Only in ssh.patched/: 32 diff -u -r ssh.org/Makefile.inc ssh.patched/Makefile.inc --- ssh.org/Makefile.inc Sat Nov 11 17:05:06 2000 +++ ssh.patched/Makefile.inc Sat Nov 11 16:59:40 2000 @@ -1,4 +1,4 @@ -CFLAGS+= -I${.CURDIR}/.. +CFLAGS+= -DSMARTCARD -I${.CURDIR}/.. -I/usr/local/include DEBUG= -g @@ -30,5 +30,5 @@ DPADD+= ${.CURDIR}/../lib/libssh.a .endif -LDADD+= -static -L/usr/local/lib +LDADD+= -static -L/usr/local/lib -lsc7816 #LDADD+= -pg -static -L/usr/local/lib Only in ssh.org/: Makefile.inc.orig Only in ssh.org/: auth-rh-rsa.c.orig Only in ssh.org/: auth2.c.orig diff -u -r ssh.org/authfd.c ssh.patched/authfd.c --- ssh.org/authfd.c Sat Nov 11 17:05:06 2000 +++ ssh.patched/authfd.c Thu Nov 9 19:45:07 2000 @@ -453,6 +453,23 @@ buffer_put_cstring(b, comment); } + +#ifdef SMARTCARD +/* encode smartcard rsa message */ +void +ssh_encode_identity_sc(Buffer *b, RSA *key) +{ + char *keytype = "SMARTCARD_RSA"; + char *comment = "SSH_AGENTC_ADD_SMARTCARD_KEY"; + + buffer_clear(b); + buffer_put_char(b, SSH_AGENTC_ADD_SMARTCARD_KEY); + buffer_put_int(b, 0); /* key number is always 0 in this implementation */ + buffer_put_string(b, keytype, strlen(keytype)); + buffer_put_string(b, comment, strlen(comment)); +} +#endif /* SMARTCARD */ + /* * Adds an identity to the authentication server. This call is not meant to * be used by normal applications. @@ -470,6 +487,11 @@ case KEY_RSA1: ssh_encode_identity_rsa1(&msg, key->rsa, comment); break; +#ifdef SMARTCARD + case KEY_RSA_SC: + ssh_encode_identity_sc(&msg, key->rsa); + break; +#endif /* SMARTCARD */ case KEY_RSA: case KEY_DSA: ssh_encode_identity_ssh2(&msg, key, comment); @@ -513,6 +535,16 @@ buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY); buffer_put_string(&msg, blob, blen); xfree(blob); +#ifdef SMARTCARD + } else if (key->type == KEY_RSA_SC) { + char *keytype = "SMARTCARD_RSA"; + char *comment = "SSH_AGENTC_REMOVE_SMARTCARD_KEY"; + + buffer_put_char(&msg, SSH_AGENTC_REMOVE_SMARTCARD_KEY); + buffer_put_int(&msg, 0); + buffer_put_string (&msg, keytype, strlen(keytype)); + buffer_put_string (&msg, comment, strlen(comment)); +#endif /* SMARTCARD */ } else { buffer_free(&msg); return 0; Only in ssh.org/: authfd.c.orig diff -u -r ssh.org/authfd.h ssh.patched/authfd.h --- ssh.org/authfd.h Sat Nov 11 17:05:06 2000 +++ ssh.patched/authfd.h Thu Nov 9 13:18:21 2000 @@ -38,6 +38,11 @@ #define SSH2_AGENTC_REMOVE_IDENTITY 18 #define SSH2_AGENTC_REMOVE_ALL_IDENTITIES 19 +#ifdef SMARTCARD +#define SSH_AGENTC_ADD_SMARTCARD_KEY 20 +#define SSH_AGENTC_REMOVE_SMARTCARD_KEY 21 +#endif /* SMARTCARD */ + /* additional error code for ssh.com's ssh-agent2 */ #define SSH_COM_AGENT2_FAILURE 102 Only in ssh.org/: authfd.h.orig Only in ssh.org/: authfile.c.orig Only in ssh.patched/: cvsDyedZS2607 Only in ssh.org/: dsa.c Only in ssh.org/: dsa.c.orig diff -u -r ssh.org/dsa.h ssh.patched/dsa.h --- ssh.org/dsa.h Sat Nov 11 17:05:07 2000 +++ ssh.patched/dsa.h Thu Nov 9 12:53:43 2000 @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2000 