- (djm) OpenBSD CVS updates:

- markus@cvs.openbsd.org 2000/06/26 03:22:29 [authfd.c] cleanup, less cut&paste - markus@cvs.openbsd.org 2000/06/26 15:59:19 [servconf.c servconf.h session.c sshd.8 sshd.c] MaxStartups: limit number of unauthenticated connections, work by theo and me - deraadt@cvs.openbsd.org 2000/07/05 14:18:07 [session.c] use no_x11_forwarding_flag correctly; provos ok - provos@cvs.openbsd.org 2000/07/05 15:35:57 [sshd.c] typo - aaron@cvs.openbsd.org 2000/07/05 22:06:58 [scp.1 ssh-agent.1 ssh-keygen.1 sshd.8] Insert more missing .El directives. Our troff really should identify these and spit out a warning. - todd@cvs.openbsd.org 2000/07/06 21:55:04 [auth-rsa.c auth2.c ssh-keygen.c] clean code is good code - deraadt@cvs.openbsd.org 2000/07/07 02:14:29 [serverloop.c] sense of port forwarding flag test was backwards - provos@cvs.openbsd.org 2000/07/08 17:17:31 [compat.c readconf.c] replace strtok with strsep; from David Young <dyoung@onthejob.net> - deraadt@cvs.openbsd.org 2000/07/08 19:21:15 [auth.h] KNF - ho@cvs.openbsd.org 2000/07/08 19:27:33 [compat.c readconf.c] Better conditions for strsep() ending. - ho@cvs.openbsd.org 2000/07/10 10:27:05 [readconf.c] Get the correct message on errors. (niels@ ok) - ho@cvs.openbsd.org 2000/07/10 10:30:25 [cipher.c kex.c servconf.c] strtok() --> strsep(). (niels@ ok)
author: Damien Miller <djm@mindrot.org> 2000-07-11 17:31:38 +1000
committer: Damien Miller <djm@mindrot.org> 2000-07-11 17:31:38 +1000
commit: 3702396526a2569402696ff7d7c6d0fe2e5a447b (patch)
tree: 3ab056c59cd0c732ec179bd91be88d4e05b087fa /authfd.c
parent: bc33bd44a2ef165dea1d974fc2d80b822ae08c2a (diff)
1 files changed, 31 insertions, 111 deletions
diff --git a/authfd.c b/authfd.c
index 69d77d7d..69fe2ae4 100644
--- a/authfd.c
+++ b/authfd.c
@@ -14,7 +14,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: authfd.c,v 1.20 2000/06/20 01:39:38 markus Exp $");
+RCSID("$OpenBSD: authfd.c,v 1.21 2000/06/26 09:22:29 markus Exp $");
 
 #include "ssh.h"
 #include "rsa.h"
@@ -26,6 +26,9 @@ RCSID("$OpenBSD: authfd.c,v 1.20 2000/06/20 01:39:38 markus Exp $");
 
 #include <openssl/rsa.h>
 
+/* helper */
+int ssh_agent_get_reply(AuthenticationConnection *auth);
+
 /* Returns the number of the authentication fd, or -1 if there is none. */
 
 int
@@ -344,7 +347,7 @@ ssh_add_identity(AuthenticationConnection *auth,
 {
 	Buffer buffer;
 	unsigned char buf[8192];
-	int len, l, type;
+	int len;
 
 	/* Format a message to the agent. */
 	buffer_init(&buffer);
@@ -368,57 +371,11 @@ ssh_add_identity(AuthenticationConnection *auth,
 	    atomicio(write, auth->fd, buffer_ptr(&buffer),
 	    buffer_len(&buffer)) != buffer_len(&buffer)) {
 		error("Error writing to authentication socket.");
-error_cleanup:
 		buffer_free(&buffer);
 		return 0;
 	}
-	/* Wait for response from the agent.  First read the length of the
-	   response packet. */
-	len = 4;
-	while (len > 0) {
-		l = read(auth->fd, buf + 4 - len, len);
-		if (l <= 0) {
-			error("Error reading response length from authentication socket.");
-			goto error_cleanup;
-		}
-		len -= l;
-	}
-
-	/* Extract the length, and check it for sanity. */
-	len = GET_32BIT(buf);
-	if (len > 256 * 1024)
-		fatal("Add identity response too long: %d", len);
-
-	/* Read the rest of the response in tothe buffer. */
-	buffer_clear(&buffer);
-	while (len > 0) {
-		l = len;
-		if (l > sizeof(buf))
-			l = sizeof(buf);
-		l = read(auth->fd, buf, l);
-		if (l <= 0) {
-			error("Error reading response from authentication socket.");
-			goto error_cleanup;
-		}
-		buffer_append(&buffer, (char *) buf, l);
-		len -= l;
-	}
-
-	/* Get the type of the packet. */
-	type = buffer_get_char(&buffer);
-	switch (type) {
-	case SSH_AGENT_FAILURE:
-		buffer_free(&buffer);
-		return 0;
-	case SSH_AGENT_SUCCESS:
-		buffer_free(&buffer);
-		return 1;
-	default:
-		fatal("Bad response to add identity from authentication agent: %d",
-		      type);
-	}
-	/* NOTREACHED */
-	return 0;
+	buffer_free(&buffer);
+	return ssh_agent_get_reply(auth);
 }
 
