||||
- (djm) ssh-keygen -i needs seeded RNG; report from markus@
|
||||
|
||||
$Id: ChangeLog,v 1.2172 2002/06/06 21:46:57 mouring Exp $
|
||||
$Id: ChangeLog,v 1.2173 2002/06/06 21:48:57 mouring Exp $
|
||||
|
|
97
ssh-agent.c
97
ssh-agent.c
|
@ -35,7 +35,7 @@
|
|||
|
||||
#include "includes.h"
|
||||
#include "openbsd-compat/fake-queue.h"
|
||||
RCSID("$OpenBSD: ssh-agent.c,v 1.86 2002/06/05 16:08:07 markus Exp $");
|
||||
RCSID("$OpenBSD: ssh-agent.c,v 1.87 2002/06/05 16:48:54 markus Exp $");
|
||||
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/md5.h>
|
||||
|
@ -66,6 +66,7 @@ typedef struct {
|
|||
sock_type type;
|
||||
Buffer input;
|
||||
Buffer output;
|
||||
Buffer request;
|
||||
} SocketEntry;
|
||||
|
||||
u_int sockets_alloc = 0;
|
||||
|
@ -190,16 +191,16 @@ process_authentication_challenge1(SocketEntry *e)
|
|||
if ((challenge = BN_new()) == NULL)
|
||||
fatal("process_authentication_challenge1: BN_new failed");
|
||||
|
||||
buffer_get_int(&e->input); /* ignored */
|
||||
buffer_get_bignum(&e->input, key->rsa->e);
|
||||
buffer_get_bignum(&e->input, key->rsa->n);
|
||||
buffer_get_bignum(&e->input, challenge);
|
||||
buffer_get_int(&e->request); /* ignored */
|
||||
buffer_get_bignum(&e->request, key->rsa->e);
|
||||
buffer_get_bignum(&e->request, key->rsa->n);
|
||||
buffer_get_bignum(&e->request, challenge);
|
||||
|
||||
/* Only protocol 1.1 is supported */
|
||||
if (buffer_len(&e->input) == 0)
|
||||
if (buffer_len(&e->request) == 0)
|
||||
goto failure;
|
||||
buffer_get(&e->input, session_id, 16);
|
||||
response_type = buffer_get_int(&e->input);
|
||||
buffer_get(&e->request, session_id, 16);
|
||||
response_type = buffer_get_int(&e->request);
|
||||
if (response_type != 1)
|
||||
goto failure;
|
||||
|
||||
|
@ -255,10 +256,10 @@ process_sign_request2(SocketEntry *e)
|
|||
|
||||
datafellows = 0;
|
||||
|
||||
blob = buffer_get_string(&e->input, &blen);
|
||||
data = buffer_get_string(&e->input, &dlen);
|
||||
blob = buffer_get_string(&e->request, &blen);
|
||||
data = buffer_get_string(&e->request, &dlen);
|
||||
|
||||
flags = buffer_get_int(&e->input);
|
||||
flags = buffer_get_int(&e->request);
|
||||
if (flags & SSH_AGENT_OLD_SIGNATURE)
|
||||
datafellows = SSH_BUG_SIGBLOB;
|
||||
|
||||
|
@ -299,16 +300,16 @@ process_remove_identity(SocketEntry *e, int version)
|
|||
switch (version) {
|
||||
case 1:
|
||||
key = key_new(KEY_RSA1);
|
||||
bits = buffer_get_int(&e->input);
|
||||
buffer_get_bignum(&e->input, key->rsa->e);
|
||||
buffer_get_bignum(&e->input, key->rsa->n);
|
||||
bits = buffer_get_int(&e->request);
|
||||
buffer_get_bignum(&e->request, key->rsa->e);
|
||||
buffer_get_bignum(&e->request, key->rsa->n);
|
||||
|
||||
if (bits != key_size(key))
|
||||
log("Warning: identity keysize mismatch: actual %d, announced %d",
|
||||
key_size(key), bits);
|
||||
break;
|
||||
case 2:
|
||||
blob = buffer_get_string(&e->input, &blen);
|
||||
blob = buffer_get_string(&e->request, &blen);
|
||||
key = key_from_blob(blob, blen);
|
||||
xfree(blob);
|
||||
break;
|
||||
|
