Line | Source | Count |
1 | | - |
2 | | - |
3 | | - |
4 | | - |
5 | | - |
6 | | - |
7 | | - |
8 | | - |
9 | | - |
10 | | - |
11 | | - |
12 | | - |
13 | | - |
14 | | - |
15 | | - |
16 | | - |
17 | | - |
18 | | - |
19 | | - |
20 | | - |
21 | | - |
22 | | - |
23 | | - |
24 | | - |
25 | | - |
26 | | - |
27 | | - |
28 | | - |
29 | | - |
30 | | - |
31 | | - |
32 | | - |
33 | | - |
34 | | - |
35 | | - |
36 | | - |
37 | | - |
38 | #include "includes.h" | - |
39 | | - |
40 | #include <sys/types.h> | - |
41 | #include <sys/un.h> | - |
42 | #include <sys/socket.h> | - |
43 | | - |
44 | #include <fcntl.h> | - |
45 | #include <stdlib.h> | - |
46 | #include <signal.h> | - |
47 | #include <stdarg.h> | - |
48 | #include <string.h> | - |
49 | #include <unistd.h> | - |
50 | #include <errno.h> | - |
51 | | - |
52 | #include "xmalloc.h" | - |
53 | #include "ssh.h" | - |
54 | #include "sshbuf.h" | - |
55 | #include "sshkey.h" | - |
56 | #include "authfd.h" | - |
57 | #include "cipher.h" | - |
58 | #include "compat.h" | - |
59 | #include "log.h" | - |
60 | #include "atomicio.h" | - |
61 | #include "misc.h" | - |
62 | #include "ssherr.h" | - |
63 | | - |
64 | #define MAX_AGENT_IDENTITIES 2048 /* Max keys in agent reply */ | - |
65 | #define MAX_AGENT_REPLY_LEN (256 * 1024) /* Max bytes in agent reply */ | - |
66 | | - |
67 | | - |
68 | #define agent_failed(x) \ | - |
69 | ((x == SSH_AGENT_FAILURE) || \ | - |
70 | (x == SSH_COM_AGENT2_FAILURE) || \ | - |
71 | (x == SSH2_AGENT_FAILURE)) | - |
72 | | - |
73 | | - |
74 | static int | - |
75 | decode_reply(u_char type) | - |
76 | { | - |
77 | if (agent_failed(type))TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
78 | return SSH_ERR_AGENT_FAILURE; never executed: return -27; | 0 |
79 | else if (type == SSH_AGENT_SUCCESS)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
80 | return 0; never executed: return 0; | 0 |
81 | else | - |
82 | return SSH_ERR_INVALID_FORMAT; never executed: return -4; | 0 |
83 | } | - |
84 | | - |
85 | | - |
86 | int | - |
87 | ssh_get_authentication_socket(int *fdp) | - |
88 | { | - |
89 | const char *authsocket; | - |
90 | int sock, oerrno; | - |
91 | struct sockaddr_un sunaddr; | - |
92 | | - |
93 | if (fdp != NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
94 | *fdp = -1; never executed: *fdp = -1; | 0 |
95 | | - |
96 | authsocket = getenv(SSH_AUTHSOCKET_ENV_NAME); | - |
97 | if (!authsocket)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
98 | return SSH_ERR_AGENT_NOT_PRESENT; never executed: return -47; | 0 |
99 | | - |
100 | memset(&sunaddr, 0, sizeof(sunaddr)); | - |
101 | sunaddr.sun_family = AF_UNIX; | - |
102 | strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path)); | - |
103 | | - |
104 | if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) < 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
105 | return SSH_ERR_SYSTEM_ERROR; never executed: return -24; | 0 |
106 | | - |
107 | | - |
108 | if (fcntl(sock, F_SETFD, FD_CLOEXEC) == -1 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
109 | connect(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
110 | oerrno = errno; | - |
111 | close(sock); | - |
112 | errno = oerrno; | - |
113 | return SSH_ERR_SYSTEM_ERROR; never executed: return -24; | 0 |
114 | } | - |
115 | if (fdp != NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
116 | *fdp = sock; never executed: *fdp = sock; | 0 |
117 | else | - |
118 | close(sock); never executed: close(sock); | 0 |
119 | return 0; never executed: return 0; | 0 |
120 | } | - |
121 | | - |
122 | | - |
123 | static int | - |
124 | ssh_request_reply(int sock, struct sshbuf *request, struct sshbuf *reply) | - |
125 | { | - |
126 | int r; | - |
127 | size_t l, len; | - |
128 | char buf[1024]; | - |
129 | | - |
130 | | - |
131 | len = sshbuf_len(request); | - |
132 | POKE_U32(buf, len); | - |
133 | | - |
134 | | - |
135 | if (atomicio(vwrite, sock, buf, 4) != 4 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
136 | atomicio(vwrite, sock, sshbuf_mutable_ptr(request),TRUE | never evaluated | FALSE | never evaluated |
| 0 |
137 | sshbuf_len(request)) != sshbuf_len(request))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
