=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/authfd.c,v retrieving revision 1.49 retrieving revision 1.49.2.3 diff -u -r1.49 -r1.49.2.3 --- src/usr.bin/ssh/authfd.c 2002/03/21 22:44:05 1.49 +++ src/usr.bin/ssh/authfd.c 2003/04/03 22:35:16 1.49.2.3 @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfd.c,v 1.49 2002/03/21 22:44:05 rees Exp $"); +RCSID("$OpenBSD: authfd.c,v 1.49.2.3 2003/04/03 22:35:16 miod Exp $"); #include @@ -53,14 +53,31 @@ #include "log.h" #include "atomicio.h" +static int agent_present = 0; + /* helper */ int decode_reply(int type); /* macro to check for "agent failure" message */ #define agent_failed(x) \ ((x == SSH_AGENT_FAILURE) || (x == SSH_COM_AGENT2_FAILURE) || \ - (x == SSH2_AGENT_FAILURE)) + (x == SSH2_AGENT_FAILURE)) +int +ssh_agent_present(void) +{ + int authfd; + + if (agent_present) + return 1; + if ((authfd = ssh_get_authentication_socket()) == -1) + return 0; + else { + ssh_close_authentication_socket(authfd); + return 1; + } +} + /* Returns the number of the authentication fd, or -1 if there is none. */ int @@ -90,6 +107,7 @@ close(sock); return -1; } + agent_present = 1; return sock; } @@ -144,7 +162,7 @@ error("Error reading response from authentication socket."); return 0; } - buffer_append(reply, (char *) buf, l); + buffer_append(reply, buf, l); len -= l; } return 1; @@ -207,6 +225,26 @@ xfree(auth); } +/* Lock/unlock agent */ +int +ssh_lock_agent(AuthenticationConnection *auth, int lock, const char *password) +{ + int type; + Buffer msg; + + buffer_init(&msg); + buffer_put_char(&msg, lock ? SSH_AGENTC_LOCK : SSH_AGENTC_UNLOCK); + buffer_put_cstring(&msg, password); + + if (ssh_request_reply(auth, &msg, &msg) == 0) { + buffer_free(&msg); + return 0; + } + type = buffer_get_char(&msg); + buffer_free(&msg); + return decode_reply(type); +} + /* * Returns the first authentication identity held by the agent. */ @@ -419,8 +457,6 @@ static void ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) { - buffer_clear(b); - buffer_put_char(b, SSH_AGENTC_ADD_RSA_IDENTITY); buffer_put_int(b, BN_num_bits(key->n)); buffer_put_bignum(b, key->n); buffer_put_bignum(b, key->e); @@ -435,8 +471,6 @@ static void ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) { - buffer_clear(b); - buffer_put_char(b, SSH2_AGENTC_ADD_IDENTITY); buffer_put_cstring(b, key_ssh_name(key)); switch (key->type) { case KEY_RSA: @@ -464,19 +498,28 @@ */ int -ssh_add_identity(AuthenticationConnection *auth, Key *key, const char *comment) +ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key, + const char *comment, u_int life, u_int confirm) { Buffer msg; - int type; + int type, constrained = (life || confirm); buffer_init(&msg); switch (key->type) { case KEY_RSA1: + type = constrained ? + SSH_AGENTC_ADD_RSA_ID_CONSTRAINED : + SSH_AGENTC_ADD_RSA_IDENTITY; + buffer_put_char(&msg, type); ssh_encode_identity_rsa1(&msg, key->rsa, comment); break; case KEY_RSA: case KEY_DSA: + type = constrained ? + SSH2_AGENTC_ADD_ID_CONSTRAINED : + SSH2_AGENTC_ADD_IDENTITY; + buffer_put_char(&msg, type); ssh_encode_identity_ssh2(&msg, key, comment); break; default: @@ -484,6 +527,14 @@ return 0; break; } + if (constrained) { + if (life != 0) { + buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_LIFETIME); + buffer_put_int(&msg, life); + } + if (confirm != 0) + buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_CONFIRM); + } if (ssh_request_reply(auth, &msg, &msg) == 0) { buffer_free(&msg); return 0; @@ -491,6 +542,12 @@ type = buffer_get_char(&msg); buffer_free(&msg); return decode_reply(type); +} + +int +ssh_add_identity(AuthenticationConnection *auth, Key *key, const char *comment) +{ + return ssh_add_identity_constrained(auth, key, comment, 0, 0); } /*