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#ifndef DSA_H +#define DSA_H + +Key *dsa_key_from_blob(char *blob, int blen); +int dsa_make_key_blob(Key *key, unsigned char **blobp, unsigned int *lenp); + +int +dsa_sign( + Key *key, + unsigned char **sigp, int *lenp, + unsigned char *data, int datalen); + +int +dsa_verify( + Key *key, + unsigned char *signature, int signaturelen, + unsigned char *data, int datalen); + +Key * +dsa_generate_key(unsigned int bits); + +#endif Only in ssh.org/: dsa.h.orig Only in ssh.org/: hostfile.c.orig Only in ssh.org/: kex.c.orig Only in ssh.org/: kex.h.orig diff -u -r ssh.org/key.c ssh.patched/key.c --- ssh.org/key.c Sat Nov 11 17:05:07 2000 +++ ssh.patched/key.c Fri Nov 10 22:11:34 2000 @@ -61,6 +61,9 @@ switch (k->type) { case KEY_RSA1: case KEY_RSA: +#ifdef SMARTCARD + case KEY_RSA_SC: +#endif /* SMARTCARD */ rsa = RSA_new(); rsa->n = BN_new(); rsa->e = BN_new(); @@ -73,7 +76,7 @@ dsa->g = BN_new(); dsa->pub_key = BN_new(); k->dsa = dsa; - break; + break; case KEY_UNSPEC: break; default: @@ -89,7 +92,10 @@ switch (k->type) { case KEY_RSA1: case KEY_RSA: - k->rsa->d = BN_new(); +#ifdef SMARTCARD + case KEY_RSA_SC: +#endif /* SMARTCARD */ + k->rsa->d = BN_new(); k->rsa->iqmp = BN_new(); k->rsa->q = BN_new(); k->rsa->p = BN_new(); @@ -112,6 +118,9 @@ switch (k->type) { case KEY_RSA1: case KEY_RSA: +#ifdef SMARTCARD + case KEY_RSA_SC: +#endif /* SMARTCARD */ if (k->rsa != NULL) RSA_free(k->rsa); k->rsa = NULL; @@ -132,9 +141,24 @@ int key_equal(Key *a, Key *b) { +#ifdef SMARTCARD + if (a == NULL || b == NULL) + return 0; + if ((a -> type != b->type) && + !(a->type == KEY_RSA1 && b->type == KEY_RSA_SC)) + return 0; +#else /* SMARTCARD */ if (a == NULL || b == NULL || a->type != b->type) return 0; +#endif /* SMARTCARD */ + switch (a->type) { +#ifdef SMARTCARD + case KEY_RSA_SC: + return a->rsa != NULL && b->rsa != NULL && + BN_cmp(a->rsa->n, b->rsa->n) == 0; + break; +#endif /* SMARTCARD */ case KEY_RSA1: case KEY_RSA: return a->rsa != NULL && b->rsa != NULL && @@ -607,6 +631,9 @@ buffer_put_bignum2(&b, key->dsa->pub_key); break; case KEY_RSA: +#ifdef SMARTCARD + case KEY_RSA_SC: +#endif /* SMARTCARD */ buffer_put_cstring(&b, key_ssh_name(key)); buffer_put_bignum2(&b, key->rsa->n); buffer_put_bignum2(&b, key->rsa->e); Only in ssh.org/: key.c.orig diff -u -r ssh.org/key.h ssh.patched/key.h --- ssh.org/key.h Sat Nov 11 17:05:07 2000 +++ ssh.patched/key.h Thu Nov 9 13:14:35 2000 @@ -27,6 +27,9 @@ typedef struct Key Key; enum types { KEY_RSA1, +#ifdef SMARTCARD + KEY_RSA_SC, +#endif /* SMARTCARD */ KEY_RSA, KEY_DSA, KEY_UNSPEC Only in ssh.org/: key.h.orig Only in ssh.org/lib: Makefile.orig Only in ssh.patched/: log.bad Only in ssh.patched/: log.good Only in ssh.org/: myproposal.h.orig Only in ssh.org/: readconf.c.orig Only in ssh.org/: readconf.h.orig diff -u -r ssh.org/rsa.c ssh.patched/rsa.c --- ssh.org/rsa.c Sat Nov 11 17:05:07 2000 +++ ssh.patched/rsa.c Fri Nov 10 22:56:23 2000 @@ -113,6 +113,8 @@ BN_bin2bn(outbuf, len, out); + printf ("rsa_private_decrypt() length %d -> %d\n", ilen, len); + memset(outbuf, 0, olen); memset(inbuf, 0, ilen); xfree(outbuf); Only in ssh.org/: rsa.c.orig Only in ssh.org/: rsa.h.orig Only in ssh.patched/scp: scp.cat1 Only in ssh.org/: servconf.c.orig Only in ssh.org/: servconf.h.orig Only in ssh.patched/sftp-server: sftp-server.cat8 Only in ssh.patched/ssh: ssh.cat1 Only in ssh.patched/ssh-add: ssh-add.cat1 diff -u -r ssh.org/ssh-add.c ssh.patched/ssh-add.c --- ssh.org/ssh-add.c Sat Nov 11 17:05:08 2000 +++ ssh.patched/ssh-add.c Sat Nov 11 15:27:29 2000 @@ -201,6 +201,30 @@ xfree(saved_comment); } +#ifdef SMARTCARD +void +add_card (AuthenticationConnection *ac, int reader_num) +{ + Key *public; + + public = key_new(KEY_RSA_SC); + ssh_add_identity (ac, public, NULL); + + return; +} + +void +delete_card (AuthenticationConnection *ac, int reader_num) +{ + Key *public; + + public = key_new(KEY_RSA_SC); + ssh_remove_identity (ac, public); + + return; +} +#endif /* SMARTCARD */ + void list_identities(AuthenticationConnection *ac, int fp) { @@ -240,6 +264,11 @@ int no_files = 1; int i; int deleting = 0; +#ifdef SMARTCARD + int sc_mode = 0; + int sc_reader_num = 0; +#endif /* SMARTCARD */ + SSLeay_add_all_algorithms(); @@ -266,12 +295,61 @@ no_files = 0; continue; } +#ifdef SMARTCARD + /* smartcard mode */ + if (strcmp(argv[i], "-s") == 0) { + + sc_mode = 1; + deleting = 0; + i++; + if (i >= argc) { + goto USAGE; + } + sc_reader_num = atoi(argv[i]); + continue; + } + + if (strcmp(argv[i], "-e") == 0) { + + sc_mode = 1; + deleting = 1; + i++; + if (i >= argc) { + goto USAGE; + } + sc_reader_num = atoi(argv[i]); + continue; + } + + if (sc_mode == 1) { + if (deleting) + delete_card(ac, sc_reader_num); + else + add_card (ac, sc_reader_num); + } +#endif /* SMARTCARD */ + no_files = 0; if (deleting) delete_file(ac, argv[i]); else add_file(ac, argv[i]); } + +#ifdef SMARTCARD + if (sc_mode == 1) { + if (deleting) + delete_card(ac, sc_reader_num); + else + add_card (ac, sc_reader_num); + + ssh_close_authentication_connection(ac); + exit(0); + } + + +#endif /* SMARTCARD */ + if (no_files) { pw = getpwuid(getuid()); if (!pw) { @@ -288,4 +366,18 @@ } ssh_close_authentication_connection(ac); exit(0); + +#ifdef SMARTCARD + /* print out usage and exit */ + USAGE: + printf ( + "Usage: ssh-add [options] + -l, -L : list identities + -d : delete identity + -D : delete all identities + -s (reader_num) : add key in the smartcard in reader_num. + -e (reader_num) : remove key in the smartcard in reader_num.\n"); + exit (1); +#endif /* SMARTCARD */ + } Only in ssh.org/: ssh-add.c.orig Only in ssh.patched/ssh-agent: ssh-agent.cat1 diff -u -r ssh.org/ssh-agent.c ssh.patched/ssh-agent.c --- ssh.org/ssh-agent.c Sat Nov 11 17:05:08 2000 +++ ssh.patched/ssh-agent.c Sat Nov 11 16:38:37 2000 @@ -56,6 +56,9 @@ #include "authfd.h" #include "kex.h" #include "compat.h" +#ifdef SMARTCARD +#include +#endif /* SMARTCARD */ typedef struct { int fd; @@ -93,6 +96,138 @@ extern char *__progname; + +#ifdef SMARTCARD +#define CLA_SSH 