summaryrefslogtreecommitdiff
path: root/authfd.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>1999-11-25 11:54:57 +1100
committerDamien Miller <djm@mindrot.org>1999-11-25 11:54:57 +1100
commit5428f646ad32da88ddd04a8c287d595524674fbf (patch)
treecc1f1e5d7852e1f44d41077f776abf7dab7ac06d /authfd.c
parent9072e1889648988da38b7b81bce95291c1dc3a23 (diff)
- More reformatting merged from OpenBSD CVS
- Merged OpenBSD CVS changes: - [channels.c] report from mrwizard@psu.edu via djm@ibs.com.au - [channels.c] set SO_REUSEADDR and SO_LINGER for forwarded ports. chip@valinux.com via damien@ibs.com.au - [nchan.c] it's not an error() if shutdown_write failes in nchan. - [readconf.c] remove dead #ifdef-0-code - [readconf.c servconf.c] strcasecmp instead of tolower - [scp.c] progress meter overflow fix from damien@ibs.com.au - [ssh-add.1 ssh-add.c] SSH_ASKPASS support - [ssh.1 ssh.c] postpone fork_after_authentication until command execution, request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au plus: use daemon() for backgrounding
Diffstat (limited to 'authfd.c')
-rw-r--r--authfd.c127
1 files changed, 80 insertions, 47 deletions
diff --git a/authfd.c b/authfd.c
index 17b0668b..ee6473d3 100644
--- a/authfd.c
+++ b/authfd.c
@@ -14,7 +14,7 @@
*/
#include "includes.h"
-RCSID("$Id: authfd.c,v 1.7 1999/11/24 13:26:21 damien Exp $");
+RCSID("$Id: authfd.c,v 1.8 1999/11/25 00:54:57 damien Exp $");
#include "ssh.h"
#include "rsa.h"
@@ -63,9 +63,11 @@ ssh_get_authentication_socket()
return sock;
}
-/* Closes the agent socket if it should be closed (depends on how it was
- obtained). The argument must have been returned by
- ssh_get_authentication_socket(). */
+/*
+ * Closes the agent socket if it should be closed (depends on how it was
+ * obtained). The argument must have been returned by
+ * ssh_get_authentication_socket().
+ */
void
ssh_close_authentication_socket(int sock)
@@ -74,11 +76,13 @@ ssh_close_authentication_socket(int sock)
close(sock);
}
-/* Opens and connects a private socket for communication with the
- authentication agent. Returns the file descriptor (which must be
- shut down and closed by the caller when no longer needed).
- Returns NULL if an error occurred and the connection could not be
- opened. */
+/*
+ * Opens and connects a private socket for communication with the
+ * authentication agent. Returns the file descriptor (which must be
+ * shut down and closed by the caller when no longer needed).
+ * Returns NULL if an error occurred and the connection could not be
+ * opened.
+ */
AuthenticationConnection *
ssh_get_authentication_connection()
@@ -88,12 +92,13 @@ ssh_get_authentication_connection()
sock = ssh_get_authentication_socket();
- /* Fail if we couldn't obtain a connection. This happens if we
- exited due to a timeout. */
+ /*
+ * Fail if we couldn't obtain a connection. This happens if we
+ * exited due to a timeout.
+ */
if (sock < 0)
return NULL;
- /* Applocate the connection structure and initialize it. */
auth = xmalloc(sizeof(*auth));
auth->fd = sock;
buffer_init(&auth->packet);
@@ -103,8 +108,10 @@ ssh_get_authentication_connection()
return auth;
}
-/* Closes the connection to the authentication agent and frees any associated
- memory. */
+/*
+ * Closes the connection to the authentication agent and frees any associated
+ * memory.
+ */
void
ssh_close_authentication_connection(AuthenticationConnection *ac)
@@ -115,10 +122,12 @@ ssh_close_authentication_connection(AuthenticationConnection *ac)
xfree(ac);
}
-/* Returns the first authentication identity held by the agent.
- Returns true if an identity is available, 0 otherwise.
- The caller must initialize the integers before the call, and free the
- comment after a successful call (before calling ssh_get_next_identity). */
+/*
+ * Returns the first authentication identity held by the agent.
+ * Returns true if an identity is available, 0 otherwise.
+ * The caller must initialize the integers before the call, and free the
+ * comment after a successful call (before calling ssh_get_next_identity).
+ */
int
ssh_get_first_identity(AuthenticationConnection *auth,
@@ -127,8 +136,10 @@ ssh_get_first_identity(AuthenticationConnection *auth,
unsigned char msg[8192];
int len, l;
- /* Send a message to the agent requesting for a list of the
- identities it can represent. */
+ /*
+ * Send a message to the agent requesting for a list of the
+ * identities it can represent.
+ */
msg[0] = 0;
msg[1] = 0;
msg[2] = 0;
@@ -149,8 +160,10 @@ ssh_get_first_identity(AuthenticationConnection *auth,
len -= l;
}
- /* Extract the length, and check it for sanity. (We cannot trust
- authentication agents). */
+ /*
+ * Extract the length, and check it for sanity. (We cannot trust
+ * authentication agents).
