Mercurial > dropbear
annotate cli-agentfwd.c @ 1904:be236878efcf
Add -v variable debug levels for server too
-vvvv is equivalent to the old -v
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Thu, 24 Mar 2022 14:44:13 +0800 |
parents | a7cc3332d8ab |
children |
rev | line source |
---|---|
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 /* |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 * Dropbear - a SSH2 server |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
3 * |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
4 * Copyright (c) 2005 Matt Johnston |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
5 * All rights reserved. |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
6 * |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
7 * Permission is hereby granted, free of charge, to any person obtaining a copy |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
8 * of this software and associated documentation files (the "Software"), to deal |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
9 * in the Software without restriction, including without limitation the rights |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
11 * copies of the Software, and to permit persons to whom the Software is |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
12 * furnished to do so, subject to the following conditions: |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
13 * |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
14 * The above copyright notice and this permission notice shall be included in |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
15 * all copies or substantial portions of the Software. |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 * |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
23 * SOFTWARE. */ |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
24 |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
25 #include "includes.h" |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
26 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1057
diff
changeset
|
27 #if DROPBEAR_CLI_AGENTFWD |
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
28 |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
29 #include "agentfwd.h" |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
30 #include "session.h" |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
31 #include "ssh.h" |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
32 #include "dbutil.h" |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
33 #include "chansession.h" |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
34 #include "channel.h" |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
35 #include "packet.h" |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
36 #include "buffer.h" |
858
220f55d540ae
rename random.h to dbrandom.h since some OSes have a system random.h
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
37 #include "dbrandom.h" |
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
38 #include "listener.h" |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
39 #include "runopts.h" |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
40 #include "atomicio.h" |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
41 #include "signkey.h" |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
42 #include "auth.h" |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
43 |
551
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
44 /* The protocol implemented to talk to OpenSSH's SSH2 agent is documented in |
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
45 PROTOCOL.agent in recent OpenSSH source distributions (5.1p1 has it). */ |
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
46 |
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
47 static int new_agent_chan(struct Channel * channel); |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
48 |
547
cf376c696dfc
Make it compile, update for changes in channel structure.
Matt Johnston <matt@ucc.asn.au>
parents:
225
diff
changeset
|
49 const struct ChanType cli_chan_agent = { |
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
50 "[email protected]", |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
51 new_agent_chan, |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
52 NULL, |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
53 NULL, |
1625
79eef94ccea9
Split ChanType closehandler() and cleanup() so that dbclient doesn't
Matt Johnston <matt@ucc.asn.au>
parents:
1459
diff
changeset
|
54 NULL, |
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
55 NULL |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
56 }; |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
57 |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
58 static int connect_agent() { |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
59 |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
60 int fd = -1; |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
61 char* agent_sock = NULL; |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
62 |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
63 agent_sock = getenv("SSH_AUTH_SOCK"); |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
64 if (agent_sock == NULL) |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
65 return -1; |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
66 |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
67 fd = connect_unix(agent_sock); |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
68 |
563
12fc5b342dc0
- Don't print warning if SSH_AUTH_SOCK is unset
Matt Johnston <matt@ucc.asn.au>
parents:
562
diff
changeset
|
69 if (fd < 0) { |
12fc5b342dc0
- Don't print warning if SSH_AUTH_SOCK is unset
Matt Johnston <matt@ucc.asn.au>
parents:
562
diff
changeset
|
70 dropbear_log(LOG_INFO, "Failed to connect to agent"); |
12fc5b342dc0
- Don't print warning if SSH_AUTH_SOCK is unset
Matt Johnston <matt@ucc.asn.au>
parents:
562
diff
changeset
|
71 } |
12fc5b342dc0
- Don't print warning if SSH_AUTH_SOCK is unset
Matt Johnston <matt@ucc.asn.au>
parents:
562
diff
changeset
|
72 |
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
73 return fd; |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
74 } |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
75 |
857 | 76 /* handle a request for a connection to the locally running ssh-agent |
77 or forward. */ | |
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
78 static int new_agent_chan(struct Channel * channel) { |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
79 |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
80 int fd = -1; |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
81 |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
82 if (!cli_opts.agent_fwd) |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
83 return SSH_OPEN_ADMINISTRATIVELY_PROHIBITED; |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
84 |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
85 fd = connect_agent(); |
610
3c5f631358a0
Fix check of wrong variable found by Klocwork
Matt Johnston <matt@ucc.asn.au>
parents:
563
diff
changeset
|
86 if (fd < 0) { |
562
a900cb1c53fa
- Handle failure to connect to forwarding socket
Matt Johnston <matt@ucc.asn.au>
parents:
560
diff
changeset
|
87 return SSH_OPEN_CONNECT_FAILED; |
a900cb1c53fa
- Handle failure to connect to forwarding socket
Matt Johnston <matt@ucc.asn.au>
parents:
560
diff
changeset
|
88 } |
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
89 |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
90 setnonblocking(fd); |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
91 |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
92 ses.maxfd = MAX(ses.maxfd, fd); |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
93 |
547
cf376c696dfc
Make it compile, update for changes in channel structure.
