upstream commit

more simplification and removal of SSHv1-related code;
ok djm@

Upstream-ID: d2f041aa0b79c0ebd98c68a01e5a0bfab2cf3b55

5 files changed, 44 insertions, 76 deletions

diff --git a/authfd.c b/authfd.c
index ea664a167..8486e28b3 100644
--- a/authfd.c
+++ b/authfd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfd.c,v 1.102 2017/05/04 06:10:57 djm Exp $ */
+/* $OpenBSD: authfd.c,v 1.103 2017/05/05 10:42:49 naddy Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -227,35 +227,21 @@ deserialise_identity2(struct sshbuf *ids, struct sshkey **keyp, char **commentp)
  * Fetch list of identities held by the agent.
  */
 int
-ssh_fetch_identitylist(int sock, int version, struct ssh_identitylist **idlp)
+ssh_fetch_identitylist(int sock, struct ssh_identitylist **idlp)
 {
-        u_char type, code1 = 0, code2 = 0;
+        u_char type;
         u_int32_t num, i;
         struct sshbuf *msg;
         struct ssh_identitylist *idl = NULL;
         int r;
 
-        /* Determine request and expected response types */
-        switch (version) {
-        case 1:
-                code1 = SSH_AGENTC_REQUEST_RSA_IDENTITIES;
-                code2 = SSH_AGENT_RSA_IDENTITIES_ANSWER;
-                break;
-        case 2:
-                code1 = SSH2_AGENTC_REQUEST_IDENTITIES;
-                code2 = SSH2_AGENT_IDENTITIES_ANSWER;
-                break;
-        default:
-                return SSH_ERR_INVALID_ARGUMENT;
-        }
-
         /*
          * Send a message to the agent requesting for a list of the
          * identities it can represent.
          */
         if ((msg = sshbuf_new()) == NULL)
                 return SSH_ERR_ALLOC_FAIL;
-        if ((r = sshbuf_put_u8(msg, code1)) != 0)
+        if ((r = sshbuf_put_u8(msg, SSH2_AGENTC_REQUEST_IDENTITIES)) != 0)
                 goto out;
 
         if ((r = ssh_request_reply(sock, msg, msg)) != 0)
@@ -267,7 +253,7 @@ ssh_fetch_identitylist(int sock, int version, struct ssh_identitylist **idlp)
         if (agent_failed(type)) {
                 r = SSH_ERR_AGENT_FAILURE;
                 goto out;
-        } else if (type != code2) {
+        } else if (type != SSH2_AGENT_IDENTITIES_ANSWER) {
                 r = SSH_ERR_INVALID_FORMAT;
                 goto out;
         }
@@ -292,20 +278,14 @@ ssh_fetch_identitylist(int sock, int version, struct ssh_identitylist **idlp)
                 goto out;
         }
         for (i = 0; i < num;) {
-                switch (version) {
-                case 1:
-                        break;
-                case 2:
-                        if ((r = deserialise_identity2(msg,
-                            &(idl->keys[i]), &(idl->comments[i]))) != 0) {
-                                if (r == SSH_ERR_KEY_TYPE_UNKNOWN) {
-                                        /* Gracefully skip unknown key types */
-                                        num--;
-                                        continue;
-                                } else
-                                        goto out;
-                        }
-                        break;
+                if ((r = deserialise_identity2(msg, &(idl->keys[i]),
+                    &(idl->comments[i]))) != 0) {
+                        if (r == SSH_ERR_KEY_TYPE_UNKNOWN) {
+                                /* Gracefully skip unknown key types */
+                                num--;
+                                continue;
+                        } else
+                                goto out;
                 }
                 i++;
         }
diff --git a/authfd.h b/authfd.h
index 4b417e3f4..0e98331d7 100644
--- a/authfd.h
+++ b/authfd.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfd.h,v 1.39 2015/12/04 16:41:28 markus Exp $ */
+/* $OpenBSD: authfd.h,v 1.40 2017/05/05 10:42:49 naddy Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -27,8 +27,7 @@ int	ssh_get_authentication_socket(int *fdp);
 void    ssh_close_authentication_socket(int sock);
 
