summaryrefslogtreecommitdiff
path: root/authfd.c
diff options
context:
space:
mode:
Diffstat (limited to 'authfd.c')
-rw-r--r--authfd.c25
1 files changed, 19 insertions, 6 deletions
diff --git a/authfd.c b/authfd.c
index a5162790f..1f0cd2ab3 100644
--- a/authfd.c
+++ b/authfd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: authfd.c,v 1.117 2019/09/03 08:29:15 djm Exp $ */ 1/* $OpenBSD: authfd.c,v 1.118 2019/10/31 21:19:14 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -423,7 +423,8 @@ ssh_agent_sign(int sock, const struct sshkey *key,
423 423
424 424
425static int 425static int
426encode_constraints(struct sshbuf *m, u_int life, u_int confirm, u_int maxsign) 426encode_constraints(struct sshbuf *m, u_int life, u_int confirm, u_int maxsign,
427 const char *provider)
427{ 428{
428 int r; 429 int r;
429 430
@@ -441,6 +442,14 @@ encode_constraints(struct sshbuf *m, u_int life, u_int confirm, u_int maxsign)
441 (r = sshbuf_put_u32(m, maxsign)) != 0) 442 (r = sshbuf_put_u32(m, maxsign)) != 0)
442 goto out; 443 goto out;
443 } 444 }
445 if (provider != NULL) {
446 if ((r = sshbuf_put_u8(m,
447 SSH_AGENT_CONSTRAIN_EXTENSION)) != 0 ||
448 (r = sshbuf_put_cstring(m,
449 "sk-provider@openssh.com")) != 0 ||
450 (r = sshbuf_put_cstring(m, provider)) != 0)
451 goto out;
452 }
444 r = 0; 453 r = 0;
445 out: 454 out:
446 return r; 455 return r;
@@ -452,10 +461,11 @@ encode_constraints(struct sshbuf *m, u_int life, u_int confirm, u_int maxsign)
452 */ 461 */
453int 462int
454ssh_add_identity_constrained(int sock, struct sshkey *key, 463ssh_add_identity_constrained(int sock, struct sshkey *key,
455 const char *comment, u_int life, u_int confirm, u_int maxsign) 464 const char *comment, u_int life, u_int confirm, u_int maxsign,
465 const char *provider)
456{ 466{
457 struct sshbuf *msg; 467 struct sshbuf *msg;
458 int r, constrained = (life || confirm || maxsign); 468 int r, constrained = (life || confirm || maxsign || provider);
459 u_char type; 469 u_char type;
460 470
461 if ((msg = sshbuf_new()) == NULL) 471 if ((msg = sshbuf_new()) == NULL)
@@ -469,6 +479,8 @@ ssh_add_identity_constrained(int sock, struct sshkey *key,
469 case KEY_DSA_CERT: 479 case KEY_DSA_CERT:
470 case KEY_ECDSA: 480 case KEY_ECDSA:
471 case KEY_ECDSA_CERT: 481 case KEY_ECDSA_CERT:
482 case KEY_ECDSA_SK:
483 case KEY_ECDSA_SK_CERT:
472#endif 484#endif
473 case KEY_ED25519: 485 case KEY_ED25519:
474 case KEY_ED25519_CERT: 486 case KEY_ED25519_CERT:
@@ -488,7 +500,8 @@ ssh_add_identity_constrained(int sock, struct sshkey *key,
488 goto out; 500 goto out;
489 } 501 }
490 if (constrained && 502 if (constrained &&
491 (r = encode_constraints(msg, life, confirm, maxsign)) != 0) 503 (r = encode_constraints(msg, life, confirm, maxsign,
504 provider)) != 0)
492 goto out; 505 goto out;
493 if ((r = ssh_request_reply(sock, msg, msg)) != 0) 506 if ((r = ssh_request_reply(sock, msg, msg)) != 0)
494 goto out; 507 goto out;
@@ -566,7 +579,7 @@ ssh_update_card(int sock, int add, const char *reader_id, const char *pin,
566 (r = sshbuf_put_cstring(msg, pin)) != 0) 579 (r = sshbuf_put_cstring(msg, pin)) != 0)
567 goto out; 580 goto out;
568 if (constrained && 581 if (constrained &&
569 (r = encode_constraints(msg, life, confirm, 0)) != 0) 582 (r = encode_constraints(msg, life, confirm, 0, NULL)) != 0)
570 goto out; 583 goto out;
571 if ((r = ssh_request_reply(sock, msg, msg)) != 0) 584 if ((r = ssh_request_reply(sock, msg, msg)) != 0)
572 goto out; 585 goto out;
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-02 20:34:53 +0000