tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream: factor SSH_AGENT_CONSTRAIN_EXTENSION parsing into its own 

function and remove an unused variable; ok dtucker@

OpenBSD-Commit-ID: e1a938657fbf7ef0ba5e73b30365734a0cc96559
This commit is contained in:
djm@openbsd.org 2021-02-12 03:14:18 +00:00 committed by Darren Tucker
parent 1bb130ed34
commit e04fd6dde1
1 changed files with 59 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
ssh-agent.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-agent.c,v 1.276 2021/02/02 22:35:14 djm Exp $ */ /* $OpenBSD: ssh-agent.c,v 1.277 2021/02/12 03:14:18 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -574,6 +574,44 @@ reaper(void)
return (deadline - now); return (deadline - now);
} }
static int
parse_key_constraint_extension(struct sshbuf *m, char **sk_providerp)
{
char *ext_name = NULL;
int r;
if ((r = sshbuf_get_cstring(m, &ext_name, NULL)) != 0) {
error_fr(r, "parse constraint extension");
goto out;
}
debug_f("constraint ext %s", ext_name);
if (strcmp(ext_name, "sk-provider@openssh.com") == 0) {
if (sk_providerp == NULL) {
error_f("%s not valid here", ext_name);
r = SSH_ERR_INVALID_FORMAT;
goto out;
}
if (*sk_providerp != NULL) {
error_f("%s already set", ext_name);
r = SSH_ERR_INVALID_FORMAT;
goto out;
}
if ((r = sshbuf_get_cstring(m, sk_providerp, NULL)) != 0) {
error_fr(r, "parse %s", ext_name);
goto out;
}
} else {
error_f("unsupported constraint \"%s\"", ext_name);
r = SSH_ERR_FEATURE_UNSUPPORTED;
goto out;
}
/* success */
r = 0;
out:
free(ext_name);
return r;
}
static int static int
parse_key_constraints(struct sshbuf *m, struct sshkey *k, time_t *deathp, parse_key_constraints(struct sshbuf *m, struct sshkey *k, time_t *deathp,
u_int *secondsp, int *confirmp, char **sk_providerp) u_int *secondsp, int *confirmp, char **sk_providerp)
@ -581,23 +619,22 @@ parse_key_constraints(struct sshbuf *m, struct sshkey *k, time_t *deathp,
u_char ctype; u_char ctype;
int r; int r;
u_int seconds, maxsign = 0; u_int seconds, maxsign = 0;
char *ext_name = NULL;
struct sshbuf *b = NULL;
while (sshbuf_len(m)) { while (sshbuf_len(m)) {
if ((r = sshbuf_get_u8(m, &ctype)) != 0) { if ((r = sshbuf_get_u8(m, &ctype)) != 0) {
error_fr(r, "parse constraint type"); error_fr(r, "parse constraint type");
goto err; goto out;
} }
switch (ctype) { switch (ctype) {
case SSH_AGENT_CONSTRAIN_LIFETIME: case SSH_AGENT_CONSTRAIN_LIFETIME:
if (*deathp != 0) { if (*deathp != 0) {
error_f("lifetime already set"); error_f("lifetime already set");
goto err; r = SSH_ERR_INVALID_FORMAT;
goto out;
} }
if ((r = sshbuf_get_u32(m, &seconds)) != 0) { if ((r = sshbuf_get_u32(m, &seconds)) != 0) {
error_fr(r, "parse lifetime constraint"); error_fr(r, "parse lifetime constraint");
goto err; goto out;
} }
*deathp = monotime() + seconds; *deathp = monotime() + seconds;
*secondsp = seconds; *secondsp = seconds;
@ -605,65 +642,46 @@ parse_key_constraints(struct sshbuf *m, struct sshkey *k, time_t *deathp,
case SSH_AGENT_CONSTRAIN_CONFIRM: case SSH_AGENT_CONSTRAIN_CONFIRM:
if (*confirmp != 0) { if (*confirmp != 0) {
error_f("confirm already set"); error_f("confirm already set");
goto err; r = SSH_ERR_INVALID_FORMAT;
goto out;
} }
*confirmp = 1; *confirmp = 1;
break; break;
case SSH_AGENT_CONSTRAIN_MAXSIGN: case SSH_AGENT_CONSTRAIN_MAXSIGN:
if (k == NULL) { if (k == NULL) {
error_f("maxsign not valid here"); error_f("maxsign not valid here");
goto err; r = SSH_ERR_INVALID_FORMAT;
goto out;
} }
if (maxsign != 0) { if (maxsign != 0) {
error_f("maxsign already set"); error_f("maxsign already set");
goto err; r = SSH_ERR_INVALID_FORMAT;
goto out;
} }
if ((r = sshbuf_get_u32(m, &maxsign)) != 0) { if ((r = sshbuf_get_u32(m, &maxsign)) != 0) {
error_fr(r, "parse maxsign constraint"); error_fr(r, "parse maxsign constraint");
goto err; goto out;
} }
if ((r = sshkey_enable_maxsign(k, maxsign)) != 0) { if ((r = sshkey_enable_maxsign(k, maxsign)) != 0) {
error_fr(r, "enable maxsign"); error_fr(r, "enable maxsign");
goto err; goto out;
} }
break; break;
case SSH_AGENT_CONSTRAIN_EXTENSION: case SSH_AGENT_CONSTRAIN_EXTENSION:
if ((r = sshbuf_get_cstring(m, &ext_name, NULL)) != 0) { if ((r = parse_key_constraint_extension(m,
error_fr(r, "parse constraint extension"); sk_providerp)) != 0)
goto err; goto out; /* error already logged */
}
debug_f("constraint ext %s", ext_name);
if (strcmp(ext_name, "sk-provider@openssh.com") == 0) {
if (sk_providerp == NULL) {
error_f("%s not valid here", ext_name);
goto err;
}
if (*sk_providerp != NULL) {
error_f("%s already set", ext_name);
goto err;
}
if ((r = sshbuf_get_cstring(m,
sk_providerp, NULL)) != 0) {
error_fr(r, "parse %s", ext_name);
goto err;
}
} else {
error_f("unsupported constraint \"%s\"",
ext_name);
goto err;
}
free(ext_name);
break; break;
default: default:
error_f("Unknown constraint %d", ctype); error_f("Unknown constraint %d", ctype);
err: r = SSH_ERR_FEATURE_UNSUPPORTED;
free(ext_name); goto out;
sshbuf_free(b);
return -1;
} }
} }
/* success */ /* success */
return 0; r = 0;
out:
return r;
} }
static void static void