diff options
-rw-r--r-- | authfd.c | 46 | ||||
-rw-r--r-- | authfd.h | 5 | ||||
-rw-r--r-- | pathnames.h | 3 | ||||
-rw-r--r-- | ssh-add.c | 62 | ||||
-rw-r--r-- | sshconnect2.c | 4 |
5 files changed, 44 insertions, 76 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: authfd.c,v 1.102 2017/05/04 06:10:57 djm Exp $ */ | 1 | /* $OpenBSD: authfd.c,v 1.103 2017/05/05 10:42:49 naddy Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -227,35 +227,21 @@ deserialise_identity2(struct sshbuf *ids, struct sshkey **keyp, char **commentp) | |||
227 | * Fetch list of identities held by the agent. | 227 | * Fetch list of identities held by the agent. |
228 | */ | 228 | */ |
229 | int | 229 | int |
230 | ssh_fetch_identitylist(int sock, int version, struct ssh_identitylist **idlp) | 230 | ssh_fetch_identitylist(int sock, struct ssh_identitylist **idlp) |
231 | { | 231 | { |
232 | u_char type, code1 = 0, code2 = 0; | 232 | u_char type; |
233 | u_int32_t num, i; | 233 | u_int32_t num, i; |
234 | struct sshbuf *msg; | 234 | struct sshbuf *msg; |
235 | struct ssh_identitylist *idl = NULL; | 235 | struct ssh_identitylist *idl = NULL; |
236 | int r; | 236 | int r; |
237 | 237 | ||
238 | /* Determine request and expected response types */ | ||
239 | switch (version) { | ||
240 | case 1: | ||
241 | code1 = SSH_AGENTC_REQUEST_RSA_IDENTITIES; | ||
242 | code2 = SSH_AGENT_RSA_IDENTITIES_ANSWER; | ||
243 | break; | ||
244 | case 2: | ||
245 | code1 = SSH2_AGENTC_REQUEST_IDENTITIES; | ||
246 | code2 = SSH2_AGENT_IDENTITIES_ANSWER; | ||
247 | break; | ||
248 | default: | ||
249 | return SSH_ERR_INVALID_ARGUMENT; | ||
250 | } | ||
251 | |||
252 | /* | 238 | /* |
253 | * Send a message to the agent requesting for a list of the | 239 | * Send a message to the agent requesting for a list of the |
254 | * identities it can represent. | 240 | * identities it can represent. |
255 | */ | 241 | */ |
256 | if ((msg = sshbuf_new()) == NULL) | 242 | if ((msg = sshbuf_new()) == NULL) |
257 | return SSH_ERR_ALLOC_FAIL; | 243 | return SSH_ERR_ALLOC_FAIL; |
258 | if ((r = sshbuf_put_u8(msg, code1)) != 0) | 244 | if ((r = sshbuf_put_u8(msg, SSH2_AGENTC_REQUEST_IDENTITIES)) != 0) |
259 | goto out; | 245 | goto out; |
260 | 246 | ||
261 | if ((r = ssh_request_reply(sock, msg, msg)) != 0) | 247 | if ((r = ssh_request_reply(sock, msg, msg)) != 0) |
@@ -267,7 +253,7 @@ ssh_fetch_identitylist(int sock, int version, struct ssh_identitylist **idlp) | |||
267 | if (agent_failed(type)) { | 253 | if (agent_failed(type)) { |
268 | r = SSH_ERR_AGENT_FAILURE; | 254 | r = SSH_ERR_AGENT_FAILURE; |
269 | goto out; | 255 | goto out; |
270 | } else if (type != code2) { | 256 | } else if (type != SSH2_AGENT_IDENTITIES_ANSWER) { |
271 | r = SSH_ERR_INVALID_FORMAT; | 257 | r = SSH_ERR_INVALID_FORMAT; |
272 | goto out; | 258 | goto out; |
273 | } | 259 | } |
@@ -292,20 +278,14 @@ ssh_fetch_identitylist(int sock, int version, struct ssh_identitylist **idlp) | |||
292 | goto out; | 278 | goto out; |
293 | } | 279 | } |
294 | for (i = 0; i < num;) { | 280 | for (i = 0; i < num;) { |
295 | switch (version) { | 281 | if ((r = deserialise_identity2(msg, &(idl->keys[i]), |
296 | case 1: | 282 | &(idl->comments[i]))) != 0) { |
297 | break; | 283 | if (r == SSH_ERR_KEY_TYPE_UNKNOWN) { |
