- markus@cvs.openbsd.org 2002/05/24 08:45:14
[sshconnect2.c]
stat ssh-keysign first, print error if stat fails;
some debug->error; fix comment
diff --git a/ChangeLog b/ChangeLog
index a00e4ea..4e1c95a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -24,6 +24,10 @@
- markus@cvs.openbsd.org 2002/05/23 19:39:34
[ssh.c]
add comment about ssh-keysign
+ - markus@cvs.openbsd.org 2002/05/24 08:45:14
+ [sshconnect2.c]
+ stat ssh-keysign first, print error if stat fails;
+ some debug->error; fix comment
20020604
- (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed
@@ -708,4 +712,4 @@
- (stevesk) entropy.c: typo in debug message
- (djm) ssh-keygen -i needs seeded RNG; report from markus@
-$Id: ChangeLog,v 1.2150 2002/06/06 19:58:27 mouring Exp $
+$Id: ChangeLog,v 1.2151 2002/06/06 19:59:29 mouring Exp $
diff --git a/sshconnect2.c b/sshconnect2.c
index 2736856..258d7cf 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.100 2002/05/23 19:24:30 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.101 2002/05/24 08:45:14 markus Exp $");
#include "ssh.h"
#include "ssh2.h"
@@ -900,11 +900,16 @@
u_char *data, u_int datalen)
{
Buffer b;
+ struct stat st;
pid_t pid;
int to[2], from[2], status, version = 1;
debug("ssh_keysign called");
+ if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) {
+ error("ssh_keysign: no installed: %s", strerror(errno));
+ return -1;
+ }
if (fflush(stdout) != 0)
error("ssh_keysign: fflush: %s", strerror(errno));
if (pipe(to) < 0) {
@@ -940,18 +945,10 @@
msg_send(to[1], version, &b);
if (msg_recv(from[0], &b) < 0) {
- debug("ssh_keysign: no reply");
+ error("ssh_keysign: no reply");
buffer_clear(&b);
return -1;
}
- if (buffer_get_char(&b) != version) {
- debug("ssh_keysign: bad version");
- buffer_clear(&b);
- return -1;
- }
- *sigp = buffer_get_string(&b, lenp);
- buffer_clear(&b);
-
close(from[0]);
close(to[1]);
@@ -959,13 +956,17 @@
if (errno != EINTR)
break;
+ if (buffer_get_char(&b) != version) {
+ error("ssh_keysign: bad version");
+ buffer_clear(&b);
+ return -1;
+ }
+ *sigp = buffer_get_string(&b, lenp);
+ buffer_clear(&b);
+
return 0;
}
-/*
- * this will be move to an external program (ssh-keysign) ASAP. ssh-keysign
- * will be setuid-root and the sbit can be removed from /usr/bin/ssh.
- */
int
userauth_hostbased(Authctxt *authctxt)
{