tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- djm@cvs.openbsd.org 2003/06/11 11:18:38 

[authfd.c authfd.h ssh-add.c ssh-agent.c]
     make agent constraints (lifetime, confirm) work with smartcard keys;
     ok markus@
This commit is contained in:
Damien Miller 2003-06-11 22:06:33 +10:00
parent 0e1b937f13
commit d94f20d28e
5 changed files with 54 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -18,6 +18,10 @@
- jakob@cvs.openbsd.org 2003/06/11 10:18:47 - jakob@cvs.openbsd.org 2003/06/11 10:18:47
[dns.c] [dns.c]
sync with check_host_key() change sync with check_host_key() change
- djm@cvs.openbsd.org 2003/06/11 11:18:38
[authfd.c authfd.h ssh-add.c ssh-agent.c]
make agent constraints (lifetime, confirm) work with smartcard keys;
ok markus@
20030609 20030609
@ -502,4 +506,4 @@
- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
Report from murple@murple.net, diagnosis from dtucker@zip.com.au Report from murple@murple.net, diagnosis from dtucker@zip.com.au
$Id: ChangeLog,v 1.2796 2003/06/11 12:05:45 djm Exp $ $Id: ChangeLog,v 1.2797 2003/06/11 12:06:33 djm Exp $

27
authfd.c
View File

@ -35,7 +35,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: authfd.c,v 1.59 2003/04/08 20:21:28 itojun Exp $"); RCSID("$OpenBSD: authfd.c,v 1.60 2003/06/11 11:18:38 djm Exp $");
#include <openssl/evp.h> #include <openssl/evp.h>
@ -589,16 +589,33 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key)
} }
int int
ssh_update_card(AuthenticationConnection *auth, int add, const char *reader_id, const char *pin) ssh_update_card(AuthenticationConnection *auth, int add,
const char *reader_id, const char *pin, u_int life, u_int confirm)
{ {
Buffer msg; Buffer msg;
int type; int type, constrained = (life || confirm);
if (add) {
type = constrained ?
SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED :
SSH_AGENTC_ADD_SMARTCARD_KEY;
} else
type = SSH_AGENTC_REMOVE_SMARTCARD_KEY;
buffer_init(&msg); buffer_init(&msg);
buffer_put_char(&msg, add ? SSH_AGENTC_ADD_SMARTCARD_KEY : buffer_put_char(&msg, type);
SSH_AGENTC_REMOVE_SMARTCARD_KEY);
buffer_put_cstring(&msg, reader_id); buffer_put_cstring(&msg, reader_id);
buffer_put_cstring(&msg, pin); buffer_put_cstring(&msg, pin);
if (constrained) {
if (life != 0) {
buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_LIFETIME);
buffer_put_int(&msg, life);
}
if (confirm != 0)
buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_CONFIRM);
}
if (ssh_request_reply(auth, &msg, &msg) == 0) { if (ssh_request_reply(auth, &msg, &msg) == 0) {
buffer_free(&msg); buffer_free(&msg);
return 0; return 0;

6
authfd.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: authfd.h,v 1.32 2003/01/23 13:50:27 markus Exp $ */ /* $OpenBSD: authfd.h,v 1.33 2003/06/11 11:18:38 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -49,6 +49,7 @@
/* add key with constraints */ /* add key with constraints */
#define SSH_AGENTC_ADD_RSA_ID_CONSTRAINED 24 #define SSH_AGENTC_ADD_RSA_ID_CONSTRAINED 24
#define SSH2_AGENTC_ADD_ID_CONSTRAINED 25 #define SSH2_AGENTC_ADD_ID_CONSTRAINED 25
#define SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED 26
#define SSH_AGENT_CONSTRAIN_LIFETIME 1 #define SSH_AGENT_CONSTRAIN_LIFETIME 1
#define SSH_AGENT_CONSTRAIN_CONFIRM 2 #define SSH_AGENT_CONSTRAIN_CONFIRM 2
@ -82,7 +83,8 @@ int ssh_add_identity_constrained(AuthenticationConnection *, Key *,
int ssh_remove_identity(AuthenticationConnection *, Key *); int ssh_remove_identity(AuthenticationConnection *, Key *);
int ssh_remove_all_identities(AuthenticationConnection *, int); int ssh_remove_all_identities(AuthenticationConnection *, int);
int ssh_lock_agent(AuthenticationConnection *, int, const char *); int ssh_lock_agent(AuthenticationConnection *, int, const char *);
int ssh_update_card(AuthenticationConnection *, int, const char *, const char *); int ssh_update_card(AuthenticationConnection *, int, const char *,
const char *, u_int, u_int);
int int
ssh_decrypt_challenge(AuthenticationConnection *, Key *, BIGNUM *, u_char[16], ssh_decrypt_challenge(AuthenticationConnection *, Key *, BIGNUM *, u_char[16],

