ssh-keysign.c revision 7c478bd95313f5f23a4c958a745db2134aa03244
/*
* Copyright 2004 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
/*
* Copyright (c) 2002 Markus Friedl. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
RCSID("$OpenBSD: ssh-keysign.c,v 1.7 2002/07/03 14:21:05 markus Exp $");
#pragma ident "%Z%%M% %I% %E% SMI"
#include <unistd.h>
#include "log.h"
#include "key.h"
#include "ssh.h"
#include "ssh2.h"
#include "misc.h"
#include "xmalloc.h"
#include "buffer.h"
#include "bufaux.h"
#include "authfile.h"
#include "msg.h"
#include "canohost.h"
#include "pathnames.h"
#include "readconf.h"
#ifdef HAVE___PROGNAME
extern char *__progname;
#else
#ifndef lint
char *__progname;
#endif /* lint */
#endif
static int
{
Buffer b;
char *pkalg, *p;
fail = 0;
buffer_init(&b);
/* session id, currently limited to SHA1 (20 bytes) */
p = buffer_get_string(&b, &len);
if (len != 20)
fail++;
xfree(p);
if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
fail++;
/* server user */
buffer_skip_string(&b);
/* service */
p = buffer_get_string(&b, NULL);
if (strcmp("ssh-connection", p) != 0)
fail++;
xfree(p);
/* method */
p = buffer_get_string(&b, NULL);
if (strcmp("hostbased", p) != 0)
fail++;
xfree(p);
/* pubkey */
if (pktype == KEY_UNSPEC)
fail++;
fail++;
fail++;
/* client host name, handle trailing dot */
p = buffer_get_string(&b, &len);
fail++;
fail++;
fail++;
xfree(p);
/* local user */
p = buffer_get_string(&b, NULL);
fail++;
xfree(p);
/* end of message */
if (buffer_len(&b) != 0)
fail++;
else
return (fail ? -1 : 0);
}
int
{
Buffer b;
char *host;
/*
* Since these two open()s are all that's done here before
* dropping privileges with setreuid(), and since having been
* privileged protects ssh-keysign from core dumps and tracing,
* there's no need to use Least Privilege interfaces like
* setppriv(2).
*/
init_rng();
seed_rng();
#ifdef DEBUG_SSH_KEYSIGN
#endif
/* verify that ssh-keysign is enabled by the admin */
fatal("Hostbased authentication not enabled in %s",
fatal("could not open any host key");
fatal("getpwuid failed");
for (i = 0; i < 256; i++)
rnd[i] = arc4random();
found = 0;
for (i = 0; i < 2; i++) {
if (key_fd[i] == -1)
continue;
error("RSA_blinding_on failed");
}
}
found = 1;
}
if (!found)
fatal("no hostkey found");
buffer_init(&b);
if (ssh_msg_recv(STDIN_FILENO, &b) < 0)
fatal("ssh_msg_recv failed");
if (buffer_get_char(&b) != version)
fatal("bad version");
fd = buffer_get_int(&b);
fatal("bad fd");
fatal("cannot get sockname for fd");
fatal("not a valid request");
found = 0;
for (i = 0; i < 2; i++) {
found = 1;
break;
}
}
if (!found)
fatal("no matching hostkey found");
fatal("key_sign failed");
/* send reply */
buffer_clear(&b);
return (0);
}