298 | case 2: | 284 | /* Gracefully skip unknown key types */ |
299 | if ((r = deserialise_identity2(msg, | 285 | num--; |
300 | &(idl->keys[i]), &(idl->comments[i]))) != 0) { | 286 | continue; |
301 | if (r == SSH_ERR_KEY_TYPE_UNKNOWN) { | 287 | } else |
302 | /* Gracefully skip unknown key types */ | 288 | goto out; |
303 | num--; | ||
304 | continue; | ||
305 | } else | ||
306 | goto out; | ||
307 | } | ||
308 | break; | ||
309 | } | 289 | } |
310 | i++; | 290 | i++; |
311 | } | 291 | } |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: authfd.h,v 1.39 2015/12/04 16:41:28 markus Exp $ */ | 1 | /* $OpenBSD: authfd.h,v 1.40 2017/05/05 10:42:49 naddy Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -27,8 +27,7 @@ int ssh_get_authentication_socket(int *fdp); | |||
27 | void ssh_close_authentication_socket(int sock); | 27 | void ssh_close_authentication_socket(int sock); |
28 | 28 | ||
29 | int ssh_lock_agent(int sock, int lock, const char *password); | 29 | int ssh_lock_agent(int sock, int lock, const char *password); |
30 | int ssh_fetch_identitylist(int sock, int version, | 30 | int ssh_fetch_identitylist(int sock, struct ssh_identitylist **idlp); |
31 | struct ssh_identitylist **idlp); | ||
32 | void ssh_free_identitylist(struct ssh_identitylist *idl); | 31 | void ssh_free_identitylist(struct ssh_identitylist *idl); |
33 | int ssh_add_identity_constrained(int sock, struct sshkey *key, | 32 | int ssh_add_identity_constrained(int sock, struct sshkey *key, |
34 | const char *comment, u_int life, u_int confirm); | 33 | const char *comment, u_int life, u_int confirm); |
diff --git a/pathnames.h b/pathnames.h index cff672e2f..1c221b01b 100644 --- a/pathnames.h +++ b/pathnames.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: pathnames.h,v 1.26 2017/05/03 21:08:09 naddy Exp $ */ | 1 | /* $OpenBSD: pathnames.h,v 1.27 2017/05/05 10:42:49 naddy Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -71,7 +71,6 @@ | |||
71 | * Name of the default file containing client-side authentication key. This | 71 | * Name of the default file containing client-side authentication key. This |
72 | * file should only be readable by the user him/herself. | 72 | * file should only be readable by the user him/herself. |
73 | */ | 73 | */ |
74 | #define _PATH_SSH_CLIENT_IDENTITY _PATH_SSH_USER_DIR "/identity" | ||
75 | #define _PATH_SSH_CLIENT_ID_DSA _PATH_SSH_USER_DIR "/id_dsa" | 74 | #define _PATH_SSH_CLIENT_ID_DSA _PATH_SSH_USER_DIR "/id_dsa" |
76 | #define _PATH_SSH_CLIENT_ID_ECDSA _PATH_SSH_USER_DIR "/id_ecdsa" | 75 | #define _PATH_SSH_CLIENT_ID_ECDSA _PATH_SSH_USER_DIR "/id_ecdsa" |
77 | #define _PATH_SSH_CLIENT_ID_RSA _PATH_SSH_USER_DIR "/id_rsa" | 76 | #define _PATH_SSH_CLIENT_ID_RSA _PATH_SSH_USER_DIR "/id_rsa" |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-add.c,v 1.130 2017/05/04 06:10:57 djm Exp $ */ | 1 | /* $OpenBSD: ssh-add.c,v 1.131 2017/05/05 10:42:49 naddy Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -362,46 +362,36 @@ static int | |||
362 | list_identities(int agent_fd, int do_fp) | 362 | list_identities(int agent_fd, int do_fp) |
363 | { | 363 | { |
364 | char *fp; | 364 | char *fp; |
365 | int r, had_identities = 0; | 365 | int r; |
366 | struct ssh_identitylist *idlist; | 366 | struct ssh_identitylist *idlist; |
