Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 85b45e09188e7a7fc8f0a900a4c6a0f04a5720a7^! / . / monitor.c
commit85b45e09188e7a7fc8f0a900a4c6a0f04a5720a7[log] [tgz]
authorDamien Miller <djm@mindrot.org>Sat Jul 20 13:21:52 2013 +1000
committerDamien Miller <djm@mindrot.org>Sat Jul 20 13:21:52 2013 +1000
tree575942d7e7a835c3b89b59eb0e9e0ecf34f1811b
parentd93340cbb6bc0fc0dbd4427e0cec6d994a494dd9 [diff] [blame]
   - markus@cvs.openbsd.org 2013/07/19 07:37:48
     [auth.h kex.h kexdhs.c kexecdhs.c kexgexs.c monitor.c servconf.c]
     [servconf.h session.c sshd.c sshd_config.5]
     add ssh-agent(1) support to sshd(8); allows encrypted hostkeys,
     or hostkeys on smartcards; most of the work by Zev Weiss; bz #1974
     ok djm@

diff --git a/monitor.c b/monitor.c
index 0516f60..44dff98 100644
--- a/monitor.c
+++ b/monitor.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.126 2013/06/21 00:34:49 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.127 2013/07/19 07:37:48 markus Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -97,6 +97,7 @@
 #include "ssh2.h"
 #include "jpake.h"
 #include "roaming.h"
+#include "authfd.h"
 
 #ifdef GSSAPI
 static Gssctxt *gsscontext = NULL;
@@ -686,6 +687,8 @@
 	return (0);
 }
 
+extern AuthenticationConnection *auth_conn;
+
 int
 mm_answer_sign(int sock, Buffer *m)
 {
@@ -714,10 +717,16 @@
 		memcpy(session_id2, p, session_id2_len);
 	}
 
-	if ((key = get_hostkey_by_index(keyid)) == NULL)
+	if ((key = get_hostkey_by_index(keyid)) != NULL) {
+		if (key_sign(key, &signature, &siglen, p, datlen) < 0)
+			fatal("%s: key_sign failed", __func__);
+	} else if ((key = get_hostkey_public_by_index(keyid)) != NULL &&
+	    auth_conn != NULL) {
+		if (ssh_agent_sign(auth_conn, key, &signature, &siglen, p,
+		    datlen) < 0)
+			fatal("%s: ssh_agent_sign failed", __func__);
+	} else
 		fatal("%s: no hostkey from index %d", __func__, keyid);
-	if (key_sign(key, &signature, &siglen, p, datlen) < 0)
-		fatal("%s: key_sign failed", __func__);
 
 	debug3("%s: signature %p(%u)", __func__, signature, siglen);
 
@@ -1864,6 +1873,7 @@
 	kex->load_host_public_key=&get_hostkey_public_by_type;
 	kex->load_host_private_key=&get_hostkey_private_by_type;
 	kex->host_key_index=&get_hostkey_index;
+	kex->sign = sshd_hostkey_sign;
 
 	return (kex);
 }