4
ssh-add.c
View File

@ -35,7 +35,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: ssh-add.c,v 1.66 2003/03/05 22:33:43 markus Exp $"); RCSID("$OpenBSD: ssh-add.c,v 1.67 2003/06/11 11:18:38 djm Exp $");
#include <openssl/evp.h> #include <openssl/evp.h>
@ -201,7 +201,7 @@ update_card(AuthenticationConnection *ac, int add, const char *id)
if (pin == NULL) if (pin == NULL)
return -1; return -1;
if (ssh_update_card(ac, add, id, pin)) { if (ssh_update_card(ac, add, id, pin, lifetime, confirm)) {
fprintf(stderr, "Card %s: %s\n", fprintf(stderr, "Card %s: %s\n",
add ? "added" : "removed", id); add ? "added" : "removed", id);
ret = 0; ret = 0;

25
ssh-agent.c
View File

@ -35,7 +35,7 @@
#include "includes.h" #include "includes.h"
#include "openbsd-compat/sys-queue.h" #include "openbsd-compat/sys-queue.h"
RCSID("$OpenBSD: ssh-agent.c,v 1.109 2003/04/08 20:21:29 itojun Exp $"); RCSID("$OpenBSD: ssh-agent.c,v 1.110 2003/06/11 11:18:38 djm Exp $");
#include <openssl/evp.h> #include <openssl/evp.h>
#include <openssl/md5.h> #include <openssl/md5.h>
@ -580,13 +580,29 @@ static void
process_add_smartcard_key (SocketEntry *e) process_add_smartcard_key (SocketEntry *e)
{ {
char *sc_reader_id = NULL, *pin; char *sc_reader_id = NULL, *pin;
int i, version, success = 0; int i, version, success = 0, death = 0, confirm = 0;
Key **keys, *k; Key **keys, *k;
Identity *id; Identity *id;
Idtab *tab; Idtab *tab;
sc_reader_id = buffer_get_string(&e->request, NULL); sc_reader_id = buffer_get_string(&e->request, NULL);
pin = buffer_get_string(&e->request, NULL); pin = buffer_get_string(&e->request, NULL);
while (buffer_len(&e->request)) {
switch (buffer_get_char(&e->request)) {
case SSH_AGENT_CONSTRAIN_LIFETIME:
death = time(NULL) + buffer_get_int(&e->request);
break;
case SSH_AGENT_CONSTRAIN_CONFIRM:
confirm = 1;
break;
default:
break;
}
}
if (lifetime && !death)
death = time(NULL) + lifetime;
keys = sc_get_keys(sc_reader_id, pin); keys = sc_get_keys(sc_reader_id, pin);
xfree(sc_reader_id); xfree(sc_reader_id);
xfree(pin); xfree(pin);
@ -603,8 +619,8 @@ process_add_smartcard_key (SocketEntry *e)
id = xmalloc(sizeof(Identity)); id = xmalloc(sizeof(Identity));
id->key = k; id->key = k;
id->comment = xstrdup("smartcard key"); id->comment = xstrdup("smartcard key");
id->death = 0; id->death = death;
id->confirm = 0; id->confirm = confirm;
TAILQ_INSERT_TAIL(&tab->idlist, id, next); TAILQ_INSERT_TAIL(&tab->idlist, id, next);
tab->nentries++; tab->nentries++;
success = 1; success = 1;
@ -748,6 +764,7 @@ process_message(SocketEntry *e)
break; break;
#ifdef SMARTCARD #ifdef SMARTCARD
case SSH_AGENTC_ADD_SMARTCARD_KEY: case SSH_AGENTC_ADD_SMARTCARD_KEY:
case SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED:
process_add_smartcard_key(e); process_add_smartcard_key(e);
break; break;
case SSH_AGENTC_REMOVE_SMARTCARD_KEY: case SSH_AGENTC_REMOVE_SMARTCARD_KEY: