Attachment #2306 for bug #1974

Lines 179-184 Key *get_hostkey_public_by_type(int); Link Here

(-)auth.h (+1 lines)
179	Key *get_hostkey_private_by_type(int);	179	Key *get_hostkey_private_by_type(int);
180	int get_hostkey_index(Key *);	180	int get_hostkey_index(Key *);
181	int ssh1_session_key(BIGNUM *);	181	int ssh1_session_key(BIGNUM *);
		182	void sshd_hostkey_sign(Key , Key , u_char *, u_int , u_char *, u_int);
182		183
183	/* debug messages during authentication */	184	/* debug messages during authentication */
184	void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2)));	185	void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2)));

Lines 1542-1547 mm_get_kex(Buffer *m) Link Here

(-)monitor.c (+1 lines)
1542	kex->load_host_public_key=&get_hostkey_public_by_type;	1542	kex->load_host_public_key=&get_hostkey_public_by_type;
1543	kex->load_host_private_key=&get_hostkey_private_by_type;	1543	kex->load_host_private_key=&get_hostkey_private_by_type;
1544	kex->host_key_index=&get_hostkey_index;	1544	kex->host_key_index=&get_hostkey_index;
		1545	kex->sign = sshd_hostkey_sign;
1545		1546
1546	return (kex);	1547	return (kex);
1547	}	1548	}

Lines 70-75 Link Here

(-)session.c (+8 lines)
70	#include "hostfile.h"	70	#include "hostfile.h"
71	#include "auth.h"	71	#include "auth.h"
72	#include "auth-options.h"	72	#include "auth-options.h"
		73	#include "authfd.h"
73	#include "pathnames.h"	74	#include "pathnames.h"
74	#include "log.h"	75	#include "log.h"
75	#include "servconf.h"	76	#include "servconf.h"
Lines 1261-1266 launch_login(struct passwd pw, const char hostname) Link Here
1261	static void	1262	static void
1262	child_close_fds(void)	1263	child_close_fds(void)
1263	{	1264	{
		1265	extern AuthenticationConnection *auth_conn;
		1266
		1267	if (auth_conn) {
		1268	ssh_close_authentication_connection(auth_conn);
		1269	auth_conn = NULL;
		1270	}
		1271
1264	if (packet_get_connection_in() == packet_get_connection_out())	1272	if (packet_get_connection_in() == packet_get_connection_out())
1265	close(packet_get_connection_in());	1273	close(packet_get_connection_in());
1266	else {	1274	else {




			ssh_sandbox_parent_preauth(box, pid);
		monitor_child_preauth(authctxt, pmonitor);

		if (auth_conn) {
			ssh_close_authentication_connection(auth_conn);
			auth_conn = NULL;
		}

		/* Sync memory */
		monitor_sync(pmonitor);


	mode_t new_umask;
	Key *key;
	Key *pubkey;
	char *pubkey_comment;
	int have_agent, keytype;
	Authctxt *authctxt;
	struct connection_info *connection_info = get_connection_info(0, 0);


	for (i = 0; i < options.num_host_key_files; i++) {
		key = key_load_private(options.host_key_files[i], "", NULL);
		pubkey = key_load_public(options.host_key_files[i], NULL);
		    &pubkey_comment);
		sensitive_data.host_keys[i] = key;
		sensitive_data.host_pubkeys[i] = pubkey;


			debug("will rely on agent for hostkey %s",
			    options.host_key_files[i]);
			keytype = pubkey->type;
		} else if (key != NULL) {
			keytype = key->type;
		} else {
			error("Could not load host key: %s",
			    options.host_key_files[i]);
			sensitive_data.host_keys[i] = NULL;
			sensitive_data.host_pubkeys[i] = NULL;
			continue;
		}
			keytype = key->type;

		switch (keytype) {
		case KEY_RSA1:

	if (compat20) {
		do_ssh2_kex();
		do_authentication2(authctxt);
		if (!use_privsep && auth_conn) {
			ssh_close_authentication_connection(auth_conn);
			auth_conn = NULL;
		}
	} else {
		do_ssh1_kex();
		do_authentication(authctxt);

	packet_write_wait();
}

void
sshd_hostkey_sign(Key *privkey, Key *pubkey, u_char **signature, u_int *slen,
    u_char *data, u_int dlen)
{
	if (privkey) {

	kex->load_host_public_key=&get_hostkey_public_by_type;
	kex->load_host_private_key=&get_hostkey_private_by_type;
	kex->host_key_index=&get_hostkey_index;
	kex->sign = sshd_hostkey_sign;

	xxx_kex = kex;


