1 /* $NetBSD: authfd.c,v 1.12 2016/12/25 00:07:46 christos Exp $ */ 2 /* $OpenBSD: authfd.c,v 1.100 2015/12/04 16:41:28 markus Exp $ */ 3 4 /* 5 * Author: Tatu Ylonen <ylo@cs.hut.fi> 6 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 7 * All rights reserved 8 * Functions for connecting the local authentication agent. 9 * 10 * As far as I am concerned, the code I have written for this software 11 * can be used freely for any purpose. Any derived versions of this 12 * software must be clearly marked as such, and if the derived work is 13 * incompatible with the protocol description in the RFC file, it must be 14 * called by a name other than "ssh" or "Secure Shell". 15 * 16 * SSH2 implementation, 17 * Copyright (c) 2000 Markus Friedl. All rights reserved. 18 * 19 * Redistribution and use in source and binary forms, with or without 20 * modification, are permitted provided that the following conditions 21 * are met: 22 * 1. Redistributions of source code must retain the above copyright 23 * notice, this list of conditions and the following disclaimer. 24 * 2. Redistributions in binary form must reproduce the above copyright 25 * notice, this list of conditions and the following disclaimer in the 26 * documentation and/or other materials provided with the distribution. 27 * 28 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 29 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 30 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 31 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 32 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 33 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 34 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 35 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 36 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 37 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 38 */ 39 40 #include "includes.h" 41 __RCSID("$NetBSD: authfd.c,v 1.12 2016/12/25 00:07:46 christos Exp $"); 42 #include <sys/types.h> 43 #include <sys/un.h> 44 #include <sys/socket.h> 45 46 #include <fcntl.h> 47 #include <stdlib.h> 48 #include <signal.h> 49 #include <string.h> 50 #include <unistd.h> 51 #include <errno.h> 52 53 #include "xmalloc.h" 54 #include "ssh.h" 55 #include "rsa.h" 56 #include "sshbuf.h" 57 #include "sshkey.h" 58 #include "authfd.h" 59 #include "cipher.h" 60 #include "compat.h" 61 #include "log.h" 62 #include "atomicio.h" 63 #include "misc.h" 64 #include "ssherr.h" 65 66 #define MAX_AGENT_IDENTITIES 2048 /* Max keys in agent reply */ 67 #define MAX_AGENT_REPLY_LEN (256 * 1024) /* Max bytes in agent reply */ 68 69 /* macro to check for "agent failure" message */ 70 #define agent_failed(x) \ 71 ((x == SSH_AGENT_FAILURE) || \ 72 (x == SSH_COM_AGENT2_FAILURE) || \ 73 (x == SSH2_AGENT_FAILURE)) 74 75 /* Convert success/failure response from agent to a err.h status */ 76 static int 77 decode_reply(u_char type) 78 { 79 if (agent_failed(type)) 80 return SSH_ERR_AGENT_FAILURE; 81 else if (type == SSH_AGENT_SUCCESS) 82 return 0; 83 else 84 return SSH_ERR_INVALID_FORMAT; 85 } 86 87 /* Returns the number of the authentication fd, or -1 if there is none. */ 88 int 89 ssh_get_authentication_socket(int *fdp) 90 { 91 const char *authsocket; 92 int sock, oerrno; 93 struct sockaddr_un sunaddr; 94 95 if (fdp != NULL) 96 *fdp = -1; 97 98 authsocket = getenv(SSH_AUTHSOCKET_ENV_NAME); 99 if (!authsocket) 100 return SSH_ERR_AGENT_NOT_PRESENT; 101 102 memset(&sunaddr, 0, sizeof(sunaddr)); 103 sunaddr.sun_family = AF_UNIX; 104 strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path)); 105 106 if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) 107 return SSH_ERR_SYSTEM_ERROR; 108 109 /* close on exec */ 110 if (fcntl(sock, F_SETFD, FD_CLOEXEC) == -1 || 111 connect(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0) { 112 oerrno = errno; 113 close(sock); 114 errno = oerrno; 115 return SSH_ERR_SYSTEM_ERROR; 116 } 117 if (fdp != NULL) 118 *fdp = sock; 119 else 120 close(sock); 121 return 0; 122 } 123 124 /* Communicate with agent: send request and read reply */ 125 static int 126 ssh_request_reply(int sock, struct sshbuf *request, struct sshbuf *reply) 127 { 128 int r; 129 size_t l, len; 130 char buf[1024]; 131 132 /* Get the length of the message, and format it in the buffer. */ 133 len = sshbuf_len(request); 134 put_u32(buf, len); 135 136 /* Send the length and then the packet to the agent. */ 137 if (atomicio(vwrite, sock, buf, 4) != 4 || 138 atomicio(vwrite, sock, __UNCONST(sshbuf_ptr(request)), 139 sshbuf_len(request)) != sshbuf_len(request)) 140 return SSH_ERR_AGENT_COMMUNICATION; 141 /* 142 * Wait for response from the agent. First read the length of the 143 * response packet. 144 */ 145 if (atomicio(read, sock, buf, 4) != 4) 146 return SSH_ERR_AGENT_COMMUNICATION; 147 148 /* Extract the length, and check it for sanity. */ 149 len = get_u32(buf); 150 if (len > MAX_AGENT_REPLY_LEN) 151 return SSH_ERR_INVALID_FORMAT; 152 153 /* Read the rest of the response in to the buffer. */ 154 sshbuf_reset(reply); 155 while (len > 0) { 156 l = len; 157 if (l > sizeof(buf)) 158 l = sizeof(buf); 159 if (atomicio(read, sock, buf, l) != l) 160 return SSH_ERR_AGENT_COMMUNICATION; 161 if ((r = sshbuf_put(reply, buf, l)) != 0) 162 return r; 163 len -= l; 164 } 165 return 0; 166 } 167 168 /* 169 * Closes the agent socket if it should be closed (depends on how it was 170 * obtained). The argument must have been returned by 171 * ssh_get_authentication_socket(). 172 */ 173 void 174 ssh_close_authentication_socket(int sock) 175 { 176 if (getenv(SSH_AUTHSOCKET_ENV_NAME)) 177 close(sock); 178 } 179 180 /* Lock/unlock agent */ 181 int 182 ssh_lock_agent(int sock, int lock, const char *password) 183 { 184 int r; 185 u_char type = lock ? SSH_AGENTC_LOCK : SSH_AGENTC_UNLOCK; 186 struct sshbuf *msg; 187 188 if ((msg = sshbuf_new()) == NULL) 189 return SSH_ERR_ALLOC_FAIL; 190 if ((r = sshbuf_put_u8(msg, type)) != 0 || 191 (r = sshbuf_put_cstring(msg, password)) != 0) 192 goto out; 193 if ((r = ssh_request_reply(sock, msg, msg)) != 0) 194 goto out; 195 if ((r = sshbuf_get_u8(msg, &type)) != 0) 196 goto out; 197 r = decode_reply(type); 198 out: 199 sshbuf_free(msg); 200 return r; 201 } 202 203 #ifdef WITH_SSH1 204 static int 205 deserialise_identity1(struct sshbuf *ids, struct sshkey **keyp, char **commentp) 206 { 207 struct sshkey *key; 208 int r, keybits; 209 u_int32_t bits; 210 char *comment = NULL; 211 212 if ((key = sshkey_new(KEY_RSA1)) == NULL) 213 return SSH_ERR_ALLOC_FAIL; 214 if ((r = sshbuf_get_u32(ids, &bits)) != 0 || 215 (r = sshbuf_get_bignum1(ids, key->rsa->e)) != 0 || 216 (r = sshbuf_get_bignum1(ids, key->rsa->n)) != 0 || 217 (r = sshbuf_get_cstring(ids, &comment, NULL)) != 0) 218 goto out; 219 keybits = BN_num_bits(key->rsa->n); 220 /* XXX previously we just warned here. I think we should be strict */ 221 if (keybits < 0 || bits != (u_int)keybits) { 222 r = SSH_ERR_KEY_BITS_MISMATCH; 223 goto out; 224 } 225 if (keyp != NULL) { 226 *keyp = key; 227 key = NULL; 228 } 229 if (commentp != NULL) { 230 *commentp = comment; 231 comment = NULL; 232 } 233 r = 0; 234 out: 235 sshkey_free(key); 236 free(comment); 237 return r; 238 } 239 #endif 240 241 static int 242 deserialise_identity2(struct sshbuf *ids, struct sshkey **keyp, char **commentp) 243 { 244 int r; 245 char *comment = NULL; 246 const u_char *blob; 247 size_t blen; 248 249 if ((r = sshbuf_get_string_direct(ids, &blob, &blen)) != 0 || 250 (r = sshbuf_get_cstring(ids, &comment, NULL)) != 0) 251 goto out; 252 if ((r = sshkey_from_blob(blob, blen, keyp)) != 0) 253 goto out; 254 if (commentp != NULL) { 255 *commentp = comment; 256 comment = NULL; 257 } 258 r = 0; 259 out: 260 free(comment); 261 return r; 262 } 263 264 /* 265 * Fetch list of identities held by the agent. 266 */ 267 int 268 ssh_fetch_identitylist(int sock, int version, struct ssh_identitylist **idlp) 269 { 270 u_char type, code1 = 0, code2 = 0; 271 u_int32_t num, i; 272 struct sshbuf *msg; 273 struct ssh_identitylist *idl = NULL; 274 int r; 275 276 /* Determine request and expected response types */ 277 switch (version) { 278 case 1: 279 code1 = SSH_AGENTC_REQUEST_RSA_IDENTITIES; 280 code2 = SSH_AGENT_RSA_IDENTITIES_ANSWER; 281 break; 282 case 2: 283 code1 = SSH2_AGENTC_REQUEST_IDENTITIES; 284 code2 = SSH2_AGENT_IDENTITIES_ANSWER; 285 break; 286 default: 287 return SSH_ERR_INVALID_ARGUMENT; 288 } 289 290 /* 291 * Send a message to the agent requesting for a list of the 292 * identities it can represent. 293 */ 294 if ((msg = sshbuf_new()) == NULL) 295 return SSH_ERR_ALLOC_FAIL; 296 if ((r = sshbuf_put_u8(msg, code1)) != 0) 297 goto out; 298 299 if ((r = ssh_request_reply(sock, msg, msg)) != 0) 300 goto out; 301 302 /* Get message type, and verify that we got a proper answer. */ 303 if ((r = sshbuf_get_u8(msg, &type)) != 0) 304 goto out; 305 if (agent_failed(type)) { 306 r = SSH_ERR_AGENT_FAILURE; 307 goto out; 308 } else if (type != code2) { 309 r = SSH_ERR_INVALID_FORMAT; 310 goto out; 311 } 312 313 /* Get the number of entries in the response and check it for sanity. */ 314 if ((r = sshbuf_get_u32(msg, &num)) != 0) 315 goto out; 316 if (num > MAX_AGENT_IDENTITIES) { 317 r = SSH_ERR_INVALID_FORMAT; 318 goto out; 319 } 320 if (num == 0) { 321 r = SSH_ERR_AGENT_NO_IDENTITIES; 322 goto out; 323 } 324 325 /* Deserialise the response into a list of keys/comments */ 326 if ((idl = calloc(1, sizeof(*idl))) == NULL || 327 (idl->keys = calloc(num, sizeof(*idl->keys))) == NULL || 328 (idl->comments = calloc(num, sizeof(*idl->comments))) == NULL) { 329 r = SSH_ERR_ALLOC_FAIL; 330 goto out; 331 } 332 for (i = 0; i < num;) { 333 switch (version) { 334 case 1: 335 #ifdef WITH_SSH1 336 if ((r = deserialise_identity1(msg, 337 &(idl->keys[i]), &(idl->comments[i]))) != 0) 338 goto out; 339 #endif 340 break; 341 case 2: 342 if ((r = deserialise_identity2(msg, 343 &(idl->keys[i]), &(idl->comments[i]))) != 0) { 344 if (r == SSH_ERR_KEY_TYPE_UNKNOWN) { 345 /* Gracefully skip unknown key types */ 346 num--; 347 