Bugzilla – Attachment 2306 Details for
Bug 1974
Support for encrypted host keys
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
(relative) patch that makes rekey work
rekey-fix.patch (text/plain), 3.72 KB, created by
Markus Friedl
on 2013-07-05 20:08:27 AEST
(
hide
)
Description:
(relative) patch that makes rekey work
Filename:
MIME Type:
Creator:
Markus Friedl
Created:
2013-07-05 20:08:27 AEST
Size:
3.72 KB
patch
obsolete
>diff --git auth.h auth.h >index e66b9c9..a001901 100644 >--- auth.h >+++ auth.h >@@ -179,6 +179,7 @@ Key *get_hostkey_public_by_type(int); > Key *get_hostkey_private_by_type(int); > int get_hostkey_index(Key *); > int ssh1_session_key(BIGNUM *); >+void sshd_hostkey_sign(Key *, Key *, u_char **, u_int *, u_char *, u_int); > > /* debug messages during authentication */ > void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2))); >diff --git monitor.c monitor.c >index 489aa8d..dcb7b17 100644 >--- monitor.c >+++ monitor.c >@@ -1542,6 +1542,7 @@ mm_get_kex(Buffer *m) > kex->load_host_public_key=&get_hostkey_public_by_type; > kex->load_host_private_key=&get_hostkey_private_by_type; > kex->host_key_index=&get_hostkey_index; >+ kex->sign = sshd_hostkey_sign; > > return (kex); > } >diff --git session.c session.c >index cf04d33..4c257d1 100644 >--- session.c >+++ session.c >@@ -70,6 +70,7 @@ > #include "hostfile.h" > #include "auth.h" > #include "auth-options.h" >+#include "authfd.h" > #include "pathnames.h" > #include "log.h" > #include "servconf.h" >@@ -1261,6 +1262,13 @@ launch_login(struct passwd *pw, const char *hostname) > static void > child_close_fds(void) > { >+ extern AuthenticationConnection *auth_conn; >+ >+ if (auth_conn) { >+ ssh_close_authentication_connection(auth_conn); >+ auth_conn = NULL; >+ } >+ > if (packet_get_connection_in() == packet_get_connection_out()) > close(packet_get_connection_in()); > else { >diff --git sshd.c sshd.c >index ebc2b65..2aefacb 100644 >--- sshd.c >+++ sshd.c >@@ -651,11 +651,6 @@ privsep_preauth(Authctxt *authctxt) > ssh_sandbox_parent_preauth(box, pid); > monitor_child_preauth(authctxt, pmonitor); > >- if (auth_conn) { >- ssh_close_authentication_connection(auth_conn); >- auth_conn = NULL; >- } >- > /* Sync memory */ > monitor_sync(pmonitor); > >@@ -1337,7 +1332,6 @@ main(int ac, char **av) > mode_t new_umask; > Key *key; > Key *pubkey; >- char *pubkey_comment; > int have_agent, keytype; > Authctxt *authctxt; > struct connection_info *connection_info = get_connection_info(0, 0); >@@ -1585,8 +1579,7 @@ main(int ac, char **av) > > for (i = 0; i < options.num_host_key_files; i++) { > key = key_load_private(options.host_key_files[i], "", NULL); >- pubkey = key_load_public(options.host_key_files[i], >- &pubkey_comment); >+ pubkey = key_load_public(options.host_key_files[i], NULL); > sensitive_data.host_keys[i] = key; > sensitive_data.host_pubkeys[i] = pubkey; > >@@ -1595,14 +1588,15 @@ main(int ac, char **av) > debug("will rely on agent for hostkey %s", > options.host_key_files[i]); > keytype = pubkey->type; >- } else if (key == NULL) { >+ } else if (key != NULL) { >+ keytype = key->type; >+ } else { > error("Could not load host key: %s", > options.host_key_files[i]); > sensitive_data.host_keys[i] = NULL; > sensitive_data.host_pubkeys[i] = NULL; > continue; >- } else >- keytype = key->type; >+ } > > switch (keytype) { > case KEY_RSA1: >@@ -1964,10 +1958,6 @@ main(int ac, char **av) > if (compat20) { > do_ssh2_kex(); > do_authentication2(authctxt); >- if (!use_privsep && auth_conn) { >- ssh_close_authentication_connection(auth_conn); >- auth_conn = NULL; >- } > } else { > do_ssh1_kex(); > do_authentication(authctxt); >@@ -2247,8 +2237,8 @@ do_ssh1_kex(void) > packet_write_wait(); > } > >-static void >-kex_server_sign(Key *privkey, Key *pubkey, u_char **signature, u_int *slen, >+void >+sshd_hostkey_sign(Key *privkey, Key *pubkey, u_char **signature, u_int *slen, > u_char *data, u_int dlen) > { > if (privkey) { >@@ -2314,7 +2304,7 @@ do_ssh2_kex(void) > kex->load_host_public_key=&get_hostkey_public_by_type; > kex->load_host_private_key=&get_hostkey_private_by_type; > kex->host_key_index=&get_hostkey_index; >- kex->sign = kex_server_sign; >+ kex->sign = sshd_hostkey_sign; > > xxx_kex = kex; >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2306">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1974
:
2125
|
2303
|
2306
|
2307
|
2308
|
2309