Mercurial > dropbear

annotate cli-agentfwd.c @ 1857:6022df862942

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Use DSCP for IP QoS traffic classes The previous TOS values are deprecated and not used by modern traffic classifiers. This sets AF21 for "interactive" traffic (with a tty). Non-tty traffic sets AF11 - that indicates high throughput but is not lowest priority (which would be CS1 or LE). This differs from the CS1 used by OpenSSH, it lets interactive git over SSH have higher priority than background least effort traffic. Dropbear's settings here should be suitable with the diffservs used by CAKE qdisc.
author Matt Johnston <matt@ucc.asn.au>
date Tue, 25 Jan 2022 17:32:20 +0800
parents a7cc3332d8ab
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
225
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1 /*
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
2 * Dropbear - a SSH2 server
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
3 *
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
4 * Copyright (c) 2005 Matt Johnston
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
5 * All rights reserved.
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
6 *
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
8 * of this software and associated documentation files (the "Software"), to deal
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
9 * in the Software without restriction, including without limitation the rights
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
11 * copies of the Software, and to permit persons to whom the Software is
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
12 * furnished to do so, subject to the following conditions:
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
13 *
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
14 * The above copyright notice and this permission notice shall be included in
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
15 * all copies or substantial portions of the Software.
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
16 *
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
23 * SOFTWARE. */
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
24
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
25 #include "includes.h"
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
26
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1057
diff changeset
27 #if DROPBEAR_CLI_AGENTFWD
225
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
28
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
29 #include "agentfwd.h"
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
30 #include "session.h"
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
31 #include "ssh.h"
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
32 #include "dbutil.h"
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
33 #include "chansession.h"
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
34 #include "channel.h"
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
35 #include "packet.h"
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
36 #include "buffer.h"
858
220f55d540ae rename random.h to dbrandom.h since some OSes have a system random.h
Matt Johnston <matt@ucc.asn.au>
parents: 857
diff changeset
37 #include "dbrandom.h"
225
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
38 #include "listener.h"
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
39 #include "runopts.h"
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
40 #include "atomicio.h"
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
41 #include "signkey.h"
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
42 #include "auth.h"
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
43
551
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
44 /* The protocol implemented to talk to OpenSSH's SSH2 agent is documented in
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
45 PROTOCOL.agent in recent OpenSSH source distributions (5.1p1 has it). */
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
46
225
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
47 static int new_agent_chan(struct Channel * channel);
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
48
547
cf376c696dfc Make it compile, update for changes in channel structure.
Matt Johnston <matt@ucc.asn.au>
parents: 225
diff changeset
49 const struct ChanType cli_chan_agent = {
225
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
50 "[email protected]",
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
51 new_agent_chan,
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
52 NULL,
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
53 NULL,
1625
79eef94ccea9 Split ChanType closehandler() and cleanup() so that dbclient doesn't
Matt Johnston <matt@ucc.asn.au>
parents: 1459
diff changeset
54 NULL,
225
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
55 NULL
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
56 };
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
57
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
58 static int connect_agent() {
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
59
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
60 int fd = -1;
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
61 char* agent_sock = NULL;
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
62
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
63 agent_sock = getenv("SSH_AUTH_SOCK");
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
64 if (agent_sock == NULL)
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
65 return -1;
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
66
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
67 fd = connect_unix(agent_sock);
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
68
563
12fc5b342dc0 - Don't print warning if SSH_AUTH_SOCK is unset
Matt Johnston <matt@ucc.asn.au>
parents: 562
diff changeset
69 if (fd < 0) {
12fc5b342dc0 - Don't print warning if SSH_AUTH_SOCK is unset
Matt Johnston <matt@ucc.asn.au>
parents: 562
diff changeset
70 dropbear_log(LOG_INFO, "Failed to connect to agent");
12fc5b342dc0 - Don't print warning if SSH_AUTH_SOCK is unset
Matt Johnston <matt@ucc.asn.au>
parents: 562
diff changeset
71 }
12fc5b342dc0 - Don't print warning if SSH_AUTH_SOCK is unset
Matt Johnston <matt@ucc.asn.au>
parents: 562
diff changeset
72
225
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
73 return fd;
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
74 }
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
75
857
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 761
diff changeset
76 /* handle a request for a connection to the locally running ssh-agent
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 761
diff changeset
77 or forward. */
225
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
78 static int new_agent_chan(struct Channel * channel) {
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
79
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
80 int fd = -1;
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
81
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
82 if (!cli_opts.agent_fwd)
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
83 return SSH_OPEN_ADMINISTRATIVELY_PROHIBITED;
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
84
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
85 fd = connect_agent();
610
3c5f631358a0 Fix check of wrong variable found by Klocwork
Matt Johnston <matt@ucc.asn.au>
parents: 563
diff changeset
86 if (fd < 0) {
562
a900cb1c53fa - Handle failure to connect to forwarding socket
Matt Johnston <matt@ucc.asn.au>
parents: 560
diff changeset
87 return SSH_OPEN_CONNECT_FAILED;
a900cb1c53fa - Handle failure to connect to forwarding socket
Matt Johnston <matt@ucc.asn.au>
parents: 560
diff changeset
88 }
225
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
89
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
90 setnonblocking(fd);
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
91
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
92 ses.maxfd = MAX(ses.maxfd, fd);
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
93
547
cf376c696dfc Make it compile, update for changes in channel structure.
