diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2002-06-21 00:04:48 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2002-06-21 00:04:48 +0000 |
commit | 4eb4c4e1ef39906056e282d6e160350dcd3fa533 (patch) | |
tree | 9a31a7dc0115b01bc26d57fb488fb9cadf6b499d | |
parent | f0bfa839bda8309c45b807e55bb2b2dfac7a6f9a (diff) | |
download | openssh-git-4eb4c4e1ef39906056e282d6e160350dcd3fa533.tar.gz |
- markus@cvs.openbsd.org 2002/06/15 00:01:36
[authfd.c authfd.h ssh-add.c ssh-agent.c]
break agent key lifetime protocol and allow other contraints for key
usage.
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | authfd.c | 13 | ||||
-rw-r--r-- | authfd.h | 12 | ||||
-rw-r--r-- | ssh-add.c | 4 | ||||
-rw-r--r-- | ssh-agent.c | 27 |
5 files changed, 38 insertions, 24 deletions
@@ -5,6 +5,10 @@ - todd@cvs.openbsd.org 2002/06/14 21:35:00 [monitor_wrap.c] spelling; from Brian Poole <raj@cerias.purdue.edu> + - markus@cvs.openbsd.org 2002/06/15 00:01:36 + [authfd.c authfd.h ssh-add.c ssh-agent.c] + break agent key lifetime protocol and allow other contraints for key + usage. 20020613 - (bal) typo of setgroup for cygwin. Patch by vinschen@redhat.com @@ -933,4 +937,4 @@ - (stevesk) entropy.c: typo in debug message - (djm) ssh-keygen -i needs seeded RNG; report from markus@ -$Id: ChangeLog,v 1.2218 2002/06/21 00:01:18 mouring Exp $ +$Id: ChangeLog,v 1.2219 2002/06/21 00:04:48 mouring Exp $ @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfd.c,v 1.51 2002/06/05 21:55:44 markus Exp $"); +RCSID("$OpenBSD: authfd.c,v 1.52 2002/06/15 00:01:36 markus Exp $"); #include <openssl/evp.h> @@ -552,7 +552,7 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key) } int -ssh_lifetime_identity(AuthenticationConnection *auth, Key *key, u_int life) +ssh_contrain_identity(AuthenticationConnection *auth, Key *key, u_int life) { Buffer msg; int type; @@ -562,21 +562,22 @@ ssh_lifetime_identity(AuthenticationConnection *auth, Key *key, u_int life) buffer_init(&msg); if (key->type == KEY_RSA1) { - buffer_put_char(&msg, SSH_AGENTC_LIFETIME_IDENTITY1); - buffer_put_int(&msg, life); + buffer_put_char(&msg, SSH_AGENTC_CONTRAIN_IDENTITY1); buffer_put_int(&msg, BN_num_bits(key->rsa->n)); buffer_put_bignum(&msg, key->rsa->e); buffer_put_bignum(&msg, key->rsa->n); } else if (key->type == KEY_DSA || key->type == KEY_RSA) { key_to_blob(key, &blob, &blen); - buffer_put_char(&msg, SSH_AGENTC_LIFETIME_IDENTITY); - buffer_put_int(&msg, life); + buffer_put_char(&msg, SSH_AGENTC_CONTRAIN_IDENTITY); buffer_put_string(&msg, blob, blen); xfree(blob); } else { buffer_free(&msg); return 0; } + buffer_put_char(&msg, SSH_AGENT_CONTRAIN_LIFETIME); + buffer_put_int(&msg, life); + if (ssh_request_reply(auth, &msg, &msg) == 0) { buffer_free(&msg); return 0; @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.h,v 1.26 2002/06/05 21:55:44 markus Exp $ */ +/* $OpenBSD: authfd.h,v 1.27 2002/06/15 00:01:36 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -46,9 +46,11 @@ #define SSH_AGENTC_LOCK 22 #define SSH_AGENTC_UNLOCK 23 -/* set key lifetime */ -#define SSH_AGENTC_LIFETIME_IDENTITY1 24 -#define SSH_AGENTC_LIFETIME_IDENTITY 25 +/* constrain key usage */ +#define SSH_AGENTC_CONTRAIN_IDENTITY1 24 +#define SSH_AGENTC_CONTRAIN_IDENTITY 25 + +#define