Matt Johnston <matt@ucc.asn.au>
parents:
225
diff
changeset
|
94 channel->readfd = fd; |
cf376c696dfc
Make it compile, update for changes in channel structure.
Matt Johnston <matt@ucc.asn.au>
parents:
225
diff
changeset
|
95 channel->writefd = fd; |
1829
a7cc3332d8ab
Replace ChanType.sepfds with Channel.bidir_fd
Matt Johnston <matt@ucc.asn.au>
parents:
1682
diff
changeset
|
96 channel->bidir_fd = 1; |
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
97 |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
98 return 0; |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
99 } |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
100 |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
101 /* Sends a request to the agent, returning a newly allocated buffer |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
102 * with the response */ |
550
61c3513825b0
Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents:
547
diff
changeset
|
103 /* This function will block waiting for a response - it will |
61c3513825b0
Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents:
547
diff
changeset
|
104 * only be used by client authentication (not for forwarded requests) |
61c3513825b0
Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents:
547
diff
changeset
|
105 * won't cause problems for interactivity. */ |
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
106 /* Packet format (from draft-ylonen) |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
107 4 bytes Length, msb first. Does not include length itself. |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
108 1 byte Packet type. The value 255 is reserved for future extensions. |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
109 data Any data, depending on packet type. Encoding as in the ssh packet |
550
61c3513825b0
Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents:
547
diff
changeset
|
110 protocol. |
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
111 */ |
1459
06d52bcb8094
Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents:
1323
diff
changeset
|
112 static buffer * agent_request(unsigned char type, const buffer *data) { |
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
113 |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
114 buffer * payload = NULL; |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
115 buffer * inbuf = NULL; |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
116 size_t readlen = 0; |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
117 ssize_t ret; |
552
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
118 const int fd = cli_opts.agent_fd; |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
119 unsigned int data_len = 0; |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
120 if (data) |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
121 { |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
122 data_len = data->len; |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
123 } |
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
124 |
552
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
125 payload = buf_new(4 + 1 + data_len); |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
126 |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
127 buf_putint(payload, 1 + data_len); |
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
128 buf_putbyte(payload, type); |
552
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
129 if (data) { |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
130 buf_putbytes(payload, data->data, data->len); |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
131 } |
550
61c3513825b0
Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents:
547
diff
changeset
|
132 buf_setpos(payload, 0); |
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
133 |
1323
83d85b28b353
upgrade atomicio
Francois Perrad <francois.perrad@gadz.org>
parents:
1295
diff
changeset
|
134 ret = atomicio(vwrite, fd, buf_getptr(payload, payload->len), payload->len); |
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
135 if ((size_t)ret != payload->len) { |
550
61c3513825b0
Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents:
547
diff
changeset
|
136 TRACE(("write failed fd %d for agent_request, %s", fd, strerror(errno))) |
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
137 goto out; |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
138 } |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
139 |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
140 buf_free(payload); |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
141 payload = NULL; |
550
61c3513825b0
Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents:
547
diff
changeset
|
142 TRACE(("Wrote out bytes for agent_request")) |
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
143 /* Now we read the response */ |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
144 inbuf = buf_new(4); |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
145 ret = atomicio(read, fd, buf_getwriteptr(inbuf, 4), 4); |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
146 if (ret != 4) { |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
147 TRACE(("read of length failed for agent_request")) |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
148 goto out; |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
149 } |
550
61c3513825b0
Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents:
547
diff
changeset
|
150 buf_setpos(inbuf, 0); |
61c3513825b0
Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents:
547
diff
changeset
|
151 buf_setlen(inbuf, ret); |
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
152 |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
153 readlen = buf_getint(inbuf); |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
154 if (readlen > MAX_AGENT_REPLY) { |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
155 TRACE(("agent reply is too big")); |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
156 goto out; |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
157 } |
550
61c3513825b0
Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents:
547
diff
changeset
|
158 |
1057
16584026a1f0
allocate buffer and data in a single allocation
Matt Johnston <matt@ucc.asn.au>
parents:
985
diff
changeset
|
159 inbuf = buf_resize(inbuf, readlen); |
550
61c3513825b0
Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents:
547
diff
changeset
|
160 buf_setpos(inbuf, 0); |
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
161 ret = atomicio(read, fd, buf_getwriteptr(inbuf, readlen), readlen); |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
162 if ((size_t)ret != readlen) { |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
163 TRACE(("read of data failed for agent_request")) |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
164 goto out; |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
165 } |
550
61c3513825b0
Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents:
547
diff
changeset