 int     ssh_lock_agent(int sock, int lock, const char *password);
-int     ssh_fetch_identitylist(int sock, int version,
-            struct ssh_identitylist **idlp);
+int     ssh_fetch_identitylist(int sock, struct ssh_identitylist **idlp);
 void    ssh_free_identitylist(struct ssh_identitylist *idl);
 int     ssh_add_identity_constrained(int sock, struct sshkey *key,
             const char *comment, u_int life, u_int confirm);
diff --git a/pathnames.h b/pathnames.h
index cff672e2f..1c221b01b 100644
--- a/pathnames.h
+++ b/pathnames.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pathnames.h,v 1.26 2017/05/03 21:08:09 naddy Exp $ */
+/* $OpenBSD: pathnames.h,v 1.27 2017/05/05 10:42:49 naddy Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -71,7 +71,6 @@
  * Name of the default file containing client-side authentication key. This
  * file should only be readable by the user him/herself.
  */
-#define _PATH_SSH_CLIENT_IDENTITY       _PATH_SSH_USER_DIR "/identity"
 #define _PATH_SSH_CLIENT_ID_DSA         _PATH_SSH_USER_DIR "/id_dsa"
 #define _PATH_SSH_CLIENT_ID_ECDSA       _PATH_SSH_USER_DIR "/id_ecdsa"
 #define _PATH_SSH_CLIENT_ID_RSA         _PATH_SSH_USER_DIR "/id_rsa"
diff --git a/ssh-add.c b/ssh-add.c
index 5f62420f9..a1e0d464b 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.130 2017/05/04 06:10:57 djm Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.131 2017/05/05 10:42:49 naddy Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -362,46 +362,36 @@ static int
 list_identities(int agent_fd, int do_fp)
 {
         char *fp;
-        int r, had_identities = 0;
+        int r;
         struct ssh_identitylist *idlist;
         size_t i;
-        int version = 2;
-
-        for (; version <= 2; version++) {
-                if ((r = ssh_fetch_identitylist(agent_fd, version,
-                    &idlist)) != 0) {
-                        if (r != SSH_ERR_AGENT_NO_IDENTITIES)
-                                fprintf(stderr, "error fetching identities for "
-                                    "protocol %d: %s\n", version, ssh_err(r));
-                        continue;
-                }
-                for (i = 0; i < idlist->nkeys; i++) {
-                        had_identities = 1;
-                        if (do_fp) {
-                                fp = sshkey_fingerprint(idlist->keys[i],
-                                    fingerprint_hash, SSH_FP_DEFAULT);
-                                printf("%u %s %s (%s)\n",
-                                    sshkey_size(idlist->keys[i]),
-                                    fp == NULL ? "(null)" : fp,
-                                    idlist->comments[i],
-                                    sshkey_type(idlist->keys[i]));
-                                free(fp);
-                        } else {
-                                if ((r = sshkey_write(idlist->keys[i],
-                                    stdout)) != 0) {
-                                        fprintf(stderr, "sshkey_write: %s\n",
-                                            ssh_err(r));
-                                        continue;
-                                }
-                                fprintf(stdout, " %s\n", idlist->comments[i]);
+
+        if ((r = ssh_fetch_identitylist(agent_fd, &idlist)) != 0) {
+                if (r != SSH_ERR_AGENT_NO_IDENTITIES)
+                        fprintf(stderr, "error fetching identities: %s\n",
+                            ssh_err(r));
+                else
+                        printf("The agent has no identities.\n");
+                return -1;
+        }
+        for (i = 0; i < idlist->nkeys; i++) {
+                if (do_fp) {
+                        fp = sshkey_fingerprint(idlist->keys[i],
+                            fingerprint_hash, SSH_FP_DEFAULT);
+                        printf("%u %s %s (%s)\n", sshkey_size(idlist->keys[i]),
+                            fp == NULL ? "(null)" : fp, idlist->comments[i],
+                            sshkey_type(idlist->keys[i]));
+                        free(fp);
+                } else {
+                        if ((r = sshkey_write(idlist->keys[i], stdout)) != 0) {
+                                fprintf(stderr, "sshkey_write: %s\n",
+                                    ssh_err(r));
+                                continue;
                         }
+                        fprintf(stdout, " %s\n", idlist->comments[i]);
                 }
-                ssh_free_identitylist(idlist);
-        }
-        if (!had_identities) {
-                printf("The agent has no identities.\n");
-                return -1;
         }
+        ssh_free_identitylist(idlist);
         return 0;
 }
 
diff --git a/sshconnect2.c b/sshconnect2.c
index 393353db5..1b79253da 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.257 2017/04/30 23:18:44 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.258 2017/05/05 10:42:49 naddy Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -1345,7 +1345,7 @@ pubkey_prepare(Authctxt *authctxt)
                 if (r != SSH_ERR_AGENT_NOT_PRESENT)
                         debug("%s: ssh_get_authentication_socket: %s",
                             __func__, ssh_err(r));
-        } else if ((r = ssh_fetch_identitylist(agent_fd, 2, &idlist)) != 0) {
+        } else if ((r = ssh_fetch_identitylist(agent_fd, &idlist)) != 0) {
                 if (r != SSH_ERR_AGENT_NO_IDENTITIES)
                         debug("%s: ssh_fetch_identitylist: %s",
                             __func__, ssh_err(r));