diff options
author | des <des@FreeBSD.org> | 2016-01-19 18:28:23 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2016-01-19 18:28:23 +0000 |
commit | 7a7bc643b5dd94f6333f2a1d91923165ad77176f (patch) | |
tree | 9d2b367395b2d3c9a63b4aecd1eb28b17b838703 /crypto/openssh/sshconnect1.c | |
parent | 834fb5aff44e0a606772591d869016a1d8d9aa95 (diff) | |
parent | 928d872bfcc9d49be194dc51d80555f1bbdbff6b (diff) | |
download | FreeBSD-src-7a7bc643b5dd94f6333f2a1d91923165ad77176f.zip FreeBSD-src-7a7bc643b5dd94f6333f2a1d91923165ad77176f.tar.gz |
Upgrade to OpenSSH 6.8p1.
Diffstat (limited to 'crypto/openssh/sshconnect1.c')
-rw-r--r-- | crypto/openssh/sshconnect1.c | 76 |
1 files changed, 45 insertions, 31 deletions
diff --git a/crypto/openssh/sshconnect1.c b/crypto/openssh/sshconnect1.c index dd12a3a..016abbc 100644 --- a/crypto/openssh/sshconnect1.c +++ b/crypto/openssh/sshconnect1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect1.c,v 1.76 2014/07/15 15:54:14 millert Exp $ */ +/* $OpenBSD: sshconnect1.c,v 1.77 2015/01/14 20:05:27 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -15,11 +15,14 @@ #include "includes.h" +#ifdef WITH_SSH1 + #include <sys/types.h> #include <sys/socket.h> #include <openssl/bn.h> +#include <errno.h> #include <stdarg.h> #include <stdio.h> #include <stdlib.h> @@ -47,6 +50,7 @@ #include "hostfile.h" #include "auth.h" #include "digest.h" +#include "ssherr.h" /* Session id for the current session. */ u_char session_id[16]; @@ -62,33 +66,38 @@ extern char *__progname; static int try_agent_authentication(void) { - int type; - char *comment; - AuthenticationConnection *auth; + int r, type, agent_fd, ret = 0; u_char response[16]; - u_int i; - Key *key; + size_t i; BIGNUM *challenge; + struct ssh_identitylist *idlist = NULL; /* Get connection to the agent. */ - auth = ssh_get_authentication_connection(); - if (!auth) + if ((r = ssh_get_authentication_socket(&agent_fd)) != 0) { + if (r != SSH_ERR_AGENT_NOT_PRESENT) + debug("%s: ssh_get_authentication_socket: %s", + __func__, ssh_err(r)); return 0; + } if ((challenge = BN_new()) == NULL) fatal("try_agent_authentication: BN_new failed"); - /* Loop through identities served by the agent. */ - for (key = ssh_get_first_identity(auth, &comment, 1); - key != NULL; - key = ssh_get_next_identity(auth, &comment, 1)) { + /* Loop through identities served by the agent. */ + if ((r = ssh_fetch_identitylist(agent_fd, 1, &idlist)) != 0) { + if (r != SSH_ERR_AGENT_NO_IDENTITIES) + debug("%s: ssh_fetch_identitylist: %s", + __func__, ssh_err(r)); + goto out; + } + for (i = 0; i < idlist->nkeys; i++) { /* Try this identity. */ - debug("Trying RSA authentication via agent with '%.100s'", comment); - free(comment); + debug("Trying RSA authentication via agent with '%.100s'", + idlist->comments[i]); /* Tell the server that we are willing to authenticate using this key. */ packet_start(SSH_CMSG_AUTH_RSA); - packet_put_bignum(key->rsa->n); + packet_put_bignum(idlist->keys[i]->rsa->n); packet_send(); packet_write_wait(); @@ -99,7 +108,6 @@ try_agent_authentication(void) does not support RSA authentication. */ if (type == SSH_SMSG_FAILURE) { debug("Server refused our key."); - key_free(key); continue; } /* Otherwise it should have sent a challenge. */ @@ -113,16 +121,17 @@ try_agent_authentication(void) debug("Received RSA challenge from server."); /* Ask the agent to decrypt the challenge. */ - if (!ssh_decrypt_challenge(auth, key, challenge, session_id, 1, response)) { + if ((r = ssh_decrypt_challenge(agent_fd, idlist->keys[i], + challenge, session_id, response)) != 0) { /* * The agent failed to authenticate this identifier * although it advertised it supports this. Just * return a wrong value. */ - logit("Authentication agent failed to decrypt challenge."); + logit("Authentication agent failed to decrypt " + "challenge: %s", ssh_err(r)); explicit_bzero(response, sizeof(response)); } - key_free(key); debug("Sending response to RSA challenge."); /* Send the decrypted challenge back to the server. */ @@ -135,22 +144,25 @@ try_agent_authentication(void) /* Wait for response from the server. */ type = packet_read(); - /* The server returns success if it accepted the authentication. */ + /* + * The server returns success if it accepted the + * authentication. + */ if (type == SSH_SMSG_SUCCESS) { - ssh_close_authentication_connection(auth); - BN_clear_free(challenge); debug("RSA authentication accepted by server."); - return 1; - } - /* Otherwise it should return failure. */ - if (type != SSH_SMSG_FAILURE) - packet_disconnect("Protocol error waiting RSA auth response: %d", - type); + ret = 1; + break; + } else if (type != SSH_SMSG_FAILURE) + packet_disconnect("Protocol error waiting RSA auth " + "response: %d", type); } - ssh_close_authentication_connection(auth); + if (ret != 1) + debug("RSA authentication using agent refused."); + out: + ssh_free_identitylist(idlist); + ssh_close_authentication_socket(agent_fd); BN_clear_free(challenge); - debug("RSA authentication using agent refused."); - return 0; + return ret; } /* @@ -755,3 +767,5 @@ ssh_userauth1(const char *local_user, const char *server_user, char *host, success: return; /* need statement after label */ } + +#endif /* WITH_SSH1 */ |