|
166 buf_incrwritepos(inbuf, readlen); |
61c3513825b0
Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents:
547
diff
changeset
|
167 buf_setpos(inbuf, 0); |
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
168 |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
169 out: |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
170 if (payload) |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
171 buf_free(payload); |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
172 |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
173 return inbuf; |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
174 } |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
175 |
552
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
176 static void agent_get_key_list(m_list * ret_list) |
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
177 { |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
178 buffer * inbuf = NULL; |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
179 unsigned int num = 0; |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
180 unsigned char packet_type; |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
181 unsigned int i; |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
182 int ret; |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
183 |
552
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
184 inbuf = agent_request(SSH2_AGENTC_REQUEST_IDENTITIES, NULL); |
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
185 if (!inbuf) { |
552
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
186 TRACE(("agent_request failed returning identities")) |
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
187 goto out; |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
188 } |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
189 |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
190 /* The reply has a format of: |
551
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
191 byte SSH2_AGENT_IDENTITIES_ANSWER |
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
192 uint32 num_keys |
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
193 Followed by zero or more consecutive keys, encoded as: |
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
194 string key_blob |
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
195 string key_comment |
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
196 */ |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
197 packet_type = buf_getbyte(inbuf); |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
198 if (packet_type != SSH2_AGENT_IDENTITIES_ANSWER) { |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
199 goto out; |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
200 } |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
201 |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
202 num = buf_getint(inbuf); |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
203 for (i = 0; i < num; i++) { |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
204 sign_key * pubkey = NULL; |
864 | 205 enum signkey_type key_type = DROPBEAR_SIGNKEY_ANY; |
551
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
206 buffer * key_buf; |
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
207 |
551
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
208 /* each public key is encoded as a string */ |
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
209 key_buf = buf_getstringbuf(inbuf); |
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
210 pubkey = new_sign_key(); |
551
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
211 ret = buf_get_pub_key(key_buf, pubkey, &key_type); |
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
212 buf_free(key_buf); |
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
213 if (ret != DROPBEAR_SUCCESS) { |
985 | 214 TRACE(("Skipping bad/unknown type pubkey from agent")); |
984
d46e7f613157
Handle invalid agent keys by skipping rather than exiting.
Catalin Patulea <cat@vv.carleton.ca>
parents:
970
diff
changeset
|
215 sign_key_free(pubkey); |
d46e7f613157
Handle invalid agent keys by skipping rather than exiting.
Catalin Patulea <cat@vv.carleton.ca>
parents:
970
diff
changeset
|
216 } else { |
d46e7f613157
Handle invalid agent keys by skipping rather than exiting.
Catalin Patulea <cat@vv.carleton.ca>
parents:
970
diff
changeset
|
217 pubkey->type = key_type; |
d46e7f613157
Handle invalid agent keys by skipping rather than exiting.
Catalin Patulea <cat@vv.carleton.ca>
parents:
970
diff
changeset
|
218 pubkey->source = SIGNKEY_SOURCE_AGENT; |
d46e7f613157
Handle invalid agent keys by skipping rather than exiting.
Catalin Patulea <cat@vv.carleton.ca>
parents:
970
diff
changeset
|
219 |
d46e7f613157
Handle invalid agent keys by skipping rather than exiting.
Catalin Patulea <cat@vv.carleton.ca>
parents:
970
diff
changeset
|
220 list_append(ret_list, pubkey); |
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
221 } |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
222 |
551
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
223 /* We'll ignore the comment for now. might want it later.*/ |
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
224 buf_eatstring(inbuf); |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
225 } |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
226 |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
227 out: |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
228 if (inbuf) { |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
229 buf_free(inbuf); |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
230 inbuf = NULL; |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
231 } |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
232 } |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
233 |
1459
06d52bcb8094
Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents:
1323
diff
changeset
|
234 void cli_setup_agent(const struct Channel *channel) { |
560 | 235 if (!getenv("SSH_AUTH_SOCK")) { |
236 return; | |
237 } | |
238 | |
970
0bb16232e7c4
Make keepalive handling more robust, this should now match what OpenSSH does
Matt Johnston <matt@ucc.asn.au>
parents:
864
diff
changeset
|
239 start_send_channel_request(channel, "[email protected]"); |
560 | 240 /* Don't want replies */ |
241 buf_putbyte(ses.writepayload, 0); | |
242 encrypt_packet(); | |
243 } | |
244 | |
551
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
245 /* Returned keys are prepended to ret_list, which will |
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
246 be updated. */ |
560 | 247 void cli_load_agent_keys(m_list *ret_list) { |
552
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
248 /* agent_fd will be closed after successful auth */ |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
249 cli_opts.agent_fd = connect_agent(); |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
250 if (cli_opts.agent_fd < 0) { |
547
cf376c696dfc
Make it compile, update for changes in channel structure.