@ -374,51 +375,51 @@ process_add_identity(SocketEntry *e, int version)
|
|||
switch (version) {
|
||||
case 1:
|
||||
k = key_new_private(KEY_RSA1);
|
||||
buffer_get_int(&e->input); /* ignored */
|
||||
buffer_get_bignum(&e->input, k->rsa->n);
|
||||
buffer_get_bignum(&e->input, k->rsa->e);
|
||||
buffer_get_bignum(&e->input, k->rsa->d);
|
||||
buffer_get_bignum(&e->input, k->rsa->iqmp);
|
||||
buffer_get_int(&e->request); /* ignored */
|
||||
buffer_get_bignum(&e->request, k->rsa->n);
|
||||
buffer_get_bignum(&e->request, k->rsa->e);
|
||||
buffer_get_bignum(&e->request, k->rsa->d);
|
||||
buffer_get_bignum(&e->request, k->rsa->iqmp);
|
||||
|
||||
/* SSH and SSL have p and q swapped */
|
||||
buffer_get_bignum(&e->input, k->rsa->q); /* p */
|
||||
buffer_get_bignum(&e->input, k->rsa->p); /* q */
|
||||
buffer_get_bignum(&e->request, k->rsa->q); /* p */
|
||||
buffer_get_bignum(&e->request, k->rsa->p); /* q */
|
||||
|
||||
/* Generate additional parameters */
|
||||
rsa_generate_additional_parameters(k->rsa);
|
||||
break;
|
||||
case 2:
|
||||
type_name = buffer_get_string(&e->input, NULL);
|
||||
type_name = buffer_get_string(&e->request, NULL);
|
||||
type = key_type_from_name(type_name);
|
||||
xfree(type_name);
|
||||
switch (type) {
|
||||
case KEY_DSA:
|
||||
k = key_new_private(type);
|
||||
buffer_get_bignum2(&e->input, k->dsa->p);
|
||||
buffer_get_bignum2(&e->input, k->dsa->q);
|
||||
buffer_get_bignum2(&e->input, k->dsa->g);
|
||||
buffer_get_bignum2(&e->input, k->dsa->pub_key);
|
||||
buffer_get_bignum2(&e->input, k->dsa->priv_key);
|
||||
buffer_get_bignum2(&e->request, k->dsa->p);
|
||||
buffer_get_bignum2(&e->request, k->dsa->q);
|
||||
buffer_get_bignum2(&e->request, k->dsa->g);
|
||||
buffer_get_bignum2(&e->request, k->dsa->pub_key);
|
||||
buffer_get_bignum2(&e->request, k->dsa->priv_key);
|
||||
break;
|
||||
case KEY_RSA:
|
||||
k = key_new_private(type);
|
||||
buffer_get_bignum2(&e->input, k->rsa->n);
|
||||
buffer_get_bignum2(&e->input, k->rsa->e);
|
||||
buffer_get_bignum2(&e->input, k->rsa->d);
|
||||
buffer_get_bignum2(&e->input, k->rsa->iqmp);
|
||||
buffer_get_bignum2(&e->input, k->rsa->p);
|
||||
buffer_get_bignum2(&e->input, k->rsa->q);
|
||||
buffer_get_bignum2(&e->request, k->rsa->n);
|
||||
buffer_get_bignum2(&e->request, k->rsa->e);
|
||||
buffer_get_bignum2(&e->request, k->rsa->d);
|
||||
buffer_get_bignum2(&e->request, k->rsa->iqmp);
|
||||
buffer_get_bignum2(&e->request, k->rsa->p);
|
||||
buffer_get_bignum2(&e->request, k->rsa->q);
|
||||
|
||||
/* Generate additional parameters */
|
||||
rsa_generate_additional_parameters(k->rsa);
|
||||
break;
|
||||
default:
|
||||
buffer_clear(&e->input);
|
||||
buffer_clear(&e->request);
|
||||
goto send;
|
||||
}
|
||||
break;
|
||||
}
|
||||
comment = buffer_get_string(&e->input, NULL);
|
||||
comment = buffer_get_string(&e->request, NULL);
|
||||
if (k == NULL) {
|
||||
xfree(comment);
|
||||
goto send;
|
||||
|
@ -452,8 +453,8 @@ process_add_smartcard_key (SocketEntry *e)
|
|||
char *sc_reader_id = NULL, *pin;
|
||||
