version 1.23, 2020/03/06 18:26:21 |
version 1.24, 2020/10/18 11:32:02 |
|
|
int r; |
int r; |
|
|
if ((r = sshbuf_put_stringb(oqueue, m)) != 0) |
if ((r = sshbuf_put_stringb(oqueue, m)) != 0) |
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
fatal_fr(r, "enqueue"); |
} |
} |
|
|
static void |
static void |
|
|
char **labels = NULL; |
char **labels = NULL; |
|
|
if ((msg = sshbuf_new()) == NULL) |
if ((msg = sshbuf_new()) == NULL) |
fatal("%s: sshbuf_new failed", __func__); |
fatal_f("sshbuf_new failed"); |
if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 || |
if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 || |
(r = sshbuf_get_cstring(iqueue, &pin, NULL)) != 0) |
(r = sshbuf_get_cstring(iqueue, &pin, NULL)) != 0) |
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
fatal_fr(r, "parse"); |
if ((nkeys = pkcs11_add_provider(name, pin, &keys, &labels)) > 0) { |
if ((nkeys = pkcs11_add_provider(name, pin, &keys, &labels)) > 0) { |
if ((r = sshbuf_put_u8(msg, |
if ((r = sshbuf_put_u8(msg, |
SSH2_AGENT_IDENTITIES_ANSWER)) != 0 || |
SSH2_AGENT_IDENTITIES_ANSWER)) != 0 || |
(r = sshbuf_put_u32(msg, nkeys)) != 0) |
(r = sshbuf_put_u32(msg, nkeys)) != 0) |
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
fatal_fr(r, "compose"); |
for (i = 0; i < nkeys; i++) { |
for (i = 0; i < nkeys; i++) { |
if ((r = sshkey_to_blob(keys[i], &blob, &blen)) != 0) { |
if ((r = sshkey_to_blob(keys[i], &blob, &blen)) != 0) { |
debug("%s: sshkey_to_blob: %s", |
debug_fr(r, "encode key"); |
__func__, ssh_err(r)); |
|
continue; |
continue; |
} |
} |
if ((r = sshbuf_put_string(msg, blob, blen)) != 0 || |
if ((r = sshbuf_put_string(msg, blob, blen)) != 0 || |
(r = sshbuf_put_cstring(msg, labels[i])) != 0) |
(r = sshbuf_put_cstring(msg, labels[i])) != 0) |
fatal("%s: buffer error: %s", |
fatal_fr(r, "compose key"); |
__func__, ssh_err(r)); |
|
free(blob); |
free(blob); |
add_key(keys[i], name, labels[i]); |
add_key(keys[i], name, labels[i]); |
free(labels[i]); |
free(labels[i]); |
} |
} |
} else { |
} else if ((r = sshbuf_put_u8(msg, SSH_AGENT_FAILURE)) != 0 || |
if ((r = sshbuf_put_u8(msg, SSH_AGENT_FAILURE)) != 0) |
(r = sshbuf_put_u32(msg, -nkeys)) != 0) |
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
fatal_fr(r, "compose"); |
if ((r = sshbuf_put_u32(msg, -nkeys)) != 0) |
|
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
|
} |
|
free(labels); |
free(labels); |
free(keys); /* keys themselves are transferred to pkcs11_keylist */ |
free(keys); /* keys themselves are transferred to pkcs11_keylist */ |
free(pin); |
free(pin); |
|
|
int r; |
int r; |
|
|
if ((msg = sshbuf_new()) == NULL) |
if ((msg = sshbuf_new()) == NULL) |
fatal("%s: sshbuf_new failed", __func__); |
fatal_f("sshbuf_new failed"); |
if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 || |
if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 || |
(r = sshbuf_get_cstring(iqueue, &pin, NULL)) != 0) |
(r = sshbuf_get_cstring(iqueue, &pin, NULL)) != 0) |
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
fatal_fr(r, "parse"); |
del_keys_by_name(name); |
del_keys_by_name(name); |
if ((r = sshbuf_put_u8(msg, pkcs11_del_provider(name) == 0 ? |
if ((r = sshbuf_put_u8(msg, pkcs11_del_provider(name) == 0 ? |
SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE)) != 0) |
SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE)) != 0) |
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
fatal_fr(r, "compose"); |
free(pin); |
free(pin); |
free(name); |
free(name); |
send_msg(msg); |
send_msg(msg); |
|
|
if ((r = sshbuf_get_string(iqueue, &blob, &blen)) != 0 || |
if ((r = sshbuf_get_string(iqueue, &blob, &blen)) != 0 || |
(r = sshbuf_get_string(iqueue, &data, &dlen)) != 0 || |
(r = sshbuf_get_string(iqueue, &data, &dlen)) != 0 || |
(r = sshbuf_get_u32(iqueue, NULL)) != 0) |
(r = sshbuf_get_u32(iqueue, NULL)) != 0) |
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
fatal_fr(r, "parse"); |
|
|
if ((r = sshkey_from_blob(blob, blen, &key)) != 0) |
if ((r = sshkey_from_blob(blob, blen, &key)) != 0) |
error("%s: sshkey_from_blob: %s", __func__, ssh_err(r)); |
fatal_fr(r, "decode key"); |
else { |
else { |
if ((found = lookup_key(key)) != NULL) { |
if ((found = lookup_key(key)) != NULL) { |
