Changeset View
Changeset View
Standalone View
Standalone View
authfd.c
/* $OpenBSD: authfd.c,v 1.111 2018/07/09 21:59:10 markus Exp $ */ | /* $OpenBSD: authfd.c,v 1.117 2019/09/03 08:29:15 djm Exp $ */ | ||||
/* | /* | ||||
* Author: Tatu Ylonen <ylo@cs.hut.fi> | * Author: Tatu Ylonen <ylo@cs.hut.fi> | ||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | ||||
* All rights reserved | * All rights reserved | ||||
* Functions for connecting the local authentication agent. | * Functions for connecting the local authentication agent. | ||||
* | * | ||||
* As far as I am concerned, the code I have written for this software | * As far as I am concerned, the code I have written for this software | ||||
* can be used freely for any purpose. Any derived versions of this | * can be used freely for any purpose. Any derived versions of this | ||||
▲ Show 20 Lines • Show All 79 Lines • ▼ Show 20 Lines | ssh_get_authentication_socket(int *fdp) | ||||
const char *authsocket; | const char *authsocket; | ||||
int sock, oerrno; | int sock, oerrno; | ||||
struct sockaddr_un sunaddr; | struct sockaddr_un sunaddr; | ||||
if (fdp != NULL) | if (fdp != NULL) | ||||
*fdp = -1; | *fdp = -1; | ||||
authsocket = getenv(SSH_AUTHSOCKET_ENV_NAME); | authsocket = getenv(SSH_AUTHSOCKET_ENV_NAME); | ||||
if (!authsocket) | if (authsocket == NULL || *authsocket == '\0') | ||||
return SSH_ERR_AGENT_NOT_PRESENT; | return SSH_ERR_AGENT_NOT_PRESENT; | ||||
memset(&sunaddr, 0, sizeof(sunaddr)); | memset(&sunaddr, 0, sizeof(sunaddr)); | ||||
sunaddr.sun_family = AF_UNIX; | sunaddr.sun_family = AF_UNIX; | ||||
strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path)); | strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path)); | ||||
if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) | if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) | ||||
return SSH_ERR_SYSTEM_ERROR; | return SSH_ERR_SYSTEM_ERROR; | ||||
/* close on exec */ | /* close on exec */ | ||||
if (fcntl(sock, F_SETFD, FD_CLOEXEC) == -1 || | if (fcntl(sock, F_SETFD, FD_CLOEXEC) == -1 || | ||||
connect(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0) { | connect(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1) { | ||||
oerrno = errno; | oerrno = errno; | ||||
close(sock); | close(sock); | ||||
errno = oerrno; | errno = oerrno; | ||||
return SSH_ERR_SYSTEM_ERROR; | return SSH_ERR_SYSTEM_ERROR; | ||||
} | } | ||||
if (fdp != NULL) | if (fdp != NULL) | ||||
*fdp = sock; | *fdp = sock; | ||||
else | else | ||||
▲ Show 20 Lines • Show All 189 Lines • ▼ Show 20 Lines | ssh_free_identitylist(struct ssh_identitylist *idl) | ||||
if (idl == NULL) | if (idl == NULL) | ||||
return; | return; | ||||
for (i = 0; i < idl->nkeys; i++) { | for (i = 0; i < idl->nkeys; i++) { | ||||
if (idl->keys != NULL) | if (idl->keys != NULL) | ||||
sshkey_free(idl->keys[i]); | sshkey_free(idl->keys[i]); | ||||
if (idl->comments != NULL) | if (idl->comments != NULL) | ||||
free(idl->comments[i]); | free(idl->comments[i]); | ||||
} | } | ||||
free(idl->keys); | |||||
free(idl->comments); | |||||
free(idl); | free(idl); | ||||
} | } | ||||
/* | /* | ||||
* Check if the ssh agent has a given key. | |||||
* Returns 0 if found, or a negative SSH_ERR_* error code on failure. | |||||
*/ | |||||
int | |||||