Matt Johnston <matt@ucc.asn.au>
parents: 225
diff changeset
94 channel->readfd = fd;
cf376c696dfc Make it compile, update for changes in channel structure.
Matt Johnston <matt@ucc.asn.au>
parents: 225
diff changeset
95 channel->writefd = fd;
1829
a7cc3332d8ab Replace ChanType.sepfds with Channel.bidir_fd
Matt Johnston <matt@ucc.asn.au>
parents: 1682
diff changeset
96 channel->bidir_fd = 1;
225
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
97
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
98 return 0;
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
99 }
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
100
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
101 /* Sends a request to the agent, returning a newly allocated buffer
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
102 * with the response */
550
61c3513825b0 Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents: 547
diff changeset
103 /* This function will block waiting for a response - it will
61c3513825b0 Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents: 547
diff changeset
104 * only be used by client authentication (not for forwarded requests)
61c3513825b0 Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents: 547
diff changeset
105 * won't cause problems for interactivity. */
225
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
106 /* Packet format (from draft-ylonen)
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
107 4 bytes Length, msb first. Does not include length itself.
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
108 1 byte Packet type. The value 255 is reserved for future extensions.
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
109 data Any data, depending on packet type. Encoding as in the ssh packet
550
61c3513825b0 Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents: 547
diff changeset
110 protocol.
225
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
111 */
1459
06d52bcb8094 Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents: 1323
diff changeset
112 static buffer * agent_request(unsigned char type, const buffer *data) {
225
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
113
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
114 buffer * payload = NULL;
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
115 buffer * inbuf = NULL;
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
116 size_t readlen = 0;
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
117 ssize_t ret;
552
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
118 const int fd = cli_opts.agent_fd;
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
119 unsigned int data_len = 0;
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
120 if (data)
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
121 {
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
122 data_len = data->len;
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
123 }
225
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
124
552
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
125 payload = buf_new(4 + 1 + data_len);
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
126
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
127 buf_putint(payload, 1 + data_len);
225
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
128 buf_putbyte(payload, type);
552
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
129 if (data) {
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
130 buf_putbytes(payload, data->data, data->len);
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
131 }
550
61c3513825b0 Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents: 547
diff changeset
132 buf_setpos(payload, 0);
225
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
133
1323
83d85b28b353 upgrade atomicio
Francois Perrad <francois.perrad@gadz.org>
parents: 1295
diff changeset
134 ret = atomicio(vwrite, fd, buf_getptr(payload, payload->len), payload->len);
225
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
135 if ((size_t)ret != payload->len) {
550
61c3513825b0 Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents: 547
diff changeset
136 TRACE(("write failed fd %d for agent_request, %s", fd, strerror(errno)))
225
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
137 goto out;
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
138 }
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
139
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
140 buf_free(payload);
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
141 payload = NULL;
550
61c3513825b0 Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents: 547
diff changeset
142 TRACE(("Wrote out bytes for agent_request"))
225
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
143 /* Now we read the response */
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
144 inbuf = buf_new(4);
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
145 ret = atomicio(read, fd, buf_getwriteptr(inbuf, 4), 4);
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
146 if (ret != 4) {
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
147 TRACE(("read of length failed for agent_request"))
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
148 goto out;
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
149 }
550
61c3513825b0 Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents: 547
diff changeset
150 buf_setpos(inbuf, 0);
61c3513825b0 Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents: 547
diff changeset
151 buf_setlen(inbuf, ret);
225
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
152
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
153 readlen = buf_getint(inbuf);
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
154 if (readlen > MAX_AGENT_REPLY) {
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