+ */
len = GET_32BIT(msg);
if (len < 1 || len > 256 * 1024)
fatal("Authentication reply message too long: %d\n", len);
@@ -182,10 +195,12 @@ ssh_get_first_identity(AuthenticationConnection *auth,
return ssh_get_next_identity(auth, e, n, comment);
}
-/* Returns the next authentication identity for the agent. Other functions
- can be called between this and ssh_get_first_identity or two calls of this
- function. This returns 0 if there are no more identities. The caller
- must free comment after a successful return. */
+/*
+ * Returns the next authentication identity for the agent. Other functions
+ * can be called between this and ssh_get_first_identity or two calls of this
+ * function. This returns 0 if there are no more identities. The caller
+ * must free comment after a successful return.
+ */
int
ssh_get_next_identity(AuthenticationConnection *auth,
@@ -197,8 +212,10 @@ ssh_get_next_identity(AuthenticationConnection *auth,
if (auth->howmany <= 0)
return 0;
- /* Get the next entry from the packet. These will abort with a
- fatal error if the packet is too short or contains corrupt data. */
+ /*
+ * Get the next entry from the packet. These will abort with a fatal
+ * error if the packet is too short or contains corrupt data.
+ */
bits = buffer_get_int(&auth->identities);
buffer_get_bignum(&auth->identities, e);
buffer_get_bignum(&auth->identities, n);
@@ -214,11 +231,13 @@ ssh_get_next_identity(AuthenticationConnection *auth,
return 1;
}
-/* Generates a random challenge, sends it to the agent, and waits for response
- from the agent. Returns true (non-zero) if the agent gave the correct
- answer, zero otherwise. Response type selects the style of response
- desired, with 0 corresponding to protocol version 1.0 (no longer supported)
- and 1 corresponding to protocol version 1.1. */
+/*
+ * Generates a random challenge, sends it to the agent, and waits for
+ * response from the agent. Returns true (non-zero) if the agent gave the
+ * correct answer, zero otherwise. Response type selects the style of
+ * response desired, with 0 corresponding to protocol version 1.0 (no longer
+ * supported) and 1 corresponding to protocol version 1.1.
+ */
int
ssh_decrypt_challenge(AuthenticationConnection *auth,
@@ -259,8 +278,10 @@ error_cleanup:
buffer_free(&buffer);
return 0;
}
- /* Wait for response from the agent. First read the length of the
- response packet. */
+ /*
+ * Wait for response from the agent. First read the length of the
+ * response packet.
+ */
len = 4;
while (len > 0) {
l = read(auth->fd, buf + 4 - len, len);
@@ -303,8 +324,10 @@ error_cleanup:
if (buf[0] != SSH_AGENT_RSA_RESPONSE)
fatal("Bad authentication response: %d", buf[0]);
- /* Get the response from the packet. This will abort with a fatal
- error if the packet is corrupt. */
+ /*
+ * Get the response from the packet. This will abort with a fatal
+ * error if the packet is corrupt.
+ */
for (i = 0; i < 16; i++)
response[i] = buffer_get_char(&buffer);
@@ -315,8 +338,10 @@ error_cleanup:
return 1;
}
-/* Adds an identity to the authentication server. This call is not meant to
- be used by normal applications. */
+/*
+ * Adds an identity to the authentication server. This call is not meant to
+ * be used by normal applications.
+ */
int
ssh_add_identity(AuthenticationConnection *auth,
@@ -401,8 +426,10 @@ error_cleanup:
return 0;
}
-/* Removes an identity from the authentication server. This call is not meant
- to be used by normal applications. */
+/*
+ * Removes an identity from the authentication server. This call is not
+ * meant to be used by normal applications.
+ */
int
ssh_remove_identity(AuthenticationConnection *auth, RSA *key)
@@ -431,8 +458,10 @@ error_cleanup:
buffer_free(&buffer);
return 0;
}
- /* Wait for response from the agent. First read the length of the
- response packet. */
+ /*
+ * Wait for response from the agent. First read the length of the
+ * response packet.
+ */
len = 4;
while (len > 0) {
l = read(auth->fd, buf + 4 - len, len);
@@ -480,8 +509,10 @@ error_cleanup:
return 0;
}
-/* Removes all identities from the agent. This call is not meant
- to be used by normal applications. */
+/*
+ * Removes all identities from the agent. This call is not meant to be used
+ * by normal applications.
+ */
int
ssh_remove_all_identities(AuthenticationConnection *auth)
@@ -499,8 +530,10 @@ ssh_remove_all_identities(AuthenticationConnection *auth)
error("Error writing to authentication socket.");
return 0;
}
- /* Wait for response from the agent. First read the length of the
- response packet. */
+ /*
+ * Wait for response from the agent. First read the length of the
+ * response packet.
+ */
len = 4;
while (len > 0) {
l = read(auth->fd, buf + 4 - len, len);