diff options
Diffstat (limited to 'ssh-agent.c')
-rw-r--r-- | ssh-agent.c | 67 |
1 files changed, 14 insertions, 53 deletions
diff --git a/ssh-agent.c b/ssh-agent.c index 991774aae..536db2de0 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
@@ -35,7 +35,7 @@ | |||
35 | 35 | ||
36 | #include "includes.h" | 36 | #include "includes.h" |
37 | #include "openbsd-compat/fake-queue.h" | 37 | #include "openbsd-compat/fake-queue.h" |
38 | RCSID("$OpenBSD: ssh-agent.c,v 1.93 2002/06/15 00:07:38 markus Exp $"); | 38 | RCSID("$OpenBSD: ssh-agent.c,v 1.94 2002/06/15 01:27:48 markus Exp $"); |
39 | 39 | ||
40 | #include <openssl/evp.h> | 40 | #include <openssl/evp.h> |
41 | #include <openssl/md5.h> | 41 | #include <openssl/md5.h> |
@@ -395,7 +395,7 @@ process_add_identity(SocketEntry *e, int version) | |||
395 | Key *k = NULL; | 395 | Key *k = NULL; |
396 | char *type_name; | 396 | char *type_name; |
397 | char *comment; | 397 | char *comment; |
398 | int type, success = 0; | 398 | int type, success = 0, death = 0; |
399 | Idtab *tab = idtab_lookup(version); | 399 | Idtab *tab = idtab_lookup(version); |
400 | 400 | ||
401 | switch (version) { | 401 | switch (version) { |
@@ -451,11 +451,20 @@ process_add_identity(SocketEntry *e, int version) | |||
451 | goto send; | 451 | goto send; |
452 | } | 452 | } |
453 | success = 1; | 453 | success = 1; |
454 | while (buffer_len(&e->request)) { | ||
455 | switch (buffer_get_char(&e->request)) { | ||
456 | case SSH_AGENT_CONSTRAIN_LIFETIME: | ||
457 | death = time(NULL) + buffer_get_int(&e->request); | ||
458 | break; | ||
459 | default: | ||
460 | break; | ||
461 | } | ||
462 | } | ||
454 | if (lookup_identity(k, version) == NULL) { | 463 | if (lookup_identity(k, version) == NULL) { |
455 | Identity *id = xmalloc(sizeof(Identity)); | 464 | Identity *id = xmalloc(sizeof(Identity)); |
456 | id->key = k; | 465 | id->key = k; |
457 | id->comment = comment; | 466 | id->comment = comment; |
458 | id->death = 0; | 467 | id->death = death; |
459 | TAILQ_INSERT_TAIL(&tab->idlist, id, next); | 468 | TAILQ_INSERT_TAIL(&tab->idlist, id, next); |
460 | /* Increment the number of identities. */ | 469 | /* Increment the number of identities. */ |
461 | tab->nentries++; | 470 | tab->nentries++; |
@@ -469,50 +478,6 @@ send: | |||
469 | success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE); | 478 | success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE); |
470 | } | 479 | } |
471 | 480 | ||
472 | static void | ||
473 | process_constrain_identity(SocketEntry *e, int version) | ||
474 | { | ||
475 | Key *key = NULL; | ||
476 | u_char *blob; | ||
477 | u_int blen, bits, death = 0; | ||
478 | int success = 0; | ||
479 | |||
480 | switch (version) { | ||
481 | case 1: | ||
482 | key = key_new(KEY_RSA1); | ||
483 | bits = buffer_get_int(&e->request); | ||
484 | buffer_get_bignum(&e->request, key->rsa->e); | ||
485 | buffer_get_bignum(&e->request, key->rsa->n); | ||
486 | |||
487 | break; | ||
488 | case 2: | ||
489 | blob = buffer_get_string(&e->request, &blen); | ||
490 | key = key_from_blob(blob, blen); | ||
491 | xfree(blob); | ||
492 | break; | ||
493 | } | ||
