summaryrefslogtreecommitdiff
path: root/authfd.c
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2002-06-21 00:08:39 +0000
committerBen Lindstrom <mouring@eviladmin.org>2002-06-21 00:08:39 +0000
commit2b266b7f083e969cba04a035eba46a6d96c0c1e3 (patch)
treefb9ecf1af23c8d94a3608c22e7c7779a3419c42e /authfd.c
parentc90f8a98eaffccb8248111206416e1c9ed206da9 (diff)
- markus@cvs.openbsd.org 2002/06/15 01:27:48
[authfd.c authfd.h ssh-add.c ssh-agent.c] remove the CONSTRAIN_IDENTITY messages and introduce a new ADD_ID message with contraints instead. contraints can be only added together with the private key.
Diffstat (limited to 'authfd.c')
-rw-r--r--authfd.c67
1 files changed, 24 insertions, 43 deletions
diff --git a/authfd.c b/authfd.c
index 14438ddf0..c8a952755 100644
--- a/authfd.c
+++ b/authfd.c
@@ -35,7 +35,7 @@
35 */ 35 */
36 36
37#include "includes.h" 37#include "includes.h"
38RCSID("$OpenBSD: authfd.c,v 1.53 2002/06/15 00:07:38 markus Exp $"); 38RCSID("$OpenBSD: authfd.c,v 1.54 2002/06/15 01:27:48 markus Exp $");
39 39
40#include <openssl/evp.h> 40#include <openssl/evp.h>
41 41
@@ -439,8 +439,6 @@ ssh_agent_sign(AuthenticationConnection *auth,
439static void 439static void
440ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) 440ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment)
441{ 441{
442 buffer_clear(b);
443 buffer_put_char(b, SSH_AGENTC_ADD_RSA_IDENTITY);
444 buffer_put_int(b, BN_num_bits(key->n)); 442 buffer_put_int(b, BN_num_bits(key->n));
445 buffer_put_bignum(b, key->n); 443 buffer_put_bignum(b, key->n);
446 buffer_put_bignum(b, key->e); 444 buffer_put_bignum(b, key->e);
@@ -455,8 +453,6 @@ ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment)
455static void 453static void
456ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) 454ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment)
457{ 455{
458 buffer_clear(b);
459 buffer_put_char(b, SSH2_AGENTC_ADD_IDENTITY);
460 buffer_put_cstring(b, key_ssh_name(key)); 456 buffer_put_cstring(b, key_ssh_name(key));
461 switch (key->type) { 457 switch (key->type) {
462 case KEY_RSA: 458 case KEY_RSA:
@@ -484,19 +480,28 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment)
484 */ 480 */
485 481
486int 482int
487ssh_add_identity(AuthenticationConnection *auth, Key *key, const char *comment) 483ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key,
484 const char *comment, u_int life)
488{ 485{
489 Buffer msg; 486 Buffer msg;
490 int type; 487 int type, constrained = (life != 0);
491 488
492 buffer_init(&msg); 489 buffer_init(&msg);
493 490
494 switch (key->type) { 491 switch (key->type) {
495 case KEY_RSA1: 492 case KEY_RSA1:
493 type = constrained ?
494 SSH_AGENTC_ADD_RSA_ID_CONSTRAINED :
495 SSH_AGENTC_ADD_RSA_IDENTITY;
496 buffer_put_char(&msg, type);
496 ssh_encode_identity_rsa1(&msg, key->rsa, comment); 497 ssh_encode_identity_rsa1(&msg, key->rsa, comment);
497 break; 498 break;
498 case KEY_RSA: 499 case KEY_RSA:
499 case KEY_DSA: 500 case KEY_DSA:
501 type = constrained ?
502 SSH2_AGENTC_ADD_ID_CONSTRAINED :
503 SSH2_AGENTC_ADD_IDENTITY;
504 buffer_put_char(&msg, type);
500 ssh_encode_identity_ssh2(&msg, key, comment); 505 ssh_encode_identity_ssh2(&msg, key, comment);
501 break; 506 break;
502 default: 507 default:
@@ -504,6 +509,12 @@ ssh_add_identity(AuthenticationConnection *auth, Key *key, const char *comment)
504 return 0; 509 return 0;
505 break; 510 break;
506 } 511 }
512 if (constrained) {
513 if (life != 0) {
514 buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_LIFETIME);
515 buffer_put_int(&msg, life);
516 }
517 }
507 if (ssh_request_reply(auth, &msg, &msg) == 0) { 518 if (ssh_request_reply(auth, &msg, &msg) == 0) {
508 buffer_free(&msg); 519 buffer_free(&msg);
509 return 0; 520 return 0;
@@ -513,6 +524,12 @@ ssh_add_identity(AuthenticationConnection *auth, Key *key, const char *comment)
513 return decode_reply(type); 524 return decode_reply(type);
514} 525}
515 526
527int
528ssh_add_identity(AuthenticationConnection *auth, Key *key, const char *comment)
529{
530 return ssh_add_identity_constrained(auth, key, comment, 0);
531}
532
516/* 533/*
517 * Removes an identity from the authentication server. This call is not 534 * Removes an identity from the authentication server. This call is not
518 * meant to be used by normal applications. 535 * meant to be used by normal applications.
@@ -552,42 +569,6 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key)
552} 569}
553 570
554int 571int
555ssh_constrain_identity(AuthenticationConnection *auth, Key *key, u_int life)
556{
557 Buffer msg;
558 int type;
559 u_char *blob;
560 u_int blen;
561
562 buffer_init(&msg);
563
564 if (key->type == KEY_RSA1) {
565 buffer_put_char(&msg, SSH_AGENTC_CONSTRAIN_IDENTITY1);
566 buffer_put_int(&msg, BN_num_bits(key->rsa->n));
567 buffer_put_bignum(&msg, key->rsa->e);
568 buffer_put_bignum(&msg, key->rsa->n);
569 } else if (key->type == KEY_DSA || key->type == KEY_RSA) {
570 key_to_blob(key, &blob, &blen);
571 buffer_put_char(&msg, SSH_AGENTC_CONSTRAIN_IDENTITY);
572 buffer_put_string(&msg, blob, blen);
573 xfree(blob);
574 } else {
575 buffer_free(&msg);
576 return 0;
577 }
578 buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_LIFETIME);
579 buffer_put_int(&msg, life);
580
581 if (ssh_request_reply(auth, &msg, &msg) == 0) {
582 buffer_free(&msg);
583 return 0;
584 }
585 type = buffer_get_char(&msg);
586 buffer_free(&msg);
587 return decode_reply(type);
588}
589
590int
591ssh_update_card(AuthenticationConnection *auth, int add, const char *reader_id, const char *pin) 572ssh_update_card(AuthenticationConnection *auth, int add, const char *reader_id, const char *pin)
592{ 573{
593 Buffer msg; 574 Buffer msg;
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-26 14:59:34 +0000