138 | return SSH_ERR_AGENT_COMMUNICATION; never executed: return -26; | 0 |
139 | | - |
140 | | - |
141 | | - |
142 | | - |
143 | if (atomicio(read, sock, buf, 4) != 4)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
144 | return SSH_ERR_AGENT_COMMUNICATION; never executed: return -26; | 0 |
145 | | - |
146 | | - |
147 | len = PEEK_U32(buf); | - |
148 | if (len > MAX_AGENT_REPLY_LEN)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
149 | return SSH_ERR_INVALID_FORMAT; never executed: return -4; | 0 |
150 | | - |
151 | | - |
152 | sshbuf_reset(reply); | - |
153 | while (len > 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
154 | l = len; | - |
155 | if (l > sizeof(buf))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
156 | l = sizeof(buf); never executed: l = sizeof(buf); | 0 |
157 | if (atomicio(read, sock, buf, l) != l)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
158 | return SSH_ERR_AGENT_COMMUNICATION; never executed: return -26; | 0 |
159 | if ((r = sshbuf_put(reply, buf, l)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
160 | return r; never executed: return r; | 0 |
161 | len -= l; | - |
162 | } never executed: end of block | 0 |
163 | return 0; never executed: return 0; | 0 |
164 | } | - |
165 | | - |
166 | | - |
167 | | - |
168 | | - |
169 | | - |
170 | | - |
171 | void | - |
172 | ssh_close_authentication_socket(int sock) | - |
173 | { | - |
174 | if (getenv(SSH_AUTHSOCKET_ENV_NAME))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
175 | close(sock); never executed: close(sock); | 0 |
176 | } never executed: end of block | 0 |
177 | | - |
178 | | - |
179 | int | - |
180 | ssh_lock_agent(int sock, int lock, const char *password) | - |
181 | { | - |
182 | int r; | - |
183 | u_char type = lock ? SSH_AGENTC_LOCK : SSH_AGENTC_UNLOCK;TRUE | never evaluated | FALSE | never evaluated |
| 0 |
184 | struct sshbuf *msg; | - |
185 | | - |
186 | if ((msg = sshbuf_new()) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
187 | return SSH_ERR_ALLOC_FAIL; never executed: return -2; | 0 |
188 | if ((r = sshbuf_put_u8(msg, type)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
189 | (r = sshbuf_put_cstring(msg, password)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
190 | goto out; never executed: goto out; | 0 |
191 | if ((r = ssh_request_reply(sock, msg, msg)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
192 | goto out; never executed: goto out; | 0 |
193 | if ((r = sshbuf_get_u8(msg, &type)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
194 | goto out; never executed: goto out; | 0 |
195 | r = decode_reply(type); | - |
196 | out: code before this statement never executed: out: | 0 |
197 | sshbuf_free(msg); | - |
198 | return r; never executed: return r; | 0 |
199 | } | - |
200 | | - |
201 | | - |
202 | static int | - |
203 | deserialise_identity2(struct sshbuf *ids, struct sshkey **keyp, char **commentp) | - |
204 | { | - |
205 | int r; | - |
206 | char *comment = NULL; | - |
207 | const u_char *blob; | - |
208 | size_t blen; | - |
209 | | - |
210 | if ((r = sshbuf_get_string_direct(ids, &blob, &blen)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
211 | (r = sshbuf_get_cstring(ids, &comment, NULL)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
212 | goto out; never executed: goto out; | 0 |
213 | if ((r = sshkey_from_blob(blob, blen, keyp)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
214 | goto out; never executed: goto out; | 0 |
215 | if (commentp != NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
216 | *commentp = comment; | - |
217 | comment = NULL; | - |
218 | } never executed: end of block | 0 |
219 | r = 0; | - |
220 | out: code before this statement never executed: out: | 0 |
221 | free(comment); | - |
222 | return r; never executed: return r; | 0 |
223 | } | - |
224 | | - |
225 | | - |
226 | | - |
227 | | - |
228 | int | - |
229 | ssh_fetch_identitylist(int sock, struct ssh_identitylist **idlp) | - |
230 | { | - |
231 | u_char type; | - |
232 | u_int32_t num, i; | - |
233 | struct sshbuf *msg; | - |
234 | struct ssh_identitylist *idl = NULL; | - |
235 | int r; | - |
236 | | - |
237 | | - |
238 | | - |
239 | | - |