494 | while (buffer_len(&e->request)) { | ||
495 | switch (buffer_get_char(&e->request)) { | ||
496 | case SSH_AGENT_CONSTRAIN_LIFETIME: | ||
497 | death = time(NULL) + buffer_get_int(&e->request); | ||
498 | break; | ||
499 | default: | ||
500 | break; | ||
501 | } | ||
502 | } | ||
503 | if (key != NULL) { | ||
504 | Identity *id = lookup_identity(key, version); | ||
505 | if (id != NULL && id->death == 0 && death != 0) { | ||
506 | id->death = death; | ||
507 | success = 1; | ||
508 | } | ||
509 | key_free(key); | ||
510 | } | ||
511 | buffer_put_int(&e->output, 1); | ||
512 | buffer_put_char(&e->output, | ||
513 | success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE); | ||
514 | } | ||
515 | |||
516 | /* XXX todo: encrypt sensitive data with passphrase */ | 481 | /* XXX todo: encrypt sensitive data with passphrase */ |
517 | static void | 482 | static void |
518 | process_lock_agent(SocketEntry *e, int lock) | 483 | process_lock_agent(SocketEntry *e, int lock) |
@@ -706,6 +671,7 @@ process_message(SocketEntry *e) | |||
706 | process_request_identities(e, 1); | 671 | process_request_identities(e, 1); |
707 | break; | 672 | break; |
708 | case SSH_AGENTC_ADD_RSA_IDENTITY: | 673 | case SSH_AGENTC_ADD_RSA_IDENTITY: |
674 | case SSH_AGENTC_ADD_RSA_ID_CONSTRAINED: | ||
709 | process_add_identity(e, 1); | 675 | process_add_identity(e, 1); |
710 | break; | 676 | break; |
711 | case SSH_AGENTC_REMOVE_RSA_IDENTITY: | 677 | case SSH_AGENTC_REMOVE_RSA_IDENTITY: |
@@ -714,9 +680,6 @@ process_message(SocketEntry *e) | |||
714 | case SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES: | 680 | case SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES: |
715 | process_remove_all_identities(e, 1); | 681 | process_remove_all_identities(e, 1); |
716 | break; | 682 | break; |
717 | case SSH_AGENTC_CONSTRAIN_IDENTITY1: | ||
718 | process_constrain_identity(e, 1); | ||
719 | break; | ||
720 | /* ssh2 */ | 683 | /* ssh2 */ |
721 | case SSH2_AGENTC_SIGN_REQUEST: | 684 | case SSH2_AGENTC_SIGN_REQUEST: |
722 | process_sign_request2(e); | 685 | process_sign_request2(e); |
@@ -725,6 +688,7 @@ process_message(SocketEntry *e) | |||
725 | process_request_identities(e, 2); | 688 | process_request_identities(e, 2); |
726 | break; | 689 | break; |
727 | case SSH2_AGENTC_ADD_IDENTITY: | 690 | case SSH2_AGENTC_ADD_IDENTITY: |
691 | case SSH2_AGENTC_ADD_ID_CONSTRAINED: | ||
728 | process_add_identity(e, 2); | 692 | process_add_identity(e, 2); |
729 | break; | 693 | break; |
730 | case SSH2_AGENTC_REMOVE_IDENTITY: | 694 | case SSH2_AGENTC_REMOVE_IDENTITY: |
@@ -733,9 +697,6 @@ process_message(SocketEntry *e) | |||
733 | case SSH2_AGENTC_REMOVE_ALL_IDENTITIES: | 697 | case SSH2_AGENTC_REMOVE_ALL_IDENTITIES: |
734 | process_remove_all_identities(e, 2); | 698 | process_remove_all_identities(e, 2); |
735 | break; | 699 | break; |
736 | case SSH_AGENTC_CONSTRAIN_IDENTITY: | ||
737 | process_constrain_identity(e, 2); | ||
738 | break; | ||
739 | #ifdef SMARTCARD | 700 | #ifdef SMARTCARD |
740 | case SSH_AGENTC_ADD_SMARTCARD_KEY: | 701 | case SSH_AGENTC_ADD_SMARTCARD_KEY: |
741 | process_add_smartcard_key(e); | 702 | process_add_smartcard_key(e); |