diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2002-06-21 00:08:39 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2002-06-21 00:08:39 +0000 |
commit | 2b266b7f083e969cba04a035eba46a6d96c0c1e3 (patch) | |
tree | fb9ecf1af23c8d94a3608c22e7c7779a3419c42e /authfd.c | |
parent | c90f8a98eaffccb8248111206416e1c9ed206da9 (diff) |
- markus@cvs.openbsd.org 2002/06/15 01:27:48
[authfd.c authfd.h ssh-add.c ssh-agent.c]
remove the CONSTRAIN_IDENTITY messages and introduce a new
ADD_ID message with contraints instead. contraints can be
only added together with the private key.
Diffstat (limited to 'authfd.c')
-rw-r--r-- | authfd.c | 67 |
1 files changed, 24 insertions, 43 deletions
@@ -35,7 +35,7 @@ | |||
35 | */ | 35 | */ |
36 | 36 | ||
37 | #include "includes.h" | 37 | #include "includes.h" |
38 | RCSID("$OpenBSD: authfd.c,v 1.53 2002/06/15 00:07:38 markus Exp $"); | 38 | RCSID("$OpenBSD: authfd.c,v 1.54 2002/06/15 01:27:48 markus Exp $"); |
39 | 39 | ||
40 | #include <openssl/evp.h> | 40 | #include <openssl/evp.h> |
41 | 41 | ||
@@ -439,8 +439,6 @@ ssh_agent_sign(AuthenticationConnection *auth, | |||
439 | static void | 439 | static void |
440 | ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) | 440 | ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) |
441 | { | 441 | { |
442 | buffer_clear(b); | ||
443 | buffer_put_char(b, SSH_AGENTC_ADD_RSA_IDENTITY); | ||
444 | buffer_put_int(b, BN_num_bits(key->n)); | 442 | buffer_put_int(b, BN_num_bits(key->n)); |
445 | buffer_put_bignum(b, key->n); | 443 | buffer_put_bignum(b, key->n); |
446 | buffer_put_bignum(b, key->e); | 444 | buffer_put_bignum(b, key->e); |
@@ -455,8 +453,6 @@ ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) | |||
455 | static void | 453 | static void |
456 | ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) | 454 | ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) |
457 | { | 455 | { |
458 | buffer_clear(b); | ||
459 | buffer_put_char(b, SSH2_AGENTC_ADD_IDENTITY); | ||
460 | buffer_put_cstring(b, key_ssh_name(key)); | 456 | buffer_put_cstring(b, key_ssh_name(key)); |
461 | switch (key->type) { | 457 | switch (key->type) { |
462 | case KEY_RSA: | 458 | case KEY_RSA: |
@@ -484,19 +480,28 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) | |||
484 | */ | 480 | */ |
485 | 481 | ||
486 | int | 482 | int |
487 | ssh_add_identity(AuthenticationConnection *auth, Key *key, const char *comment) | 483 | ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key, |
484 | const char *comment, u_int life) | ||
488 | { | 485 | { |
489 | Buffer msg; | 486 | Buffer msg; |
490 | int type; | 487 | int type, constrained = (life != 0); |
491 | 488 | ||
492 | buffer_init(&msg); | 489 | buffer_init(&msg); |
493 | 490 | ||
494 | switch (key->type) { | 491 | switch (key->type) { |
495 | case KEY_RSA1: | 492 | case KEY_RSA1: |
493 | type = constrained ? | ||
494 | SSH_AGENTC_ADD_RSA_ID_CONSTRAINED : | ||
495 | SSH_AGENTC_ADD_RSA_IDENTITY; | ||
496 | buffer_put_char(&msg, type); | ||
496 | ssh_encode_identity_rsa1(&msg, key->rsa, comment); | 497 | ssh_encode_identity_rsa1(&msg, key->rsa, comment); |
497 | break; | 498 | break; |
498 | case KEY_RSA: | 499 | case KEY_RSA: |
499 | case KEY_DSA: | 500 | case KEY_DSA: |
