diff options
author | Damien Miller <djm@mindrot.org> | 2000-07-11 17:31:38 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2000-07-11 17:31:38 +1000 |
commit | 3702396526a2569402696ff7d7c6d0fe2e5a447b (patch) | |
tree | 3ab056c59cd0c732ec179bd91be88d4e05b087fa /authfd.c | |
parent | bc33bd44a2ef165dea1d974fc2d80b822ae08c2a (diff) |
- (djm) OpenBSD CVS updates:
- markus@cvs.openbsd.org 2000/06/26 03:22:29
[authfd.c]
cleanup, less cut&paste
- markus@cvs.openbsd.org 2000/06/26 15:59:19
[servconf.c servconf.h session.c sshd.8 sshd.c]
MaxStartups: limit number of unauthenticated connections, work by
theo and me
- deraadt@cvs.openbsd.org 2000/07/05 14:18:07
[session.c]
use no_x11_forwarding_flag correctly; provos ok
- provos@cvs.openbsd.org 2000/07/05 15:35:57
[sshd.c]
typo
- aaron@cvs.openbsd.org 2000/07/05 22:06:58
[scp.1 ssh-agent.1 ssh-keygen.1 sshd.8]
Insert more missing .El directives. Our troff really should identify
these and spit out a warning.
- todd@cvs.openbsd.org 2000/07/06 21:55:04
[auth-rsa.c auth2.c ssh-keygen.c]
clean code is good code
- deraadt@cvs.openbsd.org 2000/07/07 02:14:29
[serverloop.c]
sense of port forwarding flag test was backwards
- provos@cvs.openbsd.org 2000/07/08 17:17:31
[compat.c readconf.c]
replace strtok with strsep; from David Young <dyoung@onthejob.net>
- deraadt@cvs.openbsd.org 2000/07/08 19:21:15
[auth.h]
KNF
- ho@cvs.openbsd.org 2000/07/08 19:27:33
[compat.c readconf.c]
Better conditions for strsep() ending.
- ho@cvs.openbsd.org 2000/07/10 10:27:05
[readconf.c]
Get the correct message on errors. (niels@ ok)
- ho@cvs.openbsd.org 2000/07/10 10:30:25
[cipher.c kex.c servconf.c]
strtok() --> strsep(). (niels@ ok)
Diffstat (limited to 'authfd.c')
-rw-r--r-- | authfd.c | 142 |
1 files changed, 31 insertions, 111 deletions
@@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfd.c,v 1.20 2000/06/20 01:39:38 markus Exp $"); +RCSID("$OpenBSD: authfd.c,v 1.21 2000/06/26 09:22:29 markus Exp $"); #include "ssh.h" #include "rsa.h" @@ -26,6 +26,9 @@ RCSID("$OpenBSD: authfd.c,v 1.20 2000/06/20 01:39:38 markus Exp $"); #include <openssl/rsa.h> +/* helper */ +int ssh_agent_get_reply(AuthenticationConnection *auth); + /* Returns the number of the authentication fd, or -1 if there is none. */ int @@ -344,7 +347,7 @@ ssh_add_identity(AuthenticationConnection *auth, { Buffer buffer; unsigned char buf[8192]; - int len, l, type; + int len; /* Format a message to the agent. */ buffer_init(&buffer); @@ -368,57 +371,11 @@ ssh_add_identity(AuthenticationConnection *auth, atomicio(write, auth->fd, buffer_ptr(&buffer), buffer_len(&buffer)) != buffer_len(&buffer)) { error("Error writing to authentication socket."); -error_cleanup: buffer_free(&buffer); return 0; } - /* Wait for response from the agent. First read the length of the - response packet. */ - len = 4; - while (len > 0) { - l = read(auth->fd, buf + 4 - len, len); - if (l <= 0) { - error("Error reading response length from authentication socket."); - goto error_cleanup; - } - len -= l; - } - - /* Extract the length, and check it for sanity. */ - len = GET_32BIT(buf); - if (len > 256 * 1024) - fatal("Add identity response too long: %d", len); - - /* Read the rest of the response in tothe buffer. */ - buffer_clear(&buffer); - while (len > 0) { - l = len; - if (l > sizeof(buf)) - l = sizeof(buf); - l = read(auth->fd, buf, l); - if (l <= 0) { - error("Error reading response from authentication socket."); - goto error_cleanup; - } - buffer_append(&buffer, (char *) buf, l); - len -= l; - } - - /* Get the type of the packet. */ - type = buffer_get_char(&buffer); - switch (type) { - case SSH_AGENT_FAILURE: - buffer_free(&buffer); - return 0; - case SSH_AGENT_SUCCESS: - buffer_free(&buffer); - return 1; - default: - fatal("Bad response to add identity