/* * Adds an identity to the authentication server. * This call is intended only for use by ssh-add(1) and like applications. */ int ssh_add_identity_constrained(int sock, struct sshkey *key, const char *comment, u_int life, u_int confirm) { struct sshbuf *msg; int r, constrained = (life || confirm); u_char type; if ((msg = sshbuf_new()) == NULL) return SSH_ERR_ALLOC_FAIL; switch (key->type) { #ifdef WITH_SSH1 case KEY_RSA1: type = constrained ? SSH_AGENTC_ADD_RSA_ID_CONSTRAINED : SSH_AGENTC_ADD_RSA_IDENTITY; if ((r = sshbuf_put_u8(msg, type)) != 0 || (r = ssh_encode_identity_rsa1(msg, key->rsa, comment)) != 0) goto out; break; #endif #ifdef WITH_OPENSSL case KEY_RSA: case KEY_RSA_CERT: case KEY_RSA_CERT_V00: case KEY_DSA: case KEY_DSA_CERT: case KEY_DSA_CERT_V00: case KEY_ECDSA: case KEY_ECDSA_CERT: #endif case KEY_ED25519: case KEY_ED25519_CERT: type = constrained ? SSH2_AGENTC_ADD_ID_CONSTRAINED : SSH2_AGENTC_ADD_IDENTITY; if ((r = sshbuf_put_u8(msg, type)) != 0 || (r = ssh_encode_identity_ssh2(msg, key, comment)) != 0) goto out; break; default: r = SSH_ERR_INVALID_ARGUMENT; goto out; } if (constrained && (r = encode_constraints(msg, life, confirm)) != 0) goto out; if ((r = ssh_request_reply(sock, msg, msg)) != 0) goto out; if ((r = sshbuf_get_u8(msg, &type)) != 0) goto out; r = decode_reply(type); out: sshbuf_free(msg); return r; }
int ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key, const char *comment, u_int life, u_int confirm) { Buffer msg; int type, constrained = (life || confirm); buffer_init(&msg); switch (key->type) { #ifdef WITH_SSH1 case KEY_RSA1: type = constrained ? SSH_AGENTC_ADD_RSA_ID_CONSTRAINED : SSH_AGENTC_ADD_RSA_IDENTITY; buffer_put_char(&msg, type); ssh_encode_identity_rsa1(&msg, key->rsa, comment); break; #endif #ifdef WITH_OPENSSL case KEY_RSA: case KEY_RSA_CERT: case KEY_RSA_CERT_V00: case KEY_DSA: case KEY_DSA_CERT: case KEY_DSA_CERT_V00: case KEY_ECDSA: case KEY_ECDSA_CERT: #endif case KEY_ED25519: case KEY_ED25519_CERT: type = constrained ? SSH2_AGENTC_ADD_ID_CONSTRAINED : SSH2_AGENTC_ADD_IDENTITY; buffer_put_char(&msg, type); ssh_encode_identity_ssh2(&msg, key, comment); break; default: buffer_free(&msg); return 0; } if (constrained) { if (life != 0) { buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_LIFETIME); buffer_put_int(&msg, life); } if (confirm != 0) buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_CONFIRM); } if (ssh_request_reply(auth, &msg, &msg) == 0) { buffer_free(&msg); return 0; } type = buffer_get_char(&msg); buffer_free(&msg); return decode_reply(type); }
int ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key, const char *comment, u_int life, u_int confirm) { Buffer msg; int type, constrained = (life || confirm); pamsshagentauth_buffer_init(&msg); switch (key->type) { case KEY_RSA1: type = constrained ? SSH_AGENTC_ADD_RSA_ID_CONSTRAINED : SSH_AGENTC_ADD_RSA_IDENTITY; pamsshagentauth_buffer_put_char(&msg, type); ssh_encode_identity_rsa1(&msg, key->rsa, comment); break; case KEY_RSA: case KEY_DSA: type = constrained ? SSH2_AGENTC_ADD_ID_CONSTRAINED : SSH2_AGENTC_ADD_IDENTITY; pamsshagentauth_buffer_put_char(&msg, type); ssh_encode_identity_ssh2(&msg, key, comment); break; default: pamsshagentauth_buffer_free(&msg); return 0; } if (constrained) { if (life != 0) { pamsshagentauth_buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_LIFETIME); pamsshagentauth_buffer_put_int(&msg, life); } if (confirm != 0) pamsshagentauth_buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_CONFIRM); } if (ssh_request_reply(auth, &msg, &msg) == 0) { pamsshagentauth_buffer_free(&msg); return 0; } type = pamsshagentauth_buffer_get_char(&msg); pamsshagentauth_buffer_free(&msg); return pamsshagentauth_decode_reply(type); }