240 | | - |
241 | if ((msg = sshbuf_new()) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
242 | return SSH_ERR_ALLOC_FAIL; never executed: return -2; | 0 |
243 | if ((r = sshbuf_put_u8(msg, SSH2_AGENTC_REQUEST_IDENTITIES)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
244 | goto out; never executed: goto out; | 0 |
245 | | - |
246 | if ((r = ssh_request_reply(sock, msg, msg)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
247 | goto out; never executed: goto out; | 0 |
248 | | - |
249 | | - |
250 | if ((r = sshbuf_get_u8(msg, &type)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
251 | goto out; never executed: goto out; | 0 |
252 | if (agent_failed(type)) {TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
253 | r = SSH_ERR_AGENT_FAILURE; | - |
254 | goto out; never executed: goto out; | 0 |
255 | } else if (type != SSH2_AGENT_IDENTITIES_ANSWER) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
256 | r = SSH_ERR_INVALID_FORMAT; | - |
257 | goto out; never executed: goto out; | 0 |
258 | } | - |
259 | | - |
260 | | - |
261 | if ((r = sshbuf_get_u32(msg, &num)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
262 | goto out; never executed: goto out; | 0 |
263 | if (num > MAX_AGENT_IDENTITIES) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
264 | r = SSH_ERR_INVALID_FORMAT; | - |
265 | goto out; never executed: goto out; | 0 |
266 | } | - |
267 | if (num == 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
268 | r = SSH_ERR_AGENT_NO_IDENTITIES; | - |
269 | goto out; never executed: goto out; | 0 |
270 | } | - |
271 | | - |
272 | | - |
273 | if ((idl = calloc(1, sizeof(*idl))) == NULL ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
274 | (idl->keys = calloc(num, sizeof(*idl->keys))) == NULL ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
275 | (idl->comments = calloc(num, sizeof(*idl->comments))) == NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
276 | r = SSH_ERR_ALLOC_FAIL; | - |
277 | goto out; never executed: goto out; | 0 |
278 | } | - |
279 | for (i = 0; i < num;) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
280 | if ((r = deserialise_identity2(msg, &(idl->keys[i]),TRUE | never evaluated | FALSE | never evaluated |
| 0 |
281 | &(idl->comments[i]))) != 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
282 | if (r == SSH_ERR_KEY_TYPE_UNKNOWN) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
283 | | - |
284 | num--; | - |
285 | continue; never executed: continue; | 0 |
286 | } else | - |
287 | goto out; never executed: goto out; | 0 |
288 | } | - |
289 | i++; | - |
290 | } never executed: end of block | 0 |
291 | idl->nkeys = num; | - |
292 | *idlp = idl; | - |
293 | idl = NULL; | - |
294 | r = 0; | - |
295 | out: code before this statement never executed: out: | 0 |
296 | sshbuf_free(msg); | - |
297 | if (idl != NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
298 | ssh_free_identitylist(idl); never executed: ssh_free_identitylist(idl); | 0 |
299 | return r; never executed: return r; | 0 |
300 | } | - |
301 | | - |
302 | void | - |
303 | ssh_free_identitylist(struct ssh_identitylist *idl) | - |
304 | { | - |
305 | size_t i; | - |
306 | | - |
307 | if (idl == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
308 | return; never executed: return; | 0 |
309 | for (i = 0; i < idl->nkeys; i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
310 | if (idl->keys != NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
311 | sshkey_free(idl->keys[i]); never executed: sshkey_free(idl->keys[i]); | 0 |
312 | if (idl->comments != NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
313 | free(idl->comments[i]); never executed: free(idl->comments[i]); | 0 |
314 | } never executed: end of block | 0 |
315 | free(idl); | - |
316 | } never executed: end of block | 0 |
317 | | - |
318 | | - |
319 | | - |
320 | | - |
321 | | - |
322 | | - |
323 | | - |
324 | | - |
325 | | - |
326 | | - |
327 | static u_int | - |
328 | agent_encode_alg(const struct sshkey *key, const char *alg) | - |
329 | { | - |
330 | if (alg != NULL && key->type == KEY_RSA) {TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
