| version 1.133, 2023/03/09 21:06:24 |
version 1.134, 2023/12/18 14:46:56 |
|
|
| } |
} |
| |
|
| static int |
static int |
| encode_constraints(struct sshbuf *m, u_int life, u_int confirm, u_int maxsign, |
encode_constraints(struct sshbuf *m, u_int life, u_int confirm, |
| const char *provider, struct dest_constraint **dest_constraints, |
u_int maxsign, const char *provider, |
| size_t ndest_constraints) |
struct dest_constraint **dest_constraints, size_t ndest_constraints, |
| |
int cert_only, struct sshkey **certs, size_t ncerts) |
| { |
{ |
| int r; |
int r; |
| struct sshbuf *b = NULL; |
struct sshbuf *b = NULL; |
|
|
| "restrict-destination-v00@openssh.com")) != 0 || |
"restrict-destination-v00@openssh.com")) != 0 || |
| (r = sshbuf_put_stringb(m, b)) != 0) |
(r = sshbuf_put_stringb(m, b)) != 0) |
| goto out; |
goto out; |
| |
sshbuf_free(b); |
| |
b = NULL; |
| } |
} |
| |
if (ncerts != 0) { |
| |
if ((b = sshbuf_new()) == NULL) { |
| |
r = SSH_ERR_ALLOC_FAIL; |
| |
goto out; |
| |
} |
| |
for (i = 0; i < ncerts; i++) { |
| |
if ((r = sshkey_puts(certs[i], b)) != 0) |
| |
goto out; |
| |
} |
| |
if ((r = sshbuf_put_u8(m, |
| |
SSH_AGENT_CONSTRAIN_EXTENSION)) != 0 || |
| |
(r = sshbuf_put_cstring(m, |
| |
"associated-certs-v00@openssh.com")) != 0 || |
| |
(r = sshbuf_put_u8(m, cert_only != 0)) != 0 || |
| |
(r = sshbuf_put_stringb(m, b)) != 0) |
| |
goto out; |
| |
sshbuf_free(b); |
| |
b = NULL; |
| |
} |
| r = 0; |
r = 0; |
| out: |
out: |
| sshbuf_free(b); |
sshbuf_free(b); |
|
|
| } |
} |
| if (constrained && |
if (constrained && |
| (r = encode_constraints(msg, life, confirm, maxsign, |
(r = encode_constraints(msg, life, confirm, maxsign, |
| provider, dest_constraints, ndest_constraints)) != 0) |
provider, dest_constraints, ndest_constraints, 0, NULL, 0)) != 0) |
| goto out; |
goto out; |
| if ((r = ssh_request_reply_decode(sock, msg)) != 0) |
if ((r = ssh_request_reply_decode(sock, msg)) != 0) |
| goto out; |
goto out; |
|
|
| int |
int |
| ssh_update_card(int sock, int add, const char *reader_id, const char *pin, |
ssh_update_card(int sock, int add, const char *reader_id, const char *pin, |
| u_int life, u_int confirm, |
u_int life, u_int confirm, |
| struct dest_constraint **dest_constraints, size_t ndest_constraints) |
struct dest_constraint **dest_constraints, size_t ndest_constraints, |
| |
int cert_only, struct sshkey **certs, size_t ncerts) |
| { |
{ |
| struct sshbuf *msg; |
struct sshbuf *msg; |
| int r, constrained = (life || confirm || dest_constraints); |
int r, constrained = (life || confirm || dest_constraints || certs); |
| u_char type; |
u_char type; |
| |
|
| if (add) { |
if (add) { |
|
|
| goto out; |
goto out; |
| if (constrained && |
if (constrained && |
| (r = encode_constraints(msg, life, confirm, 0, NULL, |
(r = encode_constraints(msg, life, confirm, 0, NULL, |
| dest_constraints, ndest_constraints)) != 0) |
dest_constraints, ndest_constraints, |
| |
cert_only, certs, ncerts)) != 0) |
| goto out; |
goto out; |
| if ((r = ssh_request_reply_decode(sock, msg)) != 0) |
if ((r = ssh_request_reply_decode(sock, msg)) != 0) |
| goto out; |
goto out; |
![[BACK]](/icons/back.gif){kind=icon}
Return to authfd.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh