version 1.45, 2001/09/19 19:35:30 |
version 1.45.2.4, 2002/06/26 18:22:34 |
|
|
/* macro to check for "agent failure" message */ |
/* macro to check for "agent failure" message */ |
#define agent_failed(x) \ |
#define agent_failed(x) \ |
((x == SSH_AGENT_FAILURE) || (x == SSH_COM_AGENT2_FAILURE) || \ |
((x == SSH_AGENT_FAILURE) || (x == SSH_COM_AGENT2_FAILURE) || \ |
(x == SSH2_AGENT_FAILURE)) |
(x == SSH2_AGENT_FAILURE)) |
|
|
/* Returns the number of the authentication fd, or -1 if there is none. */ |
/* Returns the number of the authentication fd, or -1 if there is none. */ |
|
|
|
|
error("Error reading response from authentication socket."); |
error("Error reading response from authentication socket."); |
return 0; |
return 0; |
} |
} |
buffer_append(reply, (char *) buf, l); |
buffer_append(reply, buf, l); |
len -= l; |
len -= l; |
} |
} |
return 1; |
return 1; |
|
|
xfree(auth); |
xfree(auth); |
} |
} |
|
|
|
/* Lock/unlock agent */ |
|
int |
|
ssh_lock_agent(AuthenticationConnection *auth, int lock, const char *password) |
|
{ |
|
int type; |
|
Buffer msg; |
|
|
|
buffer_init(&msg); |
|
buffer_put_char(&msg, lock ? SSH_AGENTC_LOCK : SSH_AGENTC_UNLOCK); |
|
buffer_put_cstring(&msg, password); |
|
|
|
if (ssh_request_reply(auth, &msg, &msg) == 0) { |
|
buffer_free(&msg); |
|
return 0; |
|
} |
|
type = buffer_get_char(&msg); |
|
buffer_free(&msg); |
|
return decode_reply(type); |
|
} |
|
|
/* |
/* |
* Returns the first authentication identity held by the agent. |
* Returns the first authentication identity held by the agent. |
*/ |
*/ |
|
|
int type, code1 = 0, code2 = 0; |
int type, code1 = 0, code2 = 0; |
Buffer request; |
Buffer request; |
|
|
switch(version){ |
switch (version) { |
case 1: |
case 1: |
code1 = SSH_AGENTC_REQUEST_RSA_IDENTITIES; |
code1 = SSH_AGENTC_REQUEST_RSA_IDENTITIES; |
code2 = SSH_AGENT_RSA_IDENTITIES_ANSWER; |
code2 = SSH_AGENT_RSA_IDENTITIES_ANSWER; |
|
|
* Get the next entry from the packet. These will abort with a fatal |
* Get the next entry from the packet. These will abort with a fatal |
* error if the packet is too short or contains corrupt data. |
* error if the packet is too short or contains corrupt data. |
*/ |
*/ |
switch(version){ |
switch (version) { |
case 1: |
case 1: |
key = key_new(KEY_RSA1); |
key = key_new(KEY_RSA1); |
bits = buffer_get_int(&auth->identities); |
bits = buffer_get_int(&auth->identities); |
|
|
buffer_put_bignum(&buffer, key->rsa->e); |
buffer_put_bignum(&buffer, key->rsa->e); |
buffer_put_bignum(&buffer, key->rsa->n); |
buffer_put_bignum(&buffer, key->rsa->n); |
buffer_put_bignum(&buffer, challenge); |
buffer_put_bignum(&buffer, challenge); |
buffer_append(&buffer, (char *) session_id, 16); |
buffer_append(&buffer, session_id, 16); |
buffer_put_int(&buffer, response_type); |
buffer_put_int(&buffer, response_type); |
|
|
if (ssh_request_reply(auth, &buffer, &buffer) == 0) { |
if (ssh_request_reply(auth, &buffer, &buffer) == 0) { |
|
|
int |
int |
ssh_agent_sign(AuthenticationConnection *auth, |
ssh_agent_sign(AuthenticationConnection *auth, |
Key *key, |
Key *key, |
u_char **sigp, int *lenp, |
u_char **sigp, u_int *lenp, |
u_char *data, int datalen) |
u_char *data, u_int datalen) |
{ |
{ |
extern int datafellows; |
extern int datafellows; |
Buffer msg; |
Buffer msg; |
|
|
static void |
static void |
ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) |
ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) |
{ |
{ |