Matt Johnston <matt@ucc.asn.au>
parents:
225
diff
changeset
|
251 return; |
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
252 } |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
253 |
552
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
254 agent_get_key_list(ret_list); |
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
255 } |
551
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
256 |
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
257 void agent_buf_sign(buffer *sigblob, sign_key *key, |
1682 | 258 const buffer *data_buf, enum signature_type sigtype) { |
612
1aee049681bd
Tidy error handling and get rid of some commented out code
Matt Johnston <matt@ucc.asn.au>
parents:
610
diff
changeset
|
259 buffer *request_data = NULL; |
1aee049681bd
Tidy error handling and get rid of some commented out code
Matt Johnston <matt@ucc.asn.au>
parents:
610
diff
changeset
|
260 buffer *response = NULL; |
653
5e8d84f3ee72
- Remove unused variable/code
Matt Johnston <matt@ucc.asn.au>
parents:
612
diff
changeset
|
261 unsigned int siglen; |
552
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
262 int packet_type; |
1682 | 263 int flags = 0; |
552
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
264 |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
265 /* Request format |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
266 byte SSH2_AGENTC_SIGN_REQUEST |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
267 string key_blob |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
268 string data |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
269 uint32 flags |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
270 */ |
761
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
760
diff
changeset
|
271 request_data = buf_new(MAX_PUBKEY_SIZE + data_buf->len + 12); |
552
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
272 buf_put_pub_key(request_data, key, key->type); |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
273 |
760
f336d232fc63
Make _sign and _verify functions take a buffer* rather than void* and int
Matt Johnston <matt@ucc.asn.au>
parents:
723
diff
changeset
|
274 buf_putbufstring(request_data, data_buf); |
1682 | 275 #if DROPBEAR_RSA_SHA256 |
276 if (sigtype == DROPBEAR_SIGNATURE_RSA_SHA256) { | |
277 flags |= SSH_AGENT_RSA_SHA2_256; | |
278 } | |
279 #endif | |
280 buf_putint(request_data, flags); | |
552
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
281 |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
282 response = agent_request(SSH2_AGENTC_SIGN_REQUEST, request_data); |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
283 |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
284 if (!response) { |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
285 goto fail; |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
286 } |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
287 |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
288 packet_type = buf_getbyte(response); |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
289 if (packet_type != SSH2_AGENT_SIGN_RESPONSE) { |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
290 goto fail; |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
291 } |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
292 |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
293 /* Response format |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
294 byte SSH2_AGENT_SIGN_RESPONSE |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
295 string signature_blob |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
296 */ |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
297 siglen = buf_getint(response); |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
298 buf_putbytes(sigblob, buf_getptr(response, siglen), siglen); |
612
1aee049681bd
Tidy error handling and get rid of some commented out code
Matt Johnston <matt@ucc.asn.au>
parents:
610
diff
changeset
|
299 goto cleanup; |
552
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
300 |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
301 fail: |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
302 /* XXX don't fail badly here. instead propagate a failure code back up to |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
303 the cli auth pubkey code, and just remove this key from the list of |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
304 ones to try. */ |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
305 dropbear_exit("Agent failed signing key"); |
612
1aee049681bd
Tidy error handling and get rid of some commented out code
Matt Johnston <matt@ucc.asn.au>
parents:
610
diff
changeset
|
306 |
1aee049681bd
Tidy error handling and get rid of some commented out code
Matt Johnston <matt@ucc.asn.au>
parents:
610
diff
changeset
|
307 cleanup: |
1aee049681bd
Tidy error handling and get rid of some commented out code
Matt Johnston <matt@ucc.asn.au>
parents:
610
diff
changeset
|
308 if (request_data) { |
1aee049681bd
Tidy error handling and get rid of some commented out code
Matt Johnston <matt@ucc.asn.au>
parents:
610
diff
changeset
|
309 buf_free(request_data); |
1aee049681bd
Tidy error handling and get rid of some commented out code
Matt Johnston <matt@ucc.asn.au>
parents:
610
diff
changeset
|
310 } |
1aee049681bd
Tidy error handling and get rid of some commented out code
Matt Johnston <matt@ucc.asn.au>
parents:
610
diff
changeset
|
311 if (response) { |
1aee049681bd
Tidy error handling and get rid of some commented out code
Matt Johnston <matt@ucc.asn.au>
parents:
610
diff
changeset
|
312 buf_free(response); |
1aee049681bd
Tidy error handling and get rid of some commented out code
Matt Johnston <matt@ucc.asn.au>
parents:
610
diff
changeset
|
313 } |
551
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
314 } |
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
315 |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
316 #endif |