331 | if (strcmp(alg, "rsa-sha2-256") == 0) never executed: __result = (((const unsigned char *) (const char *) ( alg ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "rsa-sha2-256" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
332 | return SSH_AGENT_RSA_SHA2_256; never executed: return 0x02; | 0 |
333 | else if (strcmp(alg, "rsa-sha2-512") == 0) never executed: __result = (((const unsigned char *) (const char *) ( alg ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "rsa-sha2-512" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
334 | return SSH_AGENT_RSA_SHA2_512; never executed: return 0x04; | 0 |
335 | } never executed: end of block | 0 |
336 | return 0; never executed: return 0; | 0 |
337 | } | - |
338 | | - |
339 | | - |
340 | int | - |
341 | ssh_agent_sign(int sock, const struct sshkey *key, | - |
342 | u_char **sigp, size_t *lenp, | - |
343 | const u_char *data, size_t datalen, const char *alg, u_int compat) | - |
344 | { | - |
345 | struct sshbuf *msg; | - |
346 | u_char *sig = NULL, type = 0; | - |
347 | size_t len = 0; | - |
348 | u_int flags = 0; | - |
349 | int r = SSH_ERR_INTERNAL_ERROR; | - |
350 | | - |
351 | *sigp = NULL; | - |
352 | *lenp = 0; | - |
353 | | - |
354 | if (datalen > SSH_KEY_MAX_SIGN_DATA_SIZE)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
355 | return SSH_ERR_INVALID_ARGUMENT; never executed: return -10; | 0 |
356 | if ((msg = sshbuf_new()) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
357 | return SSH_ERR_ALLOC_FAIL; never executed: return -2; | 0 |
358 | flags |= agent_encode_alg(key, alg); | - |
359 | if ((r = sshbuf_put_u8(msg, SSH2_AGENTC_SIGN_REQUEST)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
360 | (r = sshkey_puts(key, msg)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
361 | (r = sshbuf_put_string(msg, data, datalen)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
362 | (r = sshbuf_put_u32(msg, flags)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
363 | goto out; never executed: goto out; | 0 |
364 | if ((r = ssh_request_reply(sock, msg, msg)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
365 | goto out; never executed: goto out; | 0 |
366 | if ((r = sshbuf_get_u8(msg, &type)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
367 | goto out; never executed: goto out; | 0 |
368 | if (agent_failed(type)) {TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
369 | r = SSH_ERR_AGENT_FAILURE; | - |
370 | goto out; never executed: goto out; | 0 |
371 | } else if (type != SSH2_AGENT_SIGN_RESPONSE) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
372 | r = SSH_ERR_INVALID_FORMAT; | - |
373 | goto out; never executed: goto out; | 0 |
374 | } | - |
375 | if ((r = sshbuf_get_string(msg, &sig, &len)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
376 | goto out; never executed: goto out; | 0 |
377 | | - |
378 | if ((r = sshkey_check_sigtype(sig, len, alg)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
379 | goto out; never executed: goto out; | 0 |
380 | | - |
381 | *sigp = sig; | - |
382 | *lenp = len; | - |
383 | sig = NULL; | - |
384 | len = 0; | - |
385 | r = 0; | - |
386 | out: code before this statement never executed: out: | 0 |
387 | freezero(sig, len); | - |
388 | sshbuf_free(msg); | - |
389 | return r; never executed: return r; | 0 |
390 | } | - |
391 | | - |
392 | | - |
393 | | - |
394 | | - |
395 | static int | - |
396 | encode_constraints(struct sshbuf *m, u_int life, u_int confirm, u_int maxsign) | - |
397 | { | - |
398 | int r; | - |
399 | | - |
400 | if (life != 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
401 | if ((r = sshbuf_put_u8(m, SSH_AGENT_CONSTRAIN_LIFETIME)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
402 | (r = sshbuf_put_u32(m, life)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
403 | goto out; never executed: goto out; | 0 |
404 | } never executed: end of block | 0 |
405 | if (confirm != 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
406 | if ((r = sshbuf_put_u8(m, SSH_AGENT_CONSTRAIN_CONFIRM)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
407 | goto out; never executed: goto out; | 0 |
408 | } never executed: end of block | 0 |
