version 1.133, 2023/03/09 21:06:24 |
version 1.134, 2023/12/18 14:46:56 |
|
|
} |
} |
|
|
static int |
static int |
encode_constraints(struct sshbuf *m, u_int life, u_int confirm, u_int maxsign, |
encode_constraints(struct sshbuf *m, u_int life, u_int confirm, |
const char *provider, struct dest_constraint **dest_constraints, |
u_int maxsign, const char *provider, |
size_t ndest_constraints) |
struct dest_constraint **dest_constraints, size_t ndest_constraints, |
|
int cert_only, struct sshkey **certs, size_t ncerts) |
{ |
{ |
int r; |
int r; |
struct sshbuf *b = NULL; |
struct sshbuf *b = NULL; |
|
|
"restrict-destination-v00@openssh.com")) != 0 || |
"restrict-destination-v00@openssh.com")) != 0 || |
(r = sshbuf_put_stringb(m, b)) != 0) |
(r = sshbuf_put_stringb(m, b)) != 0) |
goto out; |
goto out; |
|
sshbuf_free(b); |
|
b = NULL; |
} |
} |
|
if (ncerts != 0) { |
|
if ((b = sshbuf_new()) == NULL) { |
|
r = SSH_ERR_ALLOC_FAIL; |
|
goto out; |
|
} |
|
for (i = 0; i < ncerts; i++) { |
|
if ((r = sshkey_puts(certs[i], b)) != 0) |
|
goto out; |
|
} |
|
if ((r = sshbuf_put_u8(m, |
|
SSH_AGENT_CONSTRAIN_EXTENSION)) != 0 || |
|
(r = sshbuf_put_cstring(m, |
|
"associated-certs-v00@openssh.com")) != 0 || |
|
(r = sshbuf_put_u8(m, cert_only != 0)) != 0 || |
|
(r = sshbuf_put_stringb(m, b)) != 0) |
|
goto out; |
|
sshbuf_free(b); |
|
b = NULL; |
|
} |
r = 0; |
r = 0; |
out: |
out: |
sshbuf_free(b); |
sshbuf_free(b); |
|
|
} |
} |
if (constrained && |
if (constrained && |
(r = encode_constraints(msg, life, confirm, maxsign, |
(r = encode_constraints(msg, life, confirm, maxsign, |
provider, dest_constraints, ndest_constraints)) != 0) |
provider, dest_constraints, ndest_constraints, 0, NULL, 0)) != 0) |
goto out; |
goto out; |
if ((r = ssh_request_reply_decode(sock, msg)) != 0) |
if ((r = ssh_request_reply_decode(sock, msg)) != 0) |
goto out; |
goto out; |
|
|
int |
int |
ssh_update_card(int sock, int add, const char *reader_id, const char *pin, |
ssh_update_card(int sock, int add, const char *reader_id, const char *pin, |
u_int life, u_int confirm, |
u_int life, u_int confirm, |
struct dest_constraint **dest_constraints, size_t ndest_constraints) |
struct dest_constraint **dest_constraints, size_t ndest_constraints, |
|
int cert_only, struct sshkey **certs, size_t ncerts) |
{ |
{ |
struct sshbuf *msg; |
struct sshbuf *msg; |
int r, constrained = (life || confirm || dest_constraints); |
int r, constrained = (life || confirm || dest_constraints || certs); |
u_char type; |
u_char type; |
|
|
if (add) { |
if (add) { |
|
|
goto out; |
goto out; |
if (constrained && |
if (constrained && |
(r = encode_constraints(msg, life, confirm, 0, NULL, |
(r = encode_constraints(msg, life, confirm, 0, NULL, |
dest_constraints, ndest_constraints)) != 0) |
dest_constraints, ndest_constraints, |
|
cert_only, certs, ncerts)) != 0) |
goto out; |
goto out; |
if ((r = ssh_request_reply_decode(sock, msg)) != 0) |
if ((r = ssh_request_reply_decode(sock, msg)) != 0) |
goto out; |
goto out; |