continue; 348 } else 349 goto out; 350 } 351 break; 352 } 353 i++; 354 } 355 idl->nkeys = num; 356 *idlp = idl; 357 idl = NULL; 358 r = 0; 359 out: 360 sshbuf_free(msg); 361 if (idl != NULL) 362 ssh_free_identitylist(idl); 363 return r; 364 } 365 366 void 367 ssh_free_identitylist(struct ssh_identitylist *idl) 368 { 369 size_t i; 370 371 if (idl == NULL) 372 return; 373 for (i = 0; i < idl->nkeys; i++) { 374 if (idl->keys != NULL) 375 sshkey_free(idl->keys[i]); 376 if (idl->comments != NULL) 377 free(idl->comments[i]); 378 } 379 free(idl); 380 } 381 382 /* 383 * Sends a challenge (typically from a server via ssh(1)) to the agent, 384 * and waits for a response from the agent. 385 * Returns true (non-zero) if the agent gave the correct answer, zero 386 * otherwise. 387 */ 388 389 #ifdef WITH_SSH1 390 int 391 ssh_decrypt_challenge(int sock, struct sshkey* key, BIGNUM *challenge, 392 u_char session_id[16], u_char response[16]) 393 { 394 struct sshbuf *msg; 395 int r; 396 u_char type; 397 398 if (key->type != KEY_RSA1) 399 return SSH_ERR_INVALID_ARGUMENT; 400 if ((msg = sshbuf_new()) == NULL) 401 return SSH_ERR_ALLOC_FAIL; 402 if ((r = sshbuf_put_u8(msg, SSH_AGENTC_RSA_CHALLENGE)) != 0 || 403 (r = sshbuf_put_u32(msg, BN_num_bits(key->rsa->n))) != 0 || 404 (r = sshbuf_put_bignum1(msg, key->rsa->e)) != 0 || 405 (r = sshbuf_put_bignum1(msg, key->rsa->n)) != 0 || 406 (r = sshbuf_put_bignum1(msg, challenge)) != 0 || 407 (r = sshbuf_put(msg, session_id, 16)) != 0 || 408 (r = sshbuf_put_u32(msg, 1)) != 0) /* Response type for proto 1.1 */ 409 goto out; 410 if ((r = ssh_request_reply(sock, msg, msg)) != 0) 411 goto out; 412 if ((r = sshbuf_get_u8(msg, &type)) != 0) 413 goto out; 414 if (agent_failed(type)) { 415 r = SSH_ERR_AGENT_FAILURE; 416 goto out; 417 } else if (type != SSH_AGENT_RSA_RESPONSE) { 418 r = SSH_ERR_INVALID_FORMAT; 419 goto out; 420 } 421 if ((r = sshbuf_get(msg, response, 16)) != 0) 422 goto out; 423 r = 0; 424 out: 425 sshbuf_free(msg); 426 return r; 427 } 428 #endif 429 430 /* encode signature algoritm in flag bits, so we can keep the msg format */ 431 static u_int 432 agent_encode_alg(struct sshkey *key, const char *alg) 433 { 434 if (alg != NULL && key->type == KEY_RSA) { 435 if (strcmp(alg, "rsa-sha2-256") == 0) 436 return SSH_AGENT_RSA_SHA2_256; 437 else if (strcmp(alg, "rsa-sha2-512") == 0) 438 return SSH_AGENT_RSA_SHA2_512; 439 } 440 return 0; 441 } 442 443 /* ask agent to sign data, returns err.h code on error, 0 on success */ 444 int 445 ssh_agent_sign(int sock, struct sshkey *key, 446 u_char **sigp, size_t *lenp, 447 const u_char *data, size_t datalen, const char *alg, u_int compat) 448 { 449 struct sshbuf *msg; 450 u_char *blob = NULL, type; 451 size_t blen = 0, len = 0; 452 u_int flags = 0; 453 int r = SSH_ERR_INTERNAL_ERROR; 454 455 *sigp = NULL; 456 *lenp = 0; 457 458 if (datalen > SSH_KEY_MAX_SIGN_DATA_SIZE) 459 return SSH_ERR_INVALID_ARGUMENT; 460 if (compat & SSH_BUG_SIGBLOB) 461 flags |= SSH_AGENT_OLD_SIGNATURE; 462 if ((msg = sshbuf_new()) == NULL) 463 return SSH_ERR_ALLOC_FAIL; 464 if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) 465 goto out; 466 flags |= agent_encode_alg(key, alg); 467 if ((r = sshbuf_put_u8(msg, SSH2_AGENTC_SIGN_REQUEST)) != 0 || 468 (r = sshbuf_put_string(msg, blob, blen)) != 0 || 469 (r = sshbuf_put_string(msg, data, datalen)) != 