 /*
@@ -430,8 +387,8 @@ int
 ssh_remove_identity(AuthenticationConnection *auth, RSA *key)
 {
 	Buffer buffer;
-	unsigned char buf[8192];
-	int len, l, type;
+	unsigned char buf[5];
+	int len;
 
 	/* Format a message to the agent. */
 	buffer_init(&buffer);
@@ -449,59 +406,11 @@ ssh_remove_identity(AuthenticationConnection *auth, RSA *key)
 	    atomicio(write, auth->fd, buffer_ptr(&buffer),
 	    buffer_len(&buffer)) != buffer_len(&buffer)) {
 		error("Error writing to authentication socket.");
-error_cleanup:
 		buffer_free(&buffer);
 		return 0;
 	}
-	/*
-	 * Wait for response from the agent.  First read the length of the
-	 * response packet.
-	 */
-	len = 4;
-	while (len > 0) {
-		l = read(auth->fd, buf + 4 - len, len);
-		if (l <= 0) {
-			error("Error reading response length from authentication socket.");
-			goto error_cleanup;
-		}
-		len -= l;
-	}
-
-	/* Extract the length, and check it for sanity. */
-	len = GET_32BIT(buf);
-	if (len > 256 * 1024)
-		fatal("Remove identity response too long: %d", len);
-
-	/* Read the rest of the response in tothe buffer. */
-	buffer_clear(&buffer);
-	while (len > 0) {
-		l = len;
-		if (l > sizeof(buf))
-			l = sizeof(buf);
-		l = read(auth->fd, buf, l);
-		if (l <= 0) {
-			error("Error reading response from authentication socket.");
-			goto error_cleanup;
-		}
-		buffer_append(&buffer, (char *) buf, l);
-		len -= l;
-	}
-
-	/* Get the type of the packet. */
-	type = buffer_get_char(&buffer);
-	switch (type) {
-	case SSH_AGENT_FAILURE:
-		buffer_free(&buffer);
-		return 0;
-	case SSH_AGENT_SUCCESS:
-		buffer_free(&buffer);
-		return 1;
-	default:
-		fatal("Bad response to remove identity from authentication agent: %d",
-		      type);
-	}
-	/* NOTREACHED */
-	return 0;
+	buffer_free(&buffer);
+	return ssh_agent_get_reply(auth);
 }
 
 /*
@@ -512,9 +421,7 @@ error_cleanup:
 int
 ssh_remove_all_identities(AuthenticationConnection *auth)
 {
-	Buffer buffer;
-	unsigned char buf[8192];
-	int len, l, type;
+	unsigned char buf[5];
 
 	/* Get the length of the message, and format it in the buffer. */
 	PUT_32BIT(buf, 1);
@@ -525,6 +432,20 @@ ssh_remove_all_identities(AuthenticationConnection *auth)
 		error("Error writing to authentication socket.");
 		return 0;
 	}
+	return ssh_agent_get_reply(auth);
+}
+
+/*
+ * Read for reply from agent. returns 1 for success, 0 on error
+ */
+
+int 
+ssh_agent_get_reply(AuthenticationConnection *auth)
+{
+	Buffer buffer;
+	unsigned char buf[8192];
+	int len, l, type;
+
 	/*
 	 * Wait for response from the agent.  First read the length of the
 	 * response packet.
@@ -534,6 +455,7 @@ ssh_remove_all_identities(AuthenticationConnection *auth)
 		l = read(auth->fd, buf + 4 - len, len);
 		if (l <= 0) {
 			error("Error reading response length from authentication socket.");
+			buffer_free(&buffer);
 			return 0;
 		}
 		len -= l;
@@ -542,9 +464,9 @@ ssh_remove_all_identities(AuthenticationConnection *auth)
 	/* Extract the length, and check it for sanity. */
 	len = GET_32BIT(buf);
 	if (len > 256 * 1024)
-		fatal("Remove identity response too long: %d", len);
+		fatal("Response from agent too long: %d", len);
 
-	/* Read the rest of the response into the buffer. */
+	/* Read the rest of the response in to the buffer. */
 	buffer_init(&buffer);
 	while (len > 0) {
 		l = len;
@@ -562,16 +484,14 @@ ssh_remove_all_identities(AuthenticationConnection *auth)
 
 	/* Get the type of the packet. */
 	type = buffer_get_char(&buffer);
+	buffer_free(&buffer);
 	switch (type) {
 	case SSH_AGENT_FAILURE:
-		buffer_free(&buffer);
 		return 0;
 	case SSH_AGENT_SUCCESS:
-		buffer_free(&buffer);
 		return 1;
 	default:
-		fatal("Bad response to remove identity from authentication agent: %d",
-		      type);
+		fatal("Bad response from authentication agent: %d", type);
 	}
 	/* NOTREACHED */
 	return 0;
author	Damien Miller <djm@mindrot.org>	2000-07-11 17:31:38 +1000
committer	Damien Miller <djm@mindrot.org>	2000-07-11 17:31:38 +1000
commit	3702396526a2569402696ff7d7c6d0fe2e5a447b (patch)
tree	3ab056c59cd0c732ec179bd91be88d4e05b087fa /authfd.c
parent	bc33bd44a2ef165dea1d974fc2d80b822ae08c2a (diff)