from authentication agent: %d", - type); - } - /* NOTREACHED */ - return 0; + buffer_free(&buffer); + return ssh_agent_get_reply(auth); } /* @@ -430,8 +387,8 @@ int ssh_remove_identity(AuthenticationConnection *auth, RSA *key) { Buffer buffer; - unsigned char buf[8192]; - int len, l, type; + unsigned char buf[5]; + int len; /* Format a message to the agent. */ buffer_init(&buffer); @@ -449,59 +406,11 @@ ssh_remove_identity(AuthenticationConnection *auth, RSA *key) atomicio(write, auth->fd, buffer_ptr(&buffer), buffer_len(&buffer)) != buffer_len(&buffer)) { error("Error writing to authentication socket."); -error_cleanup: buffer_free(&buffer); return 0; } - /* - * Wait for response from the agent. First read the length of the - * response packet. - */ - len = 4; - while (len > 0) { - l = read(auth->fd, buf + 4 - len, len); - if (l <= 0) { - error("Error reading response length from authentication socket."); - goto error_cleanup; - } - len -= l; - } - - /* Extract the length, and check it for sanity. */ - len = GET_32BIT(buf); - if (len > 256 * 1024) - fatal("Remove identity response too long: %d", len); - - /* Read the rest of the response in tothe buffer. */ - buffer_clear(&buffer); - while (len > 0) { - l = len; - if (l > sizeof(buf)) - l = sizeof(buf); - l = read(auth->fd, buf, l); - if (l <= 0) { - error("Error reading response from authentication socket."); - goto error_cleanup; - } - buffer_append(&buffer, (char *) buf, l); - len -= l; - } - - /* Get the type of the packet. */ - type = buffer_get_char(&buffer); - switch (type) { - case SSH_AGENT_FAILURE: - buffer_free(&buffer); - return 0; - case SSH_AGENT_SUCCESS: - buffer_free(&buffer); - return 1; - default: - fatal("Bad response to remove identity from authentication agent: %d", - type); - } - /* NOTREACHED */ - return 0; + buffer_free(&buffer); + return ssh_agent_get_reply(auth); } /* @@ -512,9 +421,7 @@ error_cleanup: int ssh_remove_all_identities(AuthenticationConnection *auth) { - Buffer buffer; - unsigned char buf[8192]; - int len, l, type; + unsigned char buf[5]; /* Get the length of the message, and format it in the buffer. */ PUT_32BIT(buf, 1); @@ -525,6 +432,20 @@ ssh_remove_all_identities(AuthenticationConnection *auth) error("Error writing to authentication socket."); return 0; } + return ssh_agent_get_reply(auth); +} + +/* + * Read for reply from agent. returns 1 for success, 0 on error + */ + +int +ssh_agent_get_reply(AuthenticationConnection *auth) +{ + Buffer buffer; + unsigned char buf[8192]; + int len, l, type; + /* * Wait for response from the agent. First read the length of the * response packet. @@ -534,6 +455,7 @@ ssh_remove_all_identities(AuthenticationConnection *auth) l = read(auth->fd, buf + 4 - len, len); if (l <= 0) { error("Error reading response length from authentication socket."); + buffer_free(&buffer); return 0; } len -= l; @@ -542,9 +464,9 @@ ssh_remove_all_identities(AuthenticationConnection *auth) /* Extract the length, and check it for sanity. */ len = GET_32BIT(buf); if (len > 256 * 1024) - fatal("Remove identity response too long: %d", len); + fatal("Response from agent too long: %d", len); - /* Read the rest of the response into the buffer. */ + /* Read the rest of the response in to the buffer. */ buffer_init(&buffer); while (len > 0) { l = len; @@ -562,16 +484,14 @@ ssh_remove_all_identities(AuthenticationConnection *auth) /* Get the type of the packet. */ type = buffer_get_char(&buffer); + buffer_free(&buffer); switch (type) { case SSH_AGENT_FAILURE: - buffer_free(&buffer); return 0; case SSH_AGENT_SUCCESS: - buffer_free(&buffer); return 1; default: - fatal("Bad response to remove identity from authentication agent: %d", - type); + fatal("Bad response from authentication agent: %d", type); } /* NOTREACHED */ return 0; |