0 || 470 (r = sshbuf_put_u32(msg, flags)) != 0) 471 goto out; 472 if ((r = ssh_request_reply(sock, msg, msg)) != 0) 473 goto out; 474 if ((r = sshbuf_get_u8(msg, &type)) != 0) 475 goto out; 476 if (agent_failed(type)) { 477 r = SSH_ERR_AGENT_FAILURE; 478 goto out; 479 } else if (type != SSH2_AGENT_SIGN_RESPONSE) { 480 r = SSH_ERR_INVALID_FORMAT; 481 goto out; 482 } 483 if ((r = sshbuf_get_string(msg, sigp, &len)) != 0) 484 goto out; 485 *lenp = len; 486 r = 0; 487 out: 488 if (blob != NULL) { 489 explicit_bzero(blob, blen); 490 free(blob); 491 } 492 sshbuf_free(msg); 493 return r; 494 } 495 496 /* Encode key for a message to the agent. */ 497 498 #ifdef WITH_SSH1 499 static int 500 ssh_encode_identity_rsa1(struct sshbuf *b, RSA *key, const char *comment) 501 { 502 int r; 503 504 /* To keep within the protocol: p < q for ssh. in SSL p > q */ 505 if ((r = sshbuf_put_u32(b, BN_num_bits(key->n))) != 0 || 506 (r = sshbuf_put_bignum1(b, key->n)) != 0 || 507 (r = sshbuf_put_bignum1(b, key->e)) != 0 || 508 (r = sshbuf_put_bignum1(b, key->d)) != 0 || 509 (r = sshbuf_put_bignum1(b, key->iqmp)) != 0 || 510 (r = sshbuf_put_bignum1(b, key->q)) != 0 || 511 (r = sshbuf_put_bignum1(b, key->p)) != 0 || 512 (r = sshbuf_put_cstring(b, comment)) != 0) 513 return r; 514 return 0; 515 } 516 #endif 517 518 static int 519 ssh_encode_identity_ssh2(struct sshbuf *b, struct sshkey *key, 520 const char *comment) 521 { 522 int r; 523 524 if ((r = sshkey_private_serialize(key, b)) != 0 || 525 (r = sshbuf_put_cstring(b, comment)) != 0) 526 return r; 527 return 0; 528 } 529 530 static int 531 encode_constraints(struct sshbuf *m, u_int life, u_int confirm) 532 { 533 int r; 534 535 if (life != 0) { 536 if ((r = sshbuf_put_u8(m, SSH_AGENT_CONSTRAIN_LIFETIME)) != 0 || 537 (r = sshbuf_put_u32(m, life)) != 0) 538 goto out; 539 } 540 if (confirm != 0) { 541 if ((r = sshbuf_put_u8(m, SSH_AGENT_CONSTRAIN_CONFIRM)) != 0) 542 goto out; 543 } 544 r = 0; 545 out: 546 return r; 547 } 548 549 /* 550 * Adds an identity to the authentication server. 551 * This call is intended only for use by ssh-add(1) and like applications. 552 */ 553 int 554 ssh_add_identity_constrained(int sock, struct sshkey *key, const char *comment, 555 u_int life, u_int confirm) 556 { 557 struct sshbuf *msg; 558 int r, constrained = (life || confirm); 559 u_char type; 560 561 if ((msg = sshbuf_new()) == NULL) 562 return SSH_ERR_ALLOC_FAIL; 563 564 switch (key->type) { 565 #ifdef WITH_SSH1 566 case KEY_RSA1: 567 type = constrained ? 568 SSH_AGENTC_ADD_RSA_ID_CONSTRAINED : 569 SSH_AGENTC_ADD_RSA_IDENTITY; 570 if ((r = sshbuf_put_u8(msg, type)) != 0 || 571 (r = ssh_encode_identity_rsa1(msg, key->rsa, comment)) != 0) 572 goto out; 573 break; 574 #endif 575 #ifdef WITH_OPENSSL 576 case KEY_RSA: 577 case KEY_RSA_CERT: 578 case KEY_DSA: 579 case KEY_DSA_CERT: 580 case KEY_ECDSA: 581 case KEY_ECDSA_CERT: 582 #endif 583 case KEY_ED25519: 584 case KEY_ED25519_CERT: 585 type = constrained ? 586 SSH2_AGENTC_ADD_ID_CONSTRAINED : 587 SSH2_AGENTC_ADD_IDENTITY; 588 if ((r = sshbuf_put_u8(msg, type)) != 0 || 589 (r = ssh_encode_identity_ssh2(msg, key, comment)) != 0) 590 goto out; 591 break; 592 default: 593 r = SSH_ERR_INVALID_ARGUMENT; 594 goto out; 595 } 596 if (constrained && 597 (r = encode_constraints(msg, life, confirm)) != 0) 598 goto out; 599 if ((r = ssh_request_reply(sock, msg, msg)) != 0) 600 goto out; 601 if ((r = sshbuf_get_u8(msg, &type)) != 0) 602 goto out; 603 r = decode_reply(type); 604 out: 605 sshbuf_free(msg); 606 return r; 607 } 608 609 /* 610 * Removes an identity from the authentication server. 