version 1.302, 2023/12/18 14:46:56 |
version 1.303, 2023/12/18 14:48:08 |
|
|
struct sshbuf *request; |
struct sshbuf *request; |
size_t nsession_ids; |
size_t nsession_ids; |
struct hostkey_sid *session_ids; |
struct hostkey_sid *session_ids; |
|
int session_bind_attempted; |
} SocketEntry; |
} SocketEntry; |
|
|
u_int sockets_alloc = 0; |
u_int sockets_alloc = 0; |
|
|
e->nsession_ids, id->ndest_constraints); |
e->nsession_ids, id->ndest_constraints); |
if (id->ndest_constraints == 0) |
if (id->ndest_constraints == 0) |
return 0; /* unconstrained */ |
return 0; /* unconstrained */ |
|
if (e->session_bind_attempted && e->nsession_ids == 0) { |
|
error_f("previous session bind failed on socket"); |
|
return -1; |
|
} |
if (e->nsession_ids == 0) |
if (e->nsession_ids == 0) |
return 0; /* local use */ |
return 0; /* local use */ |
/* |
/* |
|
|
return 0; |
return 0; |
} |
} |
|
|
|
static int |
|
socket_is_remote(SocketEntry *e) |
|
{ |
|
return e->session_bind_attempted || (e->nsession_ids != 0); |
|
} |
|
|
/* return matching private key for given public key */ |
/* return matching private key for given public key */ |
static Identity * |
static Identity * |
lookup_identity(struct sshkey *key) |
lookup_identity(struct sshkey *key) |
|
|
if (strcasecmp(sk_provider, "internal") == 0) { |
if (strcasecmp(sk_provider, "internal") == 0) { |
debug_f("internal provider"); |
debug_f("internal provider"); |
} else { |
} else { |
if (e->nsession_ids != 0 && !remote_add_provider) { |
if (socket_is_remote(e) && !remote_add_provider) { |
verbose("failed add of SK provider \"%.100s\": " |
verbose("failed add of SK provider \"%.100s\": " |
"remote addition of providers is disabled", |
"remote addition of providers is disabled", |
sk_provider); |
sk_provider); |
|
|
goto send; |
goto send; |
} |
} |
dump_dest_constraints(__func__, dest_constraints, ndest_constraints); |
dump_dest_constraints(__func__, dest_constraints, ndest_constraints); |
if (e->nsession_ids != 0 && !remote_add_provider) { |
if (socket_is_remote(e) && !remote_add_provider) { |
verbose("failed PKCS#11 add of \"%.100s\": remote addition of " |
verbose("failed PKCS#11 add of \"%.100s\": remote addition of " |
"providers is disabled", provider); |
"providers is disabled", provider); |
goto send; |
goto send; |
|
|
u_char fwd = 0; |
u_char fwd = 0; |
|
|
debug2_f("entering"); |
debug2_f("entering"); |
|
e->session_bind_attempted = 1; |
if ((r = sshkey_froms(e->request, &key)) != 0 || |
if ((r = sshkey_froms(e->request, &key)) != 0 || |
(r = sshbuf_froms(e->request, &sid)) != 0 || |
(r = sshbuf_froms(e->request, &sid)) != 0 || |
(r = sshbuf_froms(e->request, &sig)) != 0 || |
(r = sshbuf_froms(e->request, &sig)) != 0 || |