367 | size_t i; | 367 | size_t i; |
368 | int version = 2; | 368 | |
369 | 369 | if ((r = ssh_fetch_identitylist(agent_fd, &idlist)) != 0) { | |
370 | for (; version <= 2; version++) { | 370 | if (r != SSH_ERR_AGENT_NO_IDENTITIES) |
371 | if ((r = ssh_fetch_identitylist(agent_fd, version, | 371 | fprintf(stderr, "error fetching identities: %s\n", |
372 | &idlist)) != 0) { | 372 | ssh_err(r)); |
373 | if (r != SSH_ERR_AGENT_NO_IDENTITIES) | 373 | else |
374 | fprintf(stderr, "error fetching identities for " | 374 | printf("The agent has no identities.\n"); |
375 | "protocol %d: %s\n", version, ssh_err(r)); | 375 | return -1; |
376 | continue; | 376 | } |
377 | } | 377 | for (i = 0; i < idlist->nkeys; i++) { |
378 | for (i = 0; i < idlist->nkeys; i++) { | 378 | if (do_fp) { |
379 | had_identities = 1; | 379 | fp = sshkey_fingerprint(idlist->keys[i], |
380 | if (do_fp) { | 380 | fingerprint_hash, SSH_FP_DEFAULT); |
381 | fp = sshkey_fingerprint(idlist->keys[i], | 381 | printf("%u %s %s (%s)\n", sshkey_size(idlist->keys[i]), |
382 | fingerprint_hash, SSH_FP_DEFAULT); | 382 | fp == NULL ? "(null)" : fp, idlist->comments[i], |
383 | printf("%u %s %s (%s)\n", | 383 | sshkey_type(idlist->keys[i])); |
384 | sshkey_size(idlist->keys[i]), | 384 | free(fp); |
385 | fp == NULL ? "(null)" : fp, | 385 | } else { |
386 | idlist->comments[i], | 386 | if ((r = sshkey_write(idlist->keys[i], stdout)) != 0) { |
387 | sshkey_type(idlist->keys[i])); | 387 | fprintf(stderr, "sshkey_write: %s\n", |
388 | free(fp); | 388 | ssh_err(r)); |
389 | } else { | 389 | continue; |
390 | if ((r = sshkey_write(idlist->keys[i], | ||
391 | stdout)) != 0) { | ||
392 | fprintf(stderr, "sshkey_write: %s\n", | ||
393 | ssh_err(r)); | ||
394 | continue; | ||
395 | } | ||
396 | fprintf(stdout, " %s\n", idlist->comments[i]); | ||
397 | } | 390 | } |
391 | fprintf(stdout, " %s\n", idlist->comments[i]); | ||
398 | } | 392 | } |
399 | ssh_free_identitylist(idlist); | ||
400 | } | ||
401 | if (!had_identities) { | ||
402 | printf("The agent has no identities.\n"); | ||
403 | return -1; | ||
404 | } | 393 | } |
394 | ssh_free_identitylist(idlist); | ||
405 | return 0; | 395 | return 0; |
406 | } | 396 | } |
407 | 397 | ||
diff --git a/sshconnect2.c b/sshconnect2.c index 393353db5..1b79253da 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect2.c,v 1.257 2017/04/30 23:18:44 djm Exp $ */ | 1 | /* $OpenBSD: sshconnect2.c,v 1.258 2017/05/05 10:42:49 naddy Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
@@ -1345,7 +1345,7 @@ pubkey_prepare(Authctxt *authctxt) | |||
1345 | if (r != SSH_ERR_AGENT_NOT_PRESENT) | 1345 | if (r != SSH_ERR_AGENT_NOT_PRESENT) |
1346 | debug("%s: ssh_get_authentication_socket: %s", | 1346 | debug("%s: ssh_get_authentication_socket: %s", |
1347 | __func__, ssh_err(r)); | 1347 | __func__, ssh_err(r)); |
1348 | } else if ((r = ssh_fetch_identitylist(agent_fd, 2, &idlist)) != 0) { | 1348 | } else if ((r = ssh_fetch_identitylist(agent_fd, &idlist)) != 0) { |
1349 | if (r != SSH_ERR_AGENT_NO_IDENTITIES) | 1349 | if (r != SSH_ERR_AGENT_NO_IDENTITIES) |
1350 | debug("%s: ssh_fetch_identitylist: %s", | 1350 | debug("%s: ssh_fetch_identitylist: %s", |
1351 | __func__, ssh_err(r)); | 1351 | __func__, ssh_err(r)); |