611 * This call is intended only for use by ssh-add(1) and like applications. 612 */ 613 int 614 ssh_remove_identity(int sock, struct sshkey *key) 615 { 616 struct sshbuf *msg; 617 int r; 618 u_char type, *blob = NULL; 619 size_t blen; 620 621 if ((msg = sshbuf_new()) == NULL) 622 return SSH_ERR_ALLOC_FAIL; 623 624 #ifdef WITH_SSH1 625 if (key->type == KEY_RSA1) { 626 if ((r = sshbuf_put_u8(msg, 627 SSH_AGENTC_REMOVE_RSA_IDENTITY)) != 0 || 628 (r = sshbuf_put_u32(msg, BN_num_bits(key->rsa->n))) != 0 || 629 (r = sshbuf_put_bignum1(msg, key->rsa->e)) != 0 || 630 (r = sshbuf_put_bignum1(msg, key->rsa->n)) != 0) 631 goto out; 632 } else 633 #endif 634 if (key->type != KEY_UNSPEC) { 635 if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) 636 goto out; 637 if ((r = sshbuf_put_u8(msg, 638 SSH2_AGENTC_REMOVE_IDENTITY)) != 0 || 639 (r = sshbuf_put_string(msg, blob, blen)) != 0) 640 goto out; 641 } else { 642 r = SSH_ERR_INVALID_ARGUMENT; 643 goto out; 644 } 645 if ((r = ssh_request_reply(sock, msg, msg)) != 0) 646 goto out; 647 if ((r = sshbuf_get_u8(msg, &type)) != 0) 648 goto out; 649 r = decode_reply(type); 650 out: 651 if (blob != NULL) { 652 explicit_bzero(blob, blen); 653 free(blob); 654 } 655 sshbuf_free(msg); 656 return r; 657 } 658 659 /* 660 * Add/remove an token-based identity from the authentication server. 661 * This call is intended only for use by ssh-add(1) and like applications. 662 */ 663 int 664 ssh_update_card(int sock, int add, const char *reader_id, const char *pin, 665 u_int life, u_int confirm) 666 { 667 struct sshbuf *msg; 668 int r, constrained = (life || confirm); 669 u_char type; 670 671 if (add) { 672 type = constrained ? 673 SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED : 674 SSH_AGENTC_ADD_SMARTCARD_KEY; 675 } else 676 type = SSH_AGENTC_REMOVE_SMARTCARD_KEY; 677 678 if ((msg = sshbuf_new()) == NULL) 679 return SSH_ERR_ALLOC_FAIL; 680 if ((r = sshbuf_put_u8(msg, type)) != 0 || 681 (r = sshbuf_put_cstring(msg, reader_id)) != 0 || 682 (r = sshbuf_put_cstring(msg, pin)) != 0) 683 goto out; 684 if (constrained && 685 (r = encode_constraints(msg, life, confirm)) != 0) 686 goto out; 687 if ((r = ssh_request_reply(sock, msg, msg)) != 0) 688 goto out; 689 if ((r = sshbuf_get_u8(msg, &type)) != 0) 690 goto out; 691 r = decode_reply(type); 692 out: 693 sshbuf_free(msg); 694 return r; 695 } 696 697 /* 698 * Removes all identities from the agent. 699 * This call is intended only for use by ssh-add(1) and like applications. 700 */ 701 int 702 ssh_remove_all_identities(int sock, int version) 703 { 704 struct sshbuf *msg; 705 u_char type = (version == 1) ? 706 SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES : 707 SSH2_AGENTC_REMOVE_ALL_IDENTITIES; 708 int r; 709 710 if ((msg = sshbuf_new()) == NULL) 711 return SSH_ERR_ALLOC_FAIL; 712 if ((r = sshbuf_put_u8(msg, type)) != 0) 713 goto out; 714 if ((r = ssh_request_reply(sock, msg, msg)) != 0) 715 goto out; 716 if ((r = sshbuf_get_u8(msg, &type)) != 0) 717 goto out; 718 r = decode_reply(type); 719 out: 720 sshbuf_free(msg); 721 return r; 722 } 723