501 | type = constrained ? | ||
502 | SSH2_AGENTC_ADD_ID_CONSTRAINED : | ||
503 | SSH2_AGENTC_ADD_IDENTITY; | ||
504 | buffer_put_char(&msg, type); | ||
500 | ssh_encode_identity_ssh2(&msg, key, comment); | 505 | ssh_encode_identity_ssh2(&msg, key, comment); |
501 | break; | 506 | break; |
502 | default: | 507 | default: |
@@ -504,6 +509,12 @@ ssh_add_identity(AuthenticationConnection *auth, Key *key, const char *comment) | |||
504 | return 0; | 509 | return 0; |
505 | break; | 510 | break; |
506 | } | 511 | } |
512 | if (constrained) { | ||
513 | if (life != 0) { | ||
514 | buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_LIFETIME); | ||
515 | buffer_put_int(&msg, life); | ||
516 | } | ||
517 | } | ||
507 | if (ssh_request_reply(auth, &msg, &msg) == 0) { | 518 | if (ssh_request_reply(auth, &msg, &msg) == 0) { |
508 | buffer_free(&msg); | 519 | buffer_free(&msg); |
509 | return 0; | 520 | return 0; |
@@ -513,6 +524,12 @@ ssh_add_identity(AuthenticationConnection *auth, Key *key, const char *comment) | |||
513 | return decode_reply(type); | 524 | return decode_reply(type); |
514 | } | 525 | } |
515 | 526 | ||
527 | int | ||
528 | ssh_add_identity(AuthenticationConnection *auth, Key *key, const char *comment) | ||
529 | { | ||
530 | return ssh_add_identity_constrained(auth, key, comment, 0); | ||
531 | } | ||
532 | |||
516 | /* | 533 | /* |
517 | * Removes an identity from the authentication server. This call is not | 534 | * Removes an identity from the authentication server. This call is not |
518 | * meant to be used by normal applications. | 535 | * meant to be used by normal applications. |
@@ -552,42 +569,6 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key) | |||
552 | } | 569 | } |
553 | 570 | ||
554 | int | 571 | int |
555 | ssh_constrain_identity(AuthenticationConnection *auth, Key *key, u_int life) | ||
556 | { | ||
557 | Buffer msg; | ||
558 | int type; | ||
559 | u_char *blob; | ||
560 | u_int blen; | ||
561 | |||
562 | buffer_init(&msg); | ||
563 | |||
564 | if (key->type == KEY_RSA1) { | ||
565 | buffer_put_char(&msg, SSH_AGENTC_CONSTRAIN_IDENTITY1); | ||
566 | buffer_put_int(&msg, BN_num_bits(key->rsa->n)); | ||
567 | buffer_put_bignum(&msg, key->rsa->e); | ||
568 | buffer_put_bignum(&msg, key->rsa->n); | ||
569 | } else if (key->type == KEY_DSA || key->type == KEY_RSA) { | ||
570 | key_to_blob(key, &blob, &blen); | ||
571 | buffer_put_char(&msg, SSH_AGENTC_CONSTRAIN_IDENTITY); | ||
572 | buffer_put_string(&msg, blob, blen); | ||
573 | xfree(blob); | ||
574 | } else { | ||
575 | buffer_free(&msg); | ||
576 | return 0; | ||
577 | } | ||
578 | buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_LIFETIME); | ||
579 | buffer_put_int(&msg, life); | ||
580 | |||
581 | if (ssh_request_reply(auth, &msg, &msg) == 0) { | ||
582 | buffer_free(&msg); | ||
583 | return 0; | ||
584 | } | ||
585 | type = buffer_get_char(&msg); | ||
586 | buffer_free(&msg); | ||
587 | return decode_reply(type); | ||
588 | } | ||
589 | |||
590 | int | ||
591 | ssh_update_card(AuthenticationConnection *auth, int add, const char *reader_id, const char *pin) | 572 | ssh_update_card(AuthenticationConnection *auth, int add, const char *reader_id, const char *pin) |
592 | { | 573 | { |
593 | Buffer msg; | 574 | Buffer msg; |