Return to bug 1974

Lines 651-661 privsep_preauth(Authctxt *authctxt) Link Here

(-)sshd.c (-18 / +8 lines)
651	ssh_sandbox_parent_preauth(box, pid);	651	ssh_sandbox_parent_preauth(box, pid);
652	monitor_child_preauth(authctxt, pmonitor);	652	monitor_child_preauth(authctxt, pmonitor);
653		653
654	if (auth_conn) {
655	ssh_close_authentication_connection(auth_conn);
656	auth_conn = NULL;
657	}
658
659	/* Sync memory */	654	/* Sync memory */
660	monitor_sync(pmonitor);	655	monitor_sync(pmonitor);
661		656
Lines 1337-1343 main(int ac, char **av) Link Here
1337	mode_t new_umask;	1332	mode_t new_umask;
1338	Key *key;	1333	Key *key;
1339	Key *pubkey;	1334	Key *pubkey;
1340	char *pubkey_comment;
1341	int have_agent, keytype;	1335	int have_agent, keytype;
1342	Authctxt *authctxt;	1336	Authctxt *authctxt;
1343	struct connection_info *connection_info = get_connection_info(0, 0);	1337	struct connection_info *connection_info = get_connection_info(0, 0);
Lines 1585-1592 main(int ac, char **av) Link Here
1585		1579
1586	for (i = 0; i < options.num_host_key_files; i++) {	1580	for (i = 0; i < options.num_host_key_files; i++) {
1587	key = key_load_private(options.host_key_files[i], "", NULL);	1581	key = key_load_private(options.host_key_files[i], "", NULL);
1588	pubkey = key_load_public(options.host_key_files[i],	1582	pubkey = key_load_public(options.host_key_files[i], NULL);
1589	&pubkey_comment);
1590	sensitive_data.host_keys[i] = key;	1583	sensitive_data.host_keys[i] = key;
1591	sensitive_data.host_pubkeys[i] = pubkey;	1584	sensitive_data.host_pubkeys[i] = pubkey;
1592		1585
Lines 1595-1608 main(int ac, char **av) Link Here
1595	debug("will rely on agent for hostkey %s",	1588	debug("will rely on agent for hostkey %s",
1596	options.host_key_files[i]);	1589	options.host_key_files[i]);
1597	keytype = pubkey->type;	1590	keytype = pubkey->type;
1598	} else if (key == NULL) {	1591	} else if (key != NULL) {
		1592	keytype = key->type;
		1593	} else {
1599	error("Could not load host key: %s",	1594	error("Could not load host key: %s",
1600	options.host_key_files[i]);	1595	options.host_key_files[i]);
1601	sensitive_data.host_keys[i] = NULL;	1596	sensitive_data.host_keys[i] = NULL;
1602	sensitive_data.host_pubkeys[i] = NULL;	1597	sensitive_data.host_pubkeys[i] = NULL;
1603	continue;	1598	continue;
1604	} else	1599	}
1605	keytype = key->type;
1606		1600
1607	switch (keytype) {	1601	switch (keytype) {
1608	case KEY_RSA1:	1602	case KEY_RSA1:
Lines 1964-1973 main(int ac, char **av) Link Here
1964	if (compat20) {	1958	if (compat20) {
1965	do_ssh2_kex();	1959	do_ssh2_kex();
1966	do_authentication2(authctxt);	1960	do_authentication2(authctxt);
1967	if (!use_privsep && auth_conn) {
1968	ssh_close_authentication_connection(auth_conn);
1969	auth_conn = NULL;
1970	}
1971	} else {	1961	} else {
1972	do_ssh1_kex();	1962	do_ssh1_kex();
1973	do_authentication(authctxt);	1963	do_authentication(authctxt);
Lines 2247-2254 do_ssh1_kex(void) Link Here
2247	packet_write_wait();	2237	packet_write_wait();
2248	}	2238	}
2249		2239
2250	static void	2240	void
2251	kex_server_sign(Key privkey, Key pubkey, u_char *signature, u_int slen,	2241	sshd_hostkey_sign(Key privkey, Key pubkey, u_char *signature, u_int slen,
2252	u_char *data, u_int dlen)	2242	u_char *data, u_int dlen)
2253	{	2243	{
2254	if (privkey) {	2244	if (privkey) {
Lines 2314-2320 do_ssh2_kex(void) Link Here
2314	kex->load_host_public_key=&get_hostkey_public_by_type;	2304	kex->load_host_public_key=&get_hostkey_public_by_type;
2315	kex->load_host_private_key=&get_hostkey_private_by_type;	2305	kex->load_host_private_key=&get_hostkey_private_by_type;
2316	kex->host_key_index=&get_hostkey_index;	2306	kex->host_key_index=&get_hostkey_index;
2317	kex->sign = kex_server_sign;	2307	kex->sign = sshd_hostkey_sign;
2318		2308
2319	xxx_kex = kex;	2309	xxx_kex = kex;
2320		2310