ssh_agent_has_key(int sock, struct sshkey *key) | |||||
{ | |||||
int r, ret = SSH_ERR_KEY_NOT_FOUND; | |||||
size_t i; | |||||
struct ssh_identitylist *idlist = NULL; | |||||
if ((r = ssh_fetch_identitylist(sock, &idlist)) < 0) { | |||||
return r; | |||||
} | |||||
for (i = 0; i < idlist->nkeys; i++) { | |||||
if (sshkey_equal_public(idlist->keys[i], key)) { | |||||
ret = 0; | |||||
break; | |||||
} | |||||
} | |||||
ssh_free_identitylist(idlist); | |||||
return ret; | |||||
} | |||||
/* | |||||
* Sends a challenge (typically from a server via ssh(1)) to the agent, | * Sends a challenge (typically from a server via ssh(1)) to the agent, | ||||
* and waits for a response from the agent. | * and waits for a response from the agent. | ||||
* Returns true (non-zero) if the agent gave the correct answer, zero | * Returns true (non-zero) if the agent gave the correct answer, zero | ||||
* otherwise. | * otherwise. | ||||
*/ | */ | ||||
/* encode signature algorithm in flag bits, so we can keep the msg format */ | /* encode signature algorithm in flag bits, so we can keep the msg format */ | ||||
static u_int | static u_int | ||||
agent_encode_alg(const struct sshkey *key, const char *alg) | agent_encode_alg(const struct sshkey *key, const char *alg) | ||||
{ | { | ||||
if (alg != NULL && key->type == KEY_RSA) { | if (alg != NULL && sshkey_type_plain(key->type) == KEY_RSA) { | ||||
if (strcmp(alg, "rsa-sha2-256") == 0) | if (strcmp(alg, "rsa-sha2-256") == 0 || | ||||
strcmp(alg, "rsa-sha2-256-cert-v01@openssh.com") == 0) | |||||
return SSH_AGENT_RSA_SHA2_256; | return SSH_AGENT_RSA_SHA2_256; | ||||
else if (strcmp(alg, "rsa-sha2-512") == 0) | if (strcmp(alg, "rsa-sha2-512") == 0 || | ||||
strcmp(alg, "rsa-sha2-512-cert-v01@openssh.com") == 0) | |||||
return SSH_AGENT_RSA_SHA2_512; | return SSH_AGENT_RSA_SHA2_512; | ||||
} | } | ||||
return 0; | return 0; | ||||
} | } | ||||
/* ask agent to sign data, returns err.h code on error, 0 on success */ | /* ask agent to sign data, returns err.h code on error, 0 on success */ | ||||
int | int | ||||
ssh_agent_sign(int sock, const struct sshkey *key, | ssh_agent_sign(int sock, const struct sshkey *key, | ||||
▲ Show 20 Lines • Show All 74 Lines • ▼ Show 20 Lines | out: | ||||
return r; | return r; | ||||
} | } | ||||
/* | /* | ||||
* Adds an identity to the authentication server. | * Adds an identity to the authentication server. | ||||
* This call is intended only for use by ssh-add(1) and like applications. | * This call is intended only for use by ssh-add(1) and like applications. | ||||
*/ | */ | ||||
int | int | ||||
ssh_add_identity_constrained(int sock, const struct sshkey *key, | ssh_add_identity_constrained(int sock, struct sshkey *key, | ||||
const char *comment, u_int life, u_int confirm, u_int maxsign) | const char *comment, u_int life, u_int confirm, u_int maxsign) | ||||
{ | { | ||||
struct sshbuf *msg; | struct sshbuf *msg; | ||||
int r, constrained = (life || confirm || maxsign); | int r, constrained = (life || confirm || maxsign); | ||||
u_char type; | u_char type; | ||||
if ((msg = sshbuf_new()) == NULL) | if ((msg = sshbuf_new()) == NULL) | ||||
return SSH_ERR_ALLOC_FAIL; | return SSH_ERR_ALLOC_FAIL; | ||||
▲ Show 20 Lines • Show All 148 Lines • Show Last 20 Lines |