0x05 +#define INS_DECRYPT 0x10 +#define INS_GET_KEYLENGTH 0x20 +#define INS_GET_PUBKEY 0x30 +#define INS_GET_RESPONSE 0xc0 + +int sc_fd; + +/* open the smartcard reader. + returns the opened file descriptor. */ + +int sc_open (int sc_reader_num) +{ + unsigned char atr[256]; + int n; + + if (sc_fd >=0) + return sc_fd; + + sc_fd = scopen (sc_reader_num, 0, NULL); + if (sc_fd < 0) return sc_fd; + + n = screset(sc_fd, atr, NULL); + if (n <= 0) { + sc_fd = -1; + return sc_fd; + } + + return sc_fd; +} + +int sc_read_pubkey (Key *k) +{ + unsigned char buf[256]; + int len, rv, r1, r2; + + /* get key size */ + rv = scread (sc_fd, CLA_SSH, INS_GET_KEYLENGTH, 0, 0, 2, buf, &r1, &r2); + if (rv < 0) { + printf ("could not obtain key length.\n"); + return rv; + } + + len = (buf[0] << 8 | buf[1]) / 8; + + /* get n */ + rv = scread (sc_fd, CLA_SSH, INS_GET_PUBKEY, 0, 0, len, buf, &r1, &r2); + if (rv < 0) { + fprintf (stderr, "could not obtain n.\n"); + return rv; + } + + BN_bin2bn (buf, len, k->rsa->n); + + return 0; +} + + +static int rsa_padding_check_PKCS1_type_2(unsigned char *to, int tlen, + unsigned char *from, int flen, int num) +{ + int i,j; + unsigned char *p; + + p=from; + if ((num != (flen+1)) || (*(p++) != 02)) + { + fprintf (stderr, "rsa_padding_check_PKCS1_type_2 error 1\n"); + return(-1); + } +#ifdef PKCS1_CHECK + return (num-11); +#endif + + /* scan over padding data */ + j=flen-1; /* one for type. */ + for (i=0; i tlen) + { + fprintf (stderr, "rsa_padding_check_PKCS1_type_2 error 4\n"); + return(-1); + } + memcpy(to,p,(unsigned int)j); + + return(j); +} + + +void sc_rsa_private (BIGNUM* out, BIGNUM* in) +{ + int r1, r2, rv; + int len = BN_num_bytes(in), olen; + unsigned char buf[256], buf2[256]; + + BN_bn2bin(in, buf); + + rv = scwrite(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, buf, &r1, &r2); + if (rv < 0) { + fprintf (stderr, "scwrite() for decrypt failed.\n"); + return; + } + + rv = scread(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, len, buf, &r1,&r2); + if (rv < 0) { + fprintf (stderr, "scread() for decrypt failed.\n"); + return; + } + + olen = rsa_padding_check_PKCS1_type_2 (buf2, len, buf+1, len-1, len); + BN_bin2bn (buf2, olen, out); + + return; +} +#endif /* SMARTCARD */ + void idtab_init(void) { @@ -122,6 +257,7 @@ if (key_equal(key, tab->identities[i].key)) { if (idx != NULL) *idx = i; + return tab->identities[i].key; } } @@ -142,7 +278,12 @@ buffer_put_int(&msg, tab->nentries); for (i = 0; i < tab->nentries; i++) { Identity *id = &tab->identities[i]; +#ifdef SMARTCARD + if (id->key->type == KEY_RSA1 || + id->key->type == KEY_RSA_SC) { +#else /* SMARTCARD */ if (id->key->type == KEY_RSA1) { +#endif /* SMARTCARD */ buffer_put_int(&msg, BN_num_bits(id->key->rsa->n)); buffer_put_bignum(&msg, id->key->rsa->e); buffer_put_bignum(&msg, id->key->rsa->n); @@ -192,7 +333,17 @@ private = lookup_private_key(key, NULL, 1); if (private != NULL) { /* Decrypt the challenge using the private key. */ +#ifdef SMARTCARD + /* decryption result has GOT TO