409 | if (maxsign != 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
410 | if ((r = sshbuf_put_u8(m, SSH_AGENT_CONSTRAIN_MAXSIGN)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
411 | (r = sshbuf_put_u32(m, maxsign)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
412 | goto out; never executed: goto out; | 0 |
413 | } never executed: end of block | 0 |
414 | r = 0; | - |
415 | out: code before this statement never executed: out: | 0 |
416 | return r; never executed: return r; | 0 |
417 | } | - |
418 | | - |
419 | | - |
420 | | - |
421 | | - |
422 | | - |
423 | int | - |
424 | ssh_add_identity_constrained(int sock, const struct sshkey *key, | - |
425 | const char *comment, u_int life, u_int confirm, u_int maxsign) | - |
426 | { | - |
427 | struct sshbuf *msg; | - |
428 | int r, constrained = (life || confirm || maxsign);TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
429 | u_char type; | - |
430 | | - |
431 | if ((msg = sshbuf_new()) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
432 | return SSH_ERR_ALLOC_FAIL; never executed: return -2; | 0 |
433 | | - |
434 | switch (key->type) { | - |
435 | #ifdef WITH_OPENSSL | - |
436 | case KEY_RSA: never executed: case KEY_RSA: | 0 |
437 | case KEY_RSA_CERT: never executed: case KEY_RSA_CERT: | 0 |
438 | case KEY_DSA: never executed: case KEY_DSA: | 0 |
439 | case KEY_DSA_CERT: never executed: case KEY_DSA_CERT: | 0 |
440 | case KEY_ECDSA: never executed: case KEY_ECDSA: | 0 |
441 | case KEY_ECDSA_CERT: never executed: case KEY_ECDSA_CERT: | 0 |
442 | #endif | - |
443 | case KEY_ED25519: never executed: case KEY_ED25519: | 0 |
444 | case KEY_ED25519_CERT: never executed: case KEY_ED25519_CERT: | 0 |
445 | case KEY_XMSS: never executed: case KEY_XMSS: | 0 |
446 | case KEY_XMSS_CERT: never executed: case KEY_XMSS_CERT: | 0 |
447 | type = constrained ?TRUE | never evaluated | FALSE | never evaluated |
| 0 |
448 | SSH2_AGENTC_ADD_ID_CONSTRAINED : | - |
449 | SSH2_AGENTC_ADD_IDENTITY; | - |
450 | if ((r = sshbuf_put_u8(msg, type)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
451 | (r = sshkey_private_serialize_maxsign(key, msg, maxsign,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
452 | NULL)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
453 | (r = sshbuf_put_cstring(msg, comment)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
454 | goto out; never executed: goto out; | 0 |
455 | break; never executed: break; | 0 |
456 | default: never executed: default: | 0 |
457 | r = SSH_ERR_INVALID_ARGUMENT; | - |
458 | goto out; never executed: goto out; | 0 |
459 | } | - |
460 | if (constrained &&TRUE | never evaluated | FALSE | never evaluated |
| 0 |
461 | (r = encode_constraints(msg, life, confirm, maxsign)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
462 | goto out; never executed: goto out; | 0 |
463 | if ((r = ssh_request_reply(sock, msg, msg)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
464 | goto out; never executed: goto out; | 0 |
465 | if ((r = sshbuf_get_u8(msg, &type)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
466 | goto out; never executed: goto out; | 0 |
467 | r = decode_reply(type); | - |
468 | out: code before this statement never executed: out: | 0 |
469 | sshbuf_free(msg); | - |
470 | return r; never executed: return r; | 0 |
471 | } | - |
472 | | - |
473 | | - |
474 | | - |
475 | | - |
476 | | - |
477 | int | - |
478 | ssh_remove_identity(int sock, struct sshkey *key) | - |
479 | { | - |
480 | struct sshbuf *msg; | - |
481 | int r; | - |
482 | u_char type, *blob = NULL; | - |
483 | size_t blen; | - |
484 | | - |
485 | if ((msg = sshbuf_new()) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
486 | return SSH_ERR_ALLOC_FAIL; never executed: return -2; | 0 |
487 | | - |
488 | if (key->type != KEY_UNSPEC) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
489 | if ((r = sshkey_to_blob(key, &blob, &blen)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
490 | goto out; never executed: goto out; | 0 |
491 | if ((r = sshbuf_put_u8(msg,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
492 | SSH2_AGENTC_REMOVE_IDENTITY)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