155 TRACE(("agent reply is too big"));
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
156 goto out;
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
157 }
550
61c3513825b0 Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents: 547
diff changeset
158
1057
16584026a1f0 allocate buffer and data in a single allocation
Matt Johnston <matt@ucc.asn.au>
parents: 985
diff changeset
159 inbuf = buf_resize(inbuf, readlen);
550
61c3513825b0 Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents: 547
diff changeset
160 buf_setpos(inbuf, 0);
225
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
161 ret = atomicio(read, fd, buf_getwriteptr(inbuf, readlen), readlen);
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
162 if ((size_t)ret != readlen) {
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
163 TRACE(("read of data failed for agent_request"))
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
164 goto out;
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
165 }
550
61c3513825b0 Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents: 547
diff changeset
166 buf_incrwritepos(inbuf, readlen);
61c3513825b0 Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents: 547
diff changeset
167 buf_setpos(inbuf, 0);
225
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
168
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
169 out:
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
170 if (payload)
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
171 buf_free(payload);
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
172
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
173 return inbuf;
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
174 }
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
175
552
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
176 static void agent_get_key_list(m_list * ret_list)
225
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
177 {
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
178 buffer * inbuf = NULL;
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
179 unsigned int num = 0;
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
180 unsigned char packet_type;
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
181 unsigned int i;
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
182 int ret;
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
183
552
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
184 inbuf = agent_request(SSH2_AGENTC_REQUEST_IDENTITIES, NULL);
225
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
185 if (!inbuf) {
552
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
186 TRACE(("agent_request failed returning identities"))
225
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
187 goto out;
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
188 }
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
189
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
190 /* The reply has a format of:
551
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
191 byte SSH2_AGENT_IDENTITIES_ANSWER
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
192 uint32 num_keys
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
193 Followed by zero or more consecutive keys, encoded as:
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
194 string key_blob
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
195 string key_comment
225
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
196 */
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
197 packet_type = buf_getbyte(inbuf);
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
198 if (packet_type != SSH2_AGENT_IDENTITIES_ANSWER) {
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
199 goto out;
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
200 }
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
201
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
202 num = buf_getint(inbuf);
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
203 for (i = 0; i < num; i++) {
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
204 sign_key * pubkey = NULL;
864
30ab30e46452 Fix some warnings
Matt Johnston <matt@ucc.asn.au>
parents: 858
diff changeset
205 enum signkey_type key_type = DROPBEAR_SIGNKEY_ANY;
551
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
206 buffer * key_buf;
225
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
207
551
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
208 /* each public key is encoded as a string */
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
209 key_buf = buf_getstringbuf(inbuf);
225
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
210 pubkey = new_sign_key();
551
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
211 ret = buf_get_pub_key(key_buf, pubkey, &key_type);
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
212 buf_free(key_buf);
225
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
213 if (ret != DROPBEAR_SUCCESS) {
985
9bf46570868f clarify bad/unknown
Matt Johnston <matt@ucc.asn.au>
parents: 984
diff changeset
214 TRACE(("Skipping bad/unknown type pubkey from agent"));
984
d46e7f613157 Handle invalid agent keys by skipping rather than exiting.
Catalin Patulea <cat@vv.carleton.ca>
parents: 970
diff changeset
215 sign_key_free(pubkey);
d46e7f613157 Handle invalid agent keys by skipping rather than exiting.
Catalin Patulea <cat@vv.carleton.ca>
parents: 970
diff changeset
216 } else {
d46e7f613157 Handle invalid agent keys by skipping rather than exiting.
Catalin Patulea <cat@vv.carleton.ca>
parents: 970
diff changeset
217 pubkey->type = key_type;
d46e7f613157 Handle invalid agent keys by skipping rather than exiting.
Catalin Patulea <cat@vv.carleton.ca>
parents: 970
diff changeset
218 pubkey->source = SIGNKEY_SOURCE_AGENT;
d46e7f613157 Handle invalid agent keys by skipping rather than exiting.