buffer_clear(b); |
|
buffer_put_char(b, SSH_AGENTC_ADD_RSA_IDENTITY); |
|
buffer_put_int(b, BN_num_bits(key->n)); |
buffer_put_int(b, BN_num_bits(key->n)); |
buffer_put_bignum(b, key->n); |
buffer_put_bignum(b, key->n); |
buffer_put_bignum(b, key->e); |
buffer_put_bignum(b, key->e); |
|
|
static void |
static void |
ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) |
ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) |
{ |
{ |
buffer_clear(b); |
|
buffer_put_char(b, SSH2_AGENTC_ADD_IDENTITY); |
|
buffer_put_cstring(b, key_ssh_name(key)); |
buffer_put_cstring(b, key_ssh_name(key)); |
switch(key->type){ |
switch (key->type) { |
case KEY_RSA: |
case KEY_RSA: |
buffer_put_bignum2(b, key->rsa->n); |
buffer_put_bignum2(b, key->rsa->n); |
buffer_put_bignum2(b, key->rsa->e); |
buffer_put_bignum2(b, key->rsa->e); |
|
|
*/ |
*/ |
|
|
int |
int |
ssh_add_identity(AuthenticationConnection *auth, Key *key, const char *comment) |
ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key, |
|
const char *comment, u_int life) |
{ |
{ |
Buffer msg; |
Buffer msg; |
int type; |
int type, constrained = (life != 0); |
|
|
buffer_init(&msg); |
buffer_init(&msg); |
|
|
switch (key->type) { |
switch (key->type) { |
case KEY_RSA1: |
case KEY_RSA1: |
|
type = constrained ? |
|
SSH_AGENTC_ADD_RSA_ID_CONSTRAINED : |
|
SSH_AGENTC_ADD_RSA_IDENTITY; |
|
buffer_put_char(&msg, type); |
ssh_encode_identity_rsa1(&msg, key->rsa, comment); |
ssh_encode_identity_rsa1(&msg, key->rsa, comment); |
break; |
break; |
case KEY_RSA: |
case KEY_RSA: |
case KEY_DSA: |
case KEY_DSA: |
|
type = constrained ? |
|
SSH2_AGENTC_ADD_ID_CONSTRAINED : |
|
SSH2_AGENTC_ADD_IDENTITY; |
|
buffer_put_char(&msg, type); |
ssh_encode_identity_ssh2(&msg, key, comment); |
ssh_encode_identity_ssh2(&msg, key, comment); |
break; |
break; |
default: |
default: |
|
|
return 0; |
return 0; |
break; |
break; |
} |
} |
|
if (constrained) { |
|
if (life != 0) { |
|
buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_LIFETIME); |
|
buffer_put_int(&msg, life); |
|
} |
|
} |
if (ssh_request_reply(auth, &msg, &msg) == 0) { |
if (ssh_request_reply(auth, &msg, &msg) == 0) { |
buffer_free(&msg); |
buffer_free(&msg); |
return 0; |
return 0; |
|
|
return decode_reply(type); |
return decode_reply(type); |
} |
} |
|
|
|
int |
|
ssh_add_identity(AuthenticationConnection *auth, Key *key, const char *comment) |
|
{ |
|
return ssh_add_identity_constrained(auth, key, comment, 0); |
|
} |
|
|
/* |
/* |
* Removes an identity from the authentication server. This call is not |
* Removes an identity from the authentication server. This call is not |
* meant to be used by normal applications. |
* meant to be used by normal applications. |
|
|
} |
} |
|
|
int |
int |
ssh_update_card(AuthenticationConnection *auth, int add, const char *reader_id) |
ssh_update_card(AuthenticationConnection *auth, int add, const char *reader_id, const char *pin) |
{ |
{ |
Buffer msg; |
Buffer msg; |
int type; |
int type; |
|
|
buffer_put_char(&msg, add ? SSH_AGENTC_ADD_SMARTCARD_KEY : |
buffer_put_char(&msg, add ? SSH_AGENTC_ADD_SMARTCARD_KEY : |
SSH_AGENTC_REMOVE_SMARTCARD_KEY); |
SSH_AGENTC_REMOVE_SMARTCARD_KEY); |
buffer_put_cstring(&msg, reader_id); |
buffer_put_cstring(&msg, reader_id); |
|
buffer_put_cstring(&msg, pin); |
if (ssh_request_reply(auth, &msg, &msg) == 0) { |
if (ssh_request_reply(auth, &msg, &msg) == 0) { |
buffer_free(&msg); |
buffer_free(&msg); |
return 0; |
return 0; |