#ifdef WITH_OPENSSL |
#ifdef WITH_OPENSSL |
|
|
if (ret != 0) |
if (ret != 0) |
ok = 0; |
ok = 0; |
else |
else |
error("%s: ECDSA_sign" |
error_f("ECDSA_sign returned %d", ret); |
" returns %d", __func__, ret); |
|
slen = xslen; |
slen = xslen; |
} else |
} else |
error("%s: don't know how to sign with key " |
error_f("don't know how to sign with key " |
"type %d", __func__, (int)key->type); |
"type %d", (int)key->type); |
#endif /* WITH_OPENSSL */ |
#endif /* WITH_OPENSSL */ |
} |
} |
sshkey_free(key); |
sshkey_free(key); |
} |
} |
if ((msg = sshbuf_new()) == NULL) |
if ((msg = sshbuf_new()) == NULL) |
fatal("%s: sshbuf_new failed", __func__); |
fatal_f("sshbuf_new failed"); |
if (ok == 0) { |
if (ok == 0) { |
if ((r = sshbuf_put_u8(msg, SSH2_AGENT_SIGN_RESPONSE)) != 0 || |
if ((r = sshbuf_put_u8(msg, SSH2_AGENT_SIGN_RESPONSE)) != 0 || |
(r = sshbuf_put_string(msg, signature, slen)) != 0) |
(r = sshbuf_put_string(msg, signature, slen)) != 0) |
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
fatal_fr(r, "compose response"); |
} else { |
} else { |
if ((r = sshbuf_put_u8(msg, SSH2_AGENT_FAILURE)) != 0) |
if ((r = sshbuf_put_u8(msg, SSH2_AGENT_FAILURE)) != 0) |
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
fatal_fr(r, "compose failure response"); |
} |
} |
free(data); |
free(data); |
free(blob); |
free(blob); |
|
|
return; |
return; |
if ((r = sshbuf_consume(iqueue, 4)) != 0 || |
if ((r = sshbuf_consume(iqueue, 4)) != 0 || |
(r = sshbuf_get_u8(iqueue, &type)) != 0) |
(r = sshbuf_get_u8(iqueue, &type)) != 0) |
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
fatal_fr(r, "parse type/len"); |
buf_len -= 4; |
buf_len -= 4; |
switch (type) { |
switch (type) { |
case SSH_AGENTC_ADD_SMARTCARD_KEY: |
case SSH_AGENTC_ADD_SMARTCARD_KEY: |
|
|
} |
} |
if (msg_len > consumed) { |
if (msg_len > consumed) { |
if ((r = sshbuf_consume(iqueue, msg_len - consumed)) != 0) |
if ((r = sshbuf_consume(iqueue, msg_len - consumed)) != 0) |
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
fatal_fr(r, "consume"); |
} |
} |
} |
} |
|
|
|
|
out = STDOUT_FILENO; |
out = STDOUT_FILENO; |
|
|
if ((iqueue = sshbuf_new()) == NULL) |
if ((iqueue = sshbuf_new()) == NULL) |
fatal("%s: sshbuf_new failed", __func__); |
fatal_f("sshbuf_new failed"); |
if ((oqueue = sshbuf_new()) == NULL) |
if ((oqueue = sshbuf_new()) == NULL) |
fatal("%s: sshbuf_new failed", __func__); |
fatal_f("sshbuf_new failed"); |
|
|
while (1) { |
while (1) { |
memset(pfd, 0, sizeof(pfd)); |
memset(pfd, 0, sizeof(pfd)); |
|
|
(r = sshbuf_check_reserve(oqueue, MAX_MSG_LENGTH)) == 0) |
(r = sshbuf_check_reserve(oqueue, MAX_MSG_LENGTH)) == 0) |
pfd[0].events = POLLIN; |
pfd[0].events = POLLIN; |
else if (r != SSH_ERR_NO_BUFFER_SPACE) |
else if (r != SSH_ERR_NO_BUFFER_SPACE) |
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
fatal_fr(r, "reserve"); |
|
|
if (sshbuf_len(oqueue) > 0) |
if (sshbuf_len(oqueue) > 0) |
pfd[1].events = POLLOUT; |
pfd[1].events = POLLOUT; |
|
|
} else if (len < 0) { |
} else if (len < 0) { |
error("read: %s", strerror(errno)); |
error("read: %s", strerror(errno)); |
cleanup_exit(1); |
cleanup_exit(1); |
} else if ((r = sshbuf_put(iqueue, buf, len)) != 0) { |
} else if ((r = sshbuf_put(iqueue, buf, len)) != 0) |
fatal("%s: buffer error: %s", |
fatal_fr(r, "sshbuf_put"); |
__func__, ssh_err(r)); |
|
} |
|
} |
} |
/* send oqueue to stdout */ |
/* send oqueue to stdout */ |
if ((pfd[1].revents & (POLLOUT|POLLHUP)) != 0) { |
if ((pfd[1].revents & (POLLOUT|POLLHUP)) != 0) { |
|
|
if (len < 0) { |
if (len < 0) { |
error("write: %s", strerror(errno)); |
error("write: %s", strerror(errno)); |
cleanup_exit(1); |
cleanup_exit(1); |
} else if ((r = sshbuf_consume(oqueue, len)) != 0) { |
} else if ((r = sshbuf_consume(oqueue, len)) != 0) |
fatal("%s: buffer error: %s", |
fatal_fr(r, "consume"); |
__func__, ssh_err(r)); |
|
} |
|
} |
} |
|
|
/* |
/* |
|
|
if ((r = sshbuf_check_reserve(oqueue, MAX_MSG_LENGTH)) == 0) |
if ((r = sshbuf_check_reserve(oqueue, MAX_MSG_LENGTH)) == 0) |
process(); |
process(); |
else if (r != SSH_ERR_NO_BUFFER_SPACE) |
else if (r != SSH_ERR_NO_BUFFER_SPACE) |
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
fatal_fr(r, "reserve"); |
} |
} |
} |
} |
|
|