493 | (r = sshbuf_put_string(msg, blob, blen)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
494 | goto out; never executed: goto out; | 0 |
495 | } else { never executed: end of block | 0 |
496 | r = SSH_ERR_INVALID_ARGUMENT; | - |
497 | goto out; never executed: goto out; | 0 |
498 | } | - |
499 | if ((r = ssh_request_reply(sock, msg, msg)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
500 | goto out; never executed: goto out; | 0 |
501 | if ((r = sshbuf_get_u8(msg, &type)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
502 | goto out; never executed: goto out; | 0 |
503 | r = decode_reply(type); | - |
504 | out: code before this statement never executed: out: | 0 |
505 | if (blob != NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
506 | explicit_bzero(blob, blen); | - |
507 | free(blob); | - |
508 | } never executed: end of block | 0 |
509 | sshbuf_free(msg); | - |
510 | return r; never executed: return r; | 0 |
511 | } | - |
512 | | - |
513 | | - |
514 | | - |
515 | | - |
516 | | - |
517 | int | - |
518 | ssh_update_card(int sock, int add, const char *reader_id, const char *pin, | - |
519 | u_int life, u_int confirm) | - |
520 | { | - |
521 | struct sshbuf *msg; | - |
522 | int r, constrained = (life || confirm);TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
523 | u_char type; | - |
524 | | - |
525 | if (add) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
526 | type = constrained ?TRUE | never evaluated | FALSE | never evaluated |
| 0 |
527 | SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED : | - |
528 | SSH_AGENTC_ADD_SMARTCARD_KEY; | - |
529 | } else never executed: end of block | 0 |
530 | type = SSH_AGENTC_REMOVE_SMARTCARD_KEY; never executed: type = 21; | 0 |
531 | | - |
532 | if ((msg = sshbuf_new()) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
533 | return SSH_ERR_ALLOC_FAIL; never executed: return -2; | 0 |
534 | if ((r = sshbuf_put_u8(msg, type)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
535 | (r = sshbuf_put_cstring(msg, reader_id)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
536 | (r = sshbuf_put_cstring(msg, pin)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
537 | goto out; never executed: goto out; | 0 |
538 | if (constrained &&TRUE | never evaluated | FALSE | never evaluated |
| 0 |
539 | (r = encode_constraints(msg, life, confirm, 0)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
540 | goto out; never executed: goto out; | 0 |
541 | if ((r = ssh_request_reply(sock, msg, msg)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
542 | goto out; never executed: goto out; | 0 |
543 | if ((r = sshbuf_get_u8(msg, &type)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
544 | goto out; never executed: goto out; | 0 |
545 | r = decode_reply(type); | - |
546 | out: code before this statement never executed: out: | 0 |
547 | sshbuf_free(msg); | - |
548 | return r; never executed: return r; | 0 |
549 | } | - |
550 | | - |
551 | | - |
552 | | - |
553 | | - |
554 | | - |
555 | | - |
556 | | - |
557 | | - |
558 | | - |
559 | int | - |
560 | ssh_remove_all_identities(int sock, int version) | - |
561 | { | - |
562 | struct sshbuf *msg; | - |
563 | u_char type = (version == 1) ?TRUE | never evaluated | FALSE | never evaluated |
| 0 |
564 | SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES : | - |
565 | SSH2_AGENTC_REMOVE_ALL_IDENTITIES; | - |
566 | int r; | - |
567 | | - |
568 | if ((msg = sshbuf_new()) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
569 | return SSH_ERR_ALLOC_FAIL; never executed: return -2; | 0 |
570 | if ((r = sshbuf_put_u8(msg, type)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
571 | goto out; never executed: goto out; | 0 |
572 | if ((r = ssh_request_reply(sock, msg, msg)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
573 | goto out; never executed: goto out; | 0 |
574 | if ((r = sshbuf_get_u8(msg, &type)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
575 | goto out; never executed: goto out; | 0 |
576 | r = decode_reply(type); | - |
577 | out: code before this statement never executed: out: | 0 |
578 | sshbuf_free(msg); | - |
579 | return r; never executed: return r; | 0 |
580 | } | - |
| | |