diff options
author | djm@openbsd.org <djm@openbsd.org> | 2021-12-19 22:08:48 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2021-12-20 09:24:42 +1100 |
commit | e9497ecf73f3c16667288bce48d4e3d7e746fea1 (patch) | |
tree | a066c9cb60add52ff97fe31bdc8d631716e0c248 /authfd.c | |
parent | b42c61d6840d16ef392ed0f365e8c000734669aa (diff) | |
download | openssh-git-e9497ecf73f3c16667288bce48d4e3d7e746fea1.tar.gz |
upstream: ssh client side of binding
send session ID, hostkey, signature and a flag indicating whether the
agent connection is being forwarded to ssh agent each time a connection
is opened via a new "session-bind@openssh.com" agent extension.
ok markus@
OpenBSD-Commit-ID: 2f154844fe13167d3ab063f830d7455fcaa99135
Diffstat (limited to 'authfd.c')
-rw-r--r-- | authfd.c | 31 |
1 files changed, 30 insertions, 1 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.c,v 1.127 2021/01/26 00:46:17 djm Exp $ */ +/* $OpenBSD: authfd.c,v 1.128 2021/12/19 22:08:48 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -650,3 +650,32 @@ ssh_remove_all_identities(int sock, int version) sshbuf_free(msg); return r; } + +/* Binds a session ID to a hostkey via the initial KEX signature. */ +int +ssh_agent_bind_hostkey(int sock, const struct sshkey *key, + const struct sshbuf *session_id, const struct sshbuf *signature, + int forwarding) +{ + struct sshbuf *msg; + int r; + + if (key == NULL || session_id == NULL || signature == NULL) + return SSH_ERR_INVALID_ARGUMENT; + if ((msg = sshbuf_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((r = sshbuf_put_u8(msg, SSH_AGENTC_EXTENSION)) != 0 || + (r = sshbuf_put_cstring(msg, "session-bind@openssh.com")) != 0 || + (r = sshkey_puts(key, msg)) != 0 || + (r = sshbuf_put_stringb(msg, session_id)) != 0 || + (r = sshbuf_put_stringb(msg, signature)) != 0 || + (r = sshbuf_put_u8(msg, forwarding ? 1 : 0)) != 0) + goto out; + if ((r = ssh_request_reply_decode(sock, msg)) != 0) + goto out; + /* success */ + r = 0; + out: + sshbuf_free(msg); + return r; +} |