int i, version, success = 0;
|
||||
|
||||
sc_reader_id = buffer_get_string(&e->input, NULL);
|
||||
pin = buffer_get_string(&e->input, NULL);
|
||||
sc_reader_id = buffer_get_string(&e->request, NULL);
|
||||
pin = buffer_get_string(&e->request, NULL);
|
||||
keys = sc_get_keys(sc_reader_id, pin);
|
||||
xfree(sc_reader_id);
|
||||
xfree(pin);
|
||||
|
@ -494,8 +495,8 @@ process_remove_smartcard_key(SocketEntry *e)
|
|||
char *sc_reader_id = NULL, *pin;
|
||||
int i, version, success = 0;
|
||||
|
||||
sc_reader_id = buffer_get_string(&e->input, NULL);
|
||||
pin = buffer_get_string(&e->input, NULL);
|
||||
sc_reader_id = buffer_get_string(&e->request, NULL);
|
||||
pin = buffer_get_string(&e->request, NULL);
|
||||
keys = sc_get_keys(sc_reader_id, pin);
|
||||
xfree(sc_reader_id);
|
||||
xfree(pin);
|
||||
|
@ -541,12 +542,20 @@ process_message(SocketEntry *e)
|
|||
shutdown(e->fd, SHUT_RDWR);
|
||||
close(e->fd);
|
||||
e->type = AUTH_UNUSED;
|
||||
buffer_free(&e->input);
|
||||
buffer_free(&e->output);
|
||||
buffer_free(&e->request);
|
||||
return;
|
||||
}
|
||||
if (buffer_len(&e->input) < msg_len + 4)
|
||||
return;
|
||||
|
||||
/* move the current input to e->request */
|
||||
buffer_consume(&e->input, 4);
|
||||
type = buffer_get_char(&e->input);
|
||||
buffer_clear(&e->request);
|
||||
buffer_append(&e->request, buffer_ptr(&e->input), msg_len);
|
||||
buffer_consume(&e->input, msg_len);
|
||||
type = buffer_get_char(&e->request);
|
||||
|
||||
debug("type %d", type);
|
||||
switch (type) {
|
||||
|
@ -593,7 +602,7 @@ process_message(SocketEntry *e)
|
|||
default:
|
||||
/* Unknown message. Respond with failure. */
|
||||
error("Unknown message %d", type);
|
||||
buffer_clear(&e->input);
|
||||
buffer_clear(&e->request);
|
||||
buffer_put_int(&e->output, 1);
|
||||
buffer_put_char(&e->output, SSH_AGENT_FAILURE);
|
||||
break;
|
||||
|
@ -616,6 +625,7 @@ new_socket(sock_type type, int fd)
|
|||
sockets[i].type = type;
|
||||
buffer_init(&sockets[i].input);
|
||||
buffer_init(&sockets[i].output);
|
||||
buffer_init(&sockets[i].request);
|
||||
return;
|
||||
}
|
||||
old_alloc = sockets_alloc;
|
||||
|
@ -630,6 +640,7 @@ new_socket(sock_type type, int fd)
|
|||
sockets[old_alloc].fd = fd;
|
||||
buffer_init(&sockets[old_alloc].input);
|
||||
buffer_init(&sockets[old_alloc].output);
|
||||
buffer_init(&sockets[old_alloc].request);
|
||||
}
|
||||
|
||||
static int
|
||||
|
@ -727,6 +738,7 @@ after_select(fd_set *readset, fd_set *writeset)
|
|||
sockets[i].type = AUTH_UNUSED;
|
||||
buffer_free(&sockets[i].input);
|
||||
buffer_free(&sockets[i].output);
|
||||
buffer_free(&sockets[i].request);
|
||||
break;
|
||||
}
|
||||
buffer_consume(&sockets[i].output, len);
|
||||
|
@ -745,6 +757,7 @@ after_select(fd_set *readset, fd_set *writeset)
|
|||
sockets[i].type = AUTH_UNUSED;
|
||||
buffer_free(&sockets[i].input);
|
||||
buffer_free(&sockets[i].output);
|
||||
buffer_free(&sockets[i].request);
|
||||
break;
|
||||
}
|
||||
buffer_append(&sockets[i].input, buf, len);
|
||||
|
|
Loading…
Reference in New Issue