Catalin Patulea <cat@vv.carleton.ca>
parents: 970
diff changeset
219
d46e7f613157 Handle invalid agent keys by skipping rather than exiting.
Catalin Patulea <cat@vv.carleton.ca>
parents: 970
diff changeset
220 list_append(ret_list, pubkey);
225
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
221 }
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
222
551
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
223 /* We'll ignore the comment for now. might want it later.*/
225
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
224 buf_eatstring(inbuf);
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
225 }
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
226
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
227 out:
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
228 if (inbuf) {
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
229 buf_free(inbuf);
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
230 inbuf = NULL;
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
231 }
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
232 }
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
233
1459
06d52bcb8094 Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents: 1323
diff changeset
234 void cli_setup_agent(const struct Channel *channel) {
560
52d7301e46bd Agent forwarding works
Matt Johnston <matt@ucc.asn.au>
parents: 552
diff changeset
235 if (!getenv("SSH_AUTH_SOCK")) {
52d7301e46bd Agent forwarding works
Matt Johnston <matt@ucc.asn.au>
parents: 552
diff changeset
236 return;
52d7301e46bd Agent forwarding works
Matt Johnston <matt@ucc.asn.au>
parents: 552
diff changeset
237 }
52d7301e46bd Agent forwarding works
Matt Johnston <matt@ucc.asn.au>
parents: 552
diff changeset
238
970
0bb16232e7c4 Make keepalive handling more robust, this should now match what OpenSSH does
Matt Johnston <matt@ucc.asn.au>
parents: 864
diff changeset
239 start_send_channel_request(channel, "[email protected]");
560
52d7301e46bd Agent forwarding works
Matt Johnston <matt@ucc.asn.au>
parents: 552
diff changeset
240 /* Don't want replies */
52d7301e46bd Agent forwarding works
Matt Johnston <matt@ucc.asn.au>
parents: 552
diff changeset
241 buf_putbyte(ses.writepayload, 0);
52d7301e46bd Agent forwarding works
Matt Johnston <matt@ucc.asn.au>
parents: 552
diff changeset
242 encrypt_packet();
52d7301e46bd Agent forwarding works
Matt Johnston <matt@ucc.asn.au>
parents: 552
diff changeset
243 }
52d7301e46bd Agent forwarding works
Matt Johnston <matt@ucc.asn.au>
parents: 552
diff changeset
244
551
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
245 /* Returned keys are prepended to ret_list, which will
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
246 be updated. */
560
52d7301e46bd Agent forwarding works
Matt Johnston <matt@ucc.asn.au>
parents: 552
diff changeset
247 void cli_load_agent_keys(m_list *ret_list) {
552
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
248 /* agent_fd will be closed after successful auth */
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
249 cli_opts.agent_fd = connect_agent();
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
250 if (cli_opts.agent_fd < 0) {
547
cf376c696dfc Make it compile, update for changes in channel structure.
Matt Johnston <matt@ucc.asn.au>
parents: 225
diff changeset
251 return;
225
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
252 }
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
253
552
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
254 agent_get_key_list(ret_list);
225
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
255 }
551
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
256
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
257 void agent_buf_sign(buffer *sigblob, sign_key *key,
1682
a53e7d2d60be rsa-sha256 for ssh-agent
Matt Johnston <matt@ucc.asn.au>
parents: 1625
diff changeset
258 const buffer *data_buf, enum signature_type sigtype) {
612
1aee049681bd Tidy error handling and get rid of some commented out code
Matt Johnston <matt@ucc.asn.au>
parents: 610
diff changeset
259 buffer *request_data = NULL;
1aee049681bd Tidy error handling and get rid of some commented out code
Matt Johnston <matt@ucc.asn.au>
parents: 610
diff changeset
260 buffer *response = NULL;
653
5e8d84f3ee72 - Remove unused variable/code
Matt Johnston <matt@ucc.asn.au>
parents: 612
diff changeset
261 unsigned int siglen;
552
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
262 int packet_type;
1682
a53e7d2d60be rsa-sha256 for ssh-agent
Matt Johnston <matt@ucc.asn.au>
parents: 1625
diff changeset
263 int flags = 0;
552
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
264
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
265 /* Request format
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
266 byte SSH2_AGENTC_SIGN_REQUEST
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
267 string key_blob
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
268 string data
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
269 uint32 flags
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
270 */
761
ac2158e3e403 ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents: 760
diff changeset
271 request_data = buf_new(MAX_PUBKEY_SIZE + data_buf->len + 12);
552
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
272 buf_put_pub_key(request_data, key, key->type);
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
273
760
f336d232fc63 Make _sign and _verify functions take a buffer* rather than void* and int
Matt Johnston <matt@ucc.asn.au>
parents: 723
diff changeset
274 buf_putbufstring(request_data, data_buf);
1682
a53e7d2d60be rsa-sha256 for ssh-agent
Matt Johnston <matt@ucc.asn.au>
parents: 1625
diff changeset
275 #if DROPBEAR_RSA_SHA256
a53e7d2d60be rsa-sha256 for ssh-agent
Matt Johnston <matt@ucc.asn.au>
parents: 1625
diff changeset
276 if (sigtype == DROPBEAR_SIGNATURE_RSA_SHA256) {
a53e7d2d60be rsa-sha256 for ssh-agent
Matt Johnston <matt@ucc.asn.au>
parents: 1625
diff changeset
277 flags |= SSH_AGENT_RSA_SHA2_256;
a53e7d2d60be rsa-sha256 for ssh-agent
Matt Johnston <matt@ucc.asn.au>
parents: 1625
diff changeset
278 }
a53e7d2d60be rsa-sha256 for ssh-agent
Matt Johnston <matt@ucc.asn.au>
parents: 1625
diff changeset
279 #endif
a53e7d2d60be rsa-sha256 for ssh-agent
Matt Johnston <matt@ucc.asn.au>
parents: 1625
diff changeset
280 buf_putint(request_data, flags);
552
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
281
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
282 response = agent_request(SSH2_AGENTC_SIGN_REQUEST, request_data);
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
283
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
284 if (!response) {
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
285 goto fail;
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
286 }
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
287
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
288 packet_type = buf_getbyte(response);
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
289 if (packet_type != SSH2_AGENT_SIGN_RESPONSE) {
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
290 goto fail;
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
291 }
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
292
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
293 /* Response format
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
294 byte SSH2_AGENT_SIGN_RESPONSE
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
295 string signature_blob
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
296 */
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
297 siglen = buf_getint(response);
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
298 buf_putbytes(sigblob, buf_getptr(response, siglen), siglen);
612
1aee049681bd Tidy error handling and get rid of some commented out code
Matt Johnston <matt@ucc.asn.au>
parents: 610
diff changeset
299 goto cleanup;
552
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
300
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
301 fail:
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
302 /* XXX don't fail badly here. instead propagate a failure code back up to
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
303 the cli auth pubkey code, and just remove this key from the list of
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
304 ones to try. */
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
305 dropbear_exit("Agent failed signing key");
612
1aee049681bd Tidy error handling and get rid of some commented out code
Matt Johnston <matt@ucc.asn.au>
parents: 610
diff changeset
306
1aee049681bd Tidy error handling and get rid of some commented out code
Matt Johnston <matt@ucc.asn.au>
parents: 610
diff changeset
307 cleanup:
1aee049681bd Tidy error handling and get rid of some commented out code
Matt Johnston <matt@ucc.asn.au>
parents: 610
diff changeset
308 if (request_data) {
1aee049681bd Tidy error handling and get rid of some commented out code
Matt Johnston <matt@ucc.asn.au>
parents: 610
diff changeset
309 buf_free(request_data);
1aee049681bd Tidy error handling and get rid of some commented out code
Matt Johnston <matt@ucc.asn.au>
parents: 610
diff changeset
310 }
1aee049681bd Tidy error handling and get rid of some commented out code
Matt Johnston <matt@ucc.asn.au>
parents: 610
diff changeset
311 if (response) {
1aee049681bd Tidy error handling and get rid of some commented out code
Matt Johnston <matt@ucc.asn.au>
parents: 610
diff changeset
312 buf_free(response);
1aee049681bd Tidy error handling and get rid of some commented out code
Matt Johnston <matt@ucc.asn.au>
parents: 610
diff changeset
313 }
551
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
314 }
225
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
315
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
316 #endif