BE 32 byte. + but why?! */ + if (private->type == KEY_RSA_SC) + sc_rsa_private (challenge, challenge); + else + rsa_private_decrypt(challenge, challenge, private->rsa); +#else /* SMARTCARD */ rsa_private_decrypt(challenge, challenge, private->rsa); +#endif /* SMARTCARD */ + /* The response is MD5 of decrypted challenge plus session id. */ len = BN_num_bytes(challenge); @@ -444,6 +595,123 @@ success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE); } + +#ifdef SMARTCARD +void +process_add_smartcard_key (SocketEntry *e) +{ + Key *k = NULL; + char *type_name; + char *comment; + int success = 0; + int sc_reader_num = 0, rv; + Idtab *tab = idtab_lookup(1); + + sc_reader_num = buffer_get_int(&e->input); + type_name = buffer_get_string(&e->input, NULL); + comment = buffer_get_string(&e->input, NULL); + + rv = sc_open (sc_reader_num); + if (rv < 0) { + xfree(type_name); + xfree(comment); + goto send; + } + k = key_new_private(KEY_RSA_SC); + if (k == NULL) { + xfree(type_name); + xfree(comment); + goto send; + } + rv = sc_read_pubkey (k); + if (rv < 0) { + xfree(type_name); + xfree(comment); + goto send; + } + + success = 1; + + if (lookup_private_key(k, NULL, 1) == NULL) { + if (tab->nentries == 0) + tab->identities = xmalloc(sizeof(Identity)); + else + tab->identities = xrealloc(tab->identities, + (tab->nentries + 1) * sizeof(Identity)); + tab->identities[tab->nentries].key = k; + tab->identities[tab->nentries].comment = comment; + /* Increment the number of identities. */ + tab->nentries++; + } else { + key_free(k); + xfree(comment); + } +send: + buffer_put_int(&e->output, 1); + buffer_put_char(&e->output, + success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE); +} + +void +process_remove_smartcard_key (SocketEntry *e) +{ + Key *k = NULL, *private; + char *type_name; + char *comment; + int success = 0; + int sc_reader_num = 0, rv; + + sc_reader_num = buffer_get_int(&e->input); + type_name = buffer_get_string(&e->input, NULL); + comment = buffer_get_string(&e->input, NULL); + + rv = sc_open (sc_reader_num); + if (rv < 0) { + xfree(type_name); + xfree(comment); + goto send; + } + k = key_new_private(KEY_RSA_SC); + if (k == NULL) { + xfree(type_name); + xfree(comment); + goto send; + } + rv = sc_read_pubkey (k); + if (rv < 0) { + xfree(type_name); + xfree(comment); + goto send; + } + + if (k != NULL) { + int idx; + private = lookup_private_key(k, &idx, 1); + if (private != NULL) { + /* + * We have this key. Free the old key. Since we + * don\'t want to leave empty slots in the middle of + * the array, we actually free the key there and copy + * data from the last entry. + */ + Idtab *tab = idtab_lookup(1); + key_free(tab->identities[idx].key); + xfree(tab->identities[idx].comment); + if (idx != tab->nentries) + tab->identities[idx] = tab->identities[tab->nentries]; + tab->nentries--; + success = 1; + } + key_free(k); + } + +send: + buffer_put_int(&e->output, 1); + buffer_put_char(&e->output, + success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE); +} +#endif /* SMARTCARD */ + /* dispatch incoming messages */ void @@ -500,6 +768,15 @@ case SSH2_AGENTC_REMOVE_ALL_IDENTITIES: process_remove_all_identities(e, 2); break; +#ifdef SMARTCARD + /* smartcard */ + case SSH_AGENTC_ADD_SMARTCARD_KEY: + process_add_smartcard_key(e); + break; + case SSH_AGENTC_REMOVE_SMARTCARD_KEY: + process_remove_smartcard_key(e); + break; +#endif /* SMARTCARD */ default: /* Unknown message. Respond with failure. */ error("Unknown message %d", type); @@ -649,7 +926,7 @@ usage() { fprintf(stderr, "ssh-agent version %s\n", SSH_VERSION); - fprintf(stderr, "Usage: %s [-c | -s] [-k] [command {args...]]\n", + fprintf(stderr, "Usage: %s [-c | -s] [-k] [-d] [command {args...]]\n", __progname); exit(1); } @@ -662,8 +939,14 @@ struct sockaddr_un sunaddr; pid_t pid; char *shell, *format, *pidstr, pidstrbuf[1 + 3 * sizeof pid]; +#ifdef SMARTCARD + int d_flag = 0; + + sc_fd = -1; +#endif /* SMARTCARD */ + - while ((ch = getopt(ac, av, "cks")) != -1) { + while ((ch = getopt(ac, av, "cksd")) != -1) { switch (ch) { case 'c': if (s_flag) @@ -678,6 +961,12 @@ usage(); s_flag++; break; + + case 'd': + if (d_flag) + usage(); + d_flag++; + break; default: usage(); } @@ -685,10 +974,10 @@ ac -= optind; av += optind; - if (ac > 0 && (c_flag || k_flag || s_flag)) + if (ac > 0 && (c_flag || k_flag || s_flag || d_flag)) usage(); - if (ac == 0 && !c_flag && !k_flag && !s_flag) { + if (ac == 0 && !c_flag && !k_flag && !s_flag && !d_flag) { shell = getenv("SHELL"); if (shell != NULL && strncmp(shell + strlen(shell) - 3, "csh", 3) == 0) c_flag = 1; @@ -752,54 +1041,69 @@ * Fork, and have the parent execute the command, if any, or present * the socket data. The child continues as the authentication agent. */ - pid = fork(); - if (pid == -1) { - perror("fork"); - exit(1); - } - if (pid != 0) { /* Parent - execute the given command. */ - close(sock); + +#ifdef SMARTCARD + if (d_flag) { + pid = parent_pid; snprintf(pidstrbuf, sizeof pidstrbuf, "%d", pid); - if (ac == 0) { - format = c_flag ? "setenv %s %s;\n" : "%s=%s; export %s;\n"; - printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name, - SSH_AUTHSOCKET_ENV_NAME); - printf(format, SSH_AGENTPID_ENV_NAME, pidstrbuf, - SSH_AGENTPID_ENV_NAME); - printf("echo Agent pid %d;\n", pid); - exit(0); - } - if (setenv(SSH_AUTHSOCKET_ENV_NAME, socket_name, 1) == -1 || - setenv(SSH_AGENTPID_ENV_NAME, pidstrbuf, 1) == -1) { - perror("setenv"); + format = "setenv %s %s;\n"; + printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name, + SSH_AUTHSOCKET_ENV_NAME); + printf(format, SSH_AGENTPID_ENV_NAME, pidstrbuf, + SSH_AGENTPID_ENV_NAME); + printf("echo Agent pid %d;\n", pid); + } else { + pid = fork(); + if (pid == -1) { + perror("fork"); exit(1); } - execvp(av[0], av); - perror(av[0]); - exit(1); - } - close(0); - close(1); - close(2); - - if (setsid() == -1) { - perror("setsid"); - cleanup_exit(1); - } - if (atexit(cleanup_socket) < 0) { - perror("atexit"); - cleanup_exit(1); + if (pid != 0) { /* Parent - execute the given command. */ + close(sock); + snprintf(pidstrbuf, sizeof pidstrbuf, "%d", pid); + if (ac == 0) { + format = c_flag ? "setenv %s %s;\n" : "%s=%s; export %s;\n"; + printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name, + SSH_AUTHSOCKET_ENV_NAME); + printf(format, SSH_AGENTPID_ENV_NAME, pidstrbuf, + SSH_AGENTPID_ENV_NAME); + printf("echo Agent pid %d;\n", pid); + exit(0); + } + if (setenv(SSH_AUTHSOCKET_ENV_NAME, socket_name, 1) == -1 || + setenv(SSH_AGENTPID_ENV_NAME, pidstrbuf, 1) == -1) { + perror("setenv"); + exit(1); + } + execvp(av[0], av); + perror(av[0]); + exit(1); + } + close(0); + close(1); + close(2); + + if (setsid() == -1) { + perror("setsid"); + cleanup_exit(1); + } + if (atexit(cleanup_socket) < 0) { + perror("atexit"); + cleanup_exit(1); + } } +#endif /* SMARTCARD */ + new_socket(AUTH_SOCKET, sock); if (ac > 0) { signal(SIGALRM, check_parent_exists); alarm(10); } idtab_init(); - signal(SIGINT, SIG_IGN); + /*signal(SIGINT, SIG_IGN);*/ signal(SIGPIPE, SIG_IGN); - signal(SIGHUP, cleanup_exit); - signal(SIGTERM, cleanup_exit); + /*signal(SIGHUP, cleanup_exit);*/ + /*signal(SIGTERM, cleanup_exit);*/ while (1) { FD_ZERO(&readset); FD_ZERO(&writeset); Only in ssh.org/: ssh-agent.c.orig Only in ssh.org/: ssh-dss.c.orig Only in ssh.org/: ssh-dss.h.orig Only in ssh.patched/ssh-keygen: ssh-keygen.cat1 Only in ssh.org/: ssh-keygen.1.orig Only in ssh.org/: ssh-keygen.c.orig Only in ssh.org/: ssh-rsa.c.orig Only in ssh.org/: ssh-rsa.h.orig Only in ssh.org/: ssh.1.orig Only in ssh.org/: ssh.c.orig diff -u -r ssh.org/sshconnect1.c ssh.patched/sshconnect1.c --- ssh.org/sshconnect1.c Sat Nov 11 17:05:08 2000 +++ ssh.patched/sshconnect1.c Sat Nov 11 16:40:17 2000 @@ -704,7 +704,10 @@ unsigned int server_flags, client_flags; int payload_len, clen, sum_len = 0; u_int32_t rand = 0; - +#ifdef SMARTCARD + unsigned char buf[256]; +#endif /* SMARTCARD */ + debug("Waiting for server public key."); /* Wait for a public key packet from the server. */ @@ -719,9 +722,18 @@ bits = packet_get_int();/* bits */ public_key->e = BN_new(); packet_get_bignum(public_key->e, &clen); + +#ifdef SMARTCARD + BN_bn2bin(public_key->e, buf); +#endif /* SMARTCARD */ + sum_len += clen; public_key->n = BN_new(); packet_get_bignum(public_key->n, &clen); +#ifdef SMARTCARD + BN_bn2bin(public_key->n, buf); +#endif /* SMARTCARD */ + sum_len += clen; rbits = BN_num_bits(public_key->n); @@ -735,9 +747,19 @@ bits = packet_get_int();/* bits */ host_key->e = BN_new(); packet_get_bignum(host_key->e, &clen); + +#ifdef SMARTCARD + BN_bn2bin(host_key->e, buf); +#endif /* SMARTCARD */ + sum_len += clen; host_key->n = BN_new(); packet_get_bignum(host_key->n, &clen); + +#ifdef SMARTCARD + BN_bn2bin(host_key->n, buf); +#endif /* SMARTCARD */ + sum_len += clen; rbits = BN_num_bits(host_key->n); Only in ssh.org/: sshconnect1.c.orig Only in ssh.org/: sshconnect2.c.orig Only in ssh.patched/sshd: sshd.cat8 Only in ssh.org/: sshd.8.orig Only in ssh.org/: sshd.c.orig Only in ssh.org/: sshd_config.orig Only in ssh.org/: version.h.orig