SSH_AGENT_CONTRAIN_LIFETIME 1 /* extended failure messages */ #define SSH2_AGENT_FAILURE 30 @@ -73,7 +75,7 @@ int ssh_get_num_identities(AuthenticationConnection *, int); Key *ssh_get_first_identity(AuthenticationConnection *, char **, int); Key *ssh_get_next_identity(AuthenticationConnection *, char **, int); int ssh_add_identity(AuthenticationConnection *, Key *, const char *); -int ssh_lifetime_identity(AuthenticationConnection *, Key *, u_int); +int ssh_contrain_identity(AuthenticationConnection *, Key *, u_int); int ssh_remove_identity(AuthenticationConnection *, Key *); int ssh_remove_all_identities(AuthenticationConnection *, int); int ssh_lock_agent(AuthenticationConnection *, int, const char *); @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-add.c,v 1.57 2002/06/10 17:36:23 stevesk Exp $"); +RCSID("$OpenBSD: ssh-add.c,v 1.58 2002/06/15 00:01:36 markus Exp $"); #include <openssl/evp.h> @@ -171,7 +171,7 @@ add_file(AuthenticationConnection *ac, const char *filename) fprintf(stderr, "Could not add identity: %s\n", filename); if (ret == 0 && lifetime != 0) { - if (ssh_lifetime_identity(ac, private, lifetime)) { + if (ssh_contrain_identity(ac, private, lifetime)) { fprintf(stderr, "Lifetime set to %d seconds for: %s (%s)\n", lifetime, filename, comment); diff --git a/ssh-agent.c b/ssh-agent.c index b89ead6e..4a288199 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -35,7 +35,7 @@ #include "includes.h" #include "openbsd-compat/fake-queue.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.91 2002/06/11 05:46:20 mpech Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.92 2002/06/15 00:01:36 markus Exp $"); #include <openssl/evp.h> #include <openssl/md5.h> @@ -470,15 +470,13 @@ send: } static void -process_lifetime_identity(SocketEntry *e, int version) +process_contrain_identity(SocketEntry *e, int version) { Key *key = NULL; u_char *blob; - u_int blen, bits, death; + u_int blen, bits, death = 0; int success = 0; - death = time(NULL) + buffer_get_int(&e->request); - switch (version) { case 1: key = key_new(KEY_RSA1); @@ -493,9 +491,18 @@ process_lifetime_identity(SocketEntry *e, int version) xfree(blob); break; } + while (buffer_len(&e->request)) { + switch (buffer_get_char(&e->request)) { + case SSH_AGENT_CONTRAIN_LIFETIME: + death = time(NULL) + buffer_get_int(&e->request); + break; + default: + break; + } + } if (key != NULL) { Identity *id = lookup_identity(key, version); - if (id != NULL && id->death == 0) { + if (id != NULL && id->death == 0 && death != 0) { id->death = death; success = 1; } @@ -707,8 +714,8 @@ process_message(SocketEntry *e) case SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES: process_remove_all_identities(e, 1); break; - case SSH_AGENTC_LIFETIME_IDENTITY1: - process_lifetime_identity(e, 1); + case SSH_AGENTC_CONTRAIN_IDENTITY1: + process_contrain_identity(e, 1); break; /* ssh2 */ case SSH2_AGENTC_SIGN_REQUEST: @@ -726,8 +733,8 @@ process_message(SocketEntry *e) case SSH2_AGENTC_REMOVE_ALL_IDENTITIES: process_remove_all_identities(e, 2); break; - case SSH_AGENTC_LIFETIME_IDENTITY: - process_lifetime_identity(e, 2); + case SSH_AGENTC_CONTRAIN_IDENTITY: + process_contrain_identity(e, 2); break; #ifdef SMARTCARD case SSH_AGENTC_ADD_SMARTCARD_KEY: |