summaryrefslogtreecommitdiff
path: root/ssh-agent.c
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2002-06-21 00:08:39 +0000
committerBen Lindstrom <mouring@eviladmin.org>2002-06-21 00:08:39 +0000
commit2b266b7f083e969cba04a035eba46a6d96c0c1e3 (patch)
treefb9ecf1af23c8d94a3608c22e7c7779a3419c42e /ssh-agent.c
parentc90f8a98eaffccb8248111206416e1c9ed206da9 (diff)
- markus@cvs.openbsd.org 2002/06/15 01:27:48
[authfd.c authfd.h ssh-add.c ssh-agent.c] remove the CONSTRAIN_IDENTITY messages and introduce a new ADD_ID message with contraints instead. contraints can be only added together with the private key.
Diffstat (limited to 'ssh-agent.c')
-rw-r--r--ssh-agent.c67
1 files changed, 14 insertions, 53 deletions
diff --git a/ssh-agent.c b/ssh-agent.c
index 991774aae..536db2de0 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -35,7 +35,7 @@
35 35
36#include "includes.h" 36#include "includes.h"
37#include "openbsd-compat/fake-queue.h" 37#include "openbsd-compat/fake-queue.h"
38RCSID("$OpenBSD: ssh-agent.c,v 1.93 2002/06/15 00:07:38 markus Exp $"); 38RCSID("$OpenBSD: ssh-agent.c,v 1.94 2002/06/15 01:27:48 markus Exp $");
39 39
40#include <openssl/evp.h> 40#include <openssl/evp.h>
41#include <openssl/md5.h> 41#include <openssl/md5.h>
@@ -395,7 +395,7 @@ process_add_identity(SocketEntry *e, int version)
395 Key *k = NULL; 395 Key *k = NULL;
396 char *type_name; 396 char *type_name;
397 char *comment; 397 char *comment;
398 int type, success = 0; 398 int type, success = 0, death = 0;
399 Idtab *tab = idtab_lookup(version); 399 Idtab *tab = idtab_lookup(version);
400 400
401 switch (version) { 401 switch (version) {
@@ -451,11 +451,20 @@ process_add_identity(SocketEntry *e, int version)
451 goto send; 451 goto send;
452 } 452 }
453 success = 1; 453 success = 1;
454 while (buffer_len(&e->request)) {
455 switch (buffer_get_char(&e->request)) {
456 case SSH_AGENT_CONSTRAIN_LIFETIME:
457 death = time(NULL) + buffer_get_int(&e->request);
458 break;
459 default:
460 break;
461 }
462 }
454 if (lookup_identity(k, version) == NULL) { 463 if (lookup_identity(k, version) == NULL) {
455 Identity *id = xmalloc(sizeof(Identity)); 464 Identity *id = xmalloc(sizeof(Identity));
456 id->key = k; 465 id->key = k;
457 id->comment = comment; 466 id->comment = comment;
458 id->death = 0; 467 id->death = death;
459 TAILQ_INSERT_TAIL(&tab->idlist, id, next); 468 TAILQ_INSERT_TAIL(&tab->idlist, id, next);
460 /* Increment the number of identities. */ 469 /* Increment the number of identities. */
461 tab->nentries++; 470 tab->nentries++;
@@ -469,50 +478,6 @@ send:
469 success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE); 478 success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE);
470} 479}
471 480
472static void
473process_constrain_identity(SocketEntry *e, int version)
474{
475 Key *key = NULL;
476 u_char *blob;
477 u_int blen, bits, death = 0;
478 int success = 0;
479
480 switch (version) {
481 case 1:
482 key = key_new(KEY_RSA1);
483 bits = buffer_get_int(&e->request);
484 buffer_get_bignum(&e->request, key->rsa->e);
485 buffer_get_bignum(&e->request, key->rsa->n);
486
487 break;
488 case 2:
489 blob = buffer_get_string(&e->request, &blen);
490 key = key_from_blob(blob, blen);
491 xfree(blob);
492 break;
493 }
494 while (buffer_len(&e->request)) {
495 switch (buffer_get_char(&e->request)) {
496 case SSH_AGENT_CONSTRAIN_LIFETIME:
497 death = time(NULL) + buffer_get_int(&e->request);
498 break;
499 default:
500 break;
501 }
502 }
503 if (key != NULL) {
504 Identity *id = lookup_identity(key, version);
505 if (id != NULL && id->death == 0 && death != 0) {
506 id->death = death;
507 success = 1;
508 }
509 key_free(key);
510 }
511 buffer_put_int(&e->output, 1);
512 buffer_put_char(&e->output,
513 success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE);
514}
515
516/* XXX todo: encrypt sensitive data with passphrase */ 481/* XXX todo: encrypt sensitive data with passphrase */
517static void 482static void
518process_lock_agent(SocketEntry *e, int lock) 483process_lock_agent(SocketEntry *e, int lock)
@@ -706,6 +671,7 @@ process_message(SocketEntry *e)
706 process_request_identities(e, 1); 671 process_request_identities(e, 1);
707 break; 672 break;
708 case SSH_AGENTC_ADD_RSA_IDENTITY: 673 case SSH_AGENTC_ADD_RSA_IDENTITY:
674 case SSH_AGENTC_ADD_RSA_ID_CONSTRAINED:
709 process_add_identity(e, 1); 675 process_add_identity(e, 1);
710 break; 676 break;
711 case SSH_AGENTC_REMOVE_RSA_IDENTITY: 677 case SSH_AGENTC_REMOVE_RSA_IDENTITY:
@@ -714,9 +680,6 @@ process_message(SocketEntry *e)
714 case SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES: 680 case SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES:
715 process_remove_all_identities(e, 1); 681 process_remove_all_identities(e, 1);
716 break; 682 break;
717 case SSH_AGENTC_CONSTRAIN_IDENTITY1:
718 process_constrain_identity(e, 1);
719 break;
720 /* ssh2 */ 683 /* ssh2 */
721 case SSH2_AGENTC_SIGN_REQUEST: 684 case SSH2_AGENTC_SIGN_REQUEST:
722 process_sign_request2(e); 685 process_sign_request2(e);
@@ -725,6 +688,7 @@ process_message(SocketEntry *e)
725 process_request_identities(e, 2); 688 process_request_identities(e, 2);
726 break; 689 break;
727 case SSH2_AGENTC_ADD_IDENTITY: 690 case SSH2_AGENTC_ADD_IDENTITY:
691 case SSH2_AGENTC_ADD_ID_CONSTRAINED:
728 process_add_identity(e, 2); 692 process_add_identity(e, 2);
729 break; 693 break;
730 case SSH2_AGENTC_REMOVE_IDENTITY: 694 case SSH2_AGENTC_REMOVE_IDENTITY:
@@ -733,9 +697,6 @@ process_message(SocketEntry *e)
733 case SSH2_AGENTC_REMOVE_ALL_IDENTITIES: 697 case SSH2_AGENTC_REMOVE_ALL_IDENTITIES:
734 process_remove_all_identities(e, 2); 698 process_remove_all_identities(e, 2);
735 break; 699 break;
736 case SSH_AGENTC_CONSTRAIN_IDENTITY:
737 process_constrain_identity(e, 2);
738 break;
739#ifdef SMARTCARD 700#ifdef SMARTCARD
740 case SSH_AGENTC_ADD_SMARTCARD_KEY: 701 case SSH_AGENTC_ADD_SMARTCARD_KEY:
741 process_add_smartcard_key(e); 702 process_add_smartcard_key(e);
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-08 15:51:52 +0000