summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTimo Weingärtner <timo@tiwe.de>2015-08-31 20:22:37 +0200
committerTimo Weingärtner <timo@tiwe.de>2015-08-31 20:22:37 +0200
commit8f675da301eafe79897f3ad67ff5450fcc397f78 (patch)
tree126388c8ff57830d8c3633827a5e4a2b94d7f5a2
parent774ff2757de2a32c57046cbdc8425c6c22759035 (diff)
downloadssh-agent-filter-8f675da301eafe79897f3ad67ff5450fcc397f78.tar.gz
move rfc4251 types into their own namespace
-rw-r--r--rfc4251.C12
-rw-r--r--rfc4251.H110
-rw-r--r--rfc4251_gmp.C12
-rw-r--r--ssh-agent-filter.C102
4 files changed, 124 insertions, 112 deletions
diff --git a/rfc4251.C b/rfc4251.C
index 0b7aa62..bf3fe4a 100644
--- a/rfc4251.C
+++ b/rfc4251.C
@@ -1,7 +1,7 @@
/*
* rfc4251.C -- support for name-list type from RFC 4251, section 5
*
- * These are the conversions between an rfc4251string containing a name-list
+ * These are the conversions between an rfc4251::string containing a name-list
* and vector<string>.
*
* Copyright (C) 2013 Timo Weingärtner <timo@tiwe.de>
@@ -24,12 +24,14 @@
#include "rfc4251.H"
-rfc4251string::rfc4251string (std::vector<std::string> const & v) {
+namespace rfc4251 {
+
+string::string (std::vector<std::string> const & v) {
for (auto it = v.begin(); it != v.end();) {
if (it->size() == 0)
throw std::length_error{"name of zero length"};
if (value.size() + it->size() > std::numeric_limits<uint32_t>::max())
- throw std::length_error{"32-bit limit for rfc4251string exceeded"};
+ throw std::length_error{"32-bit limit for rfc4251::string exceeded"};
value.insert(value.end(), it->data(), it->data() + it->size());
++it;
if (it == v.end())
@@ -38,7 +40,7 @@ rfc4251string::rfc4251string (std::vector<std::string> const & v) {
}
}
-rfc4251string::operator std::vector<std::string> () const {
+string::operator std::vector<std::string> () const {
std::vector<std::string> ret;
auto name_start = value.begin();
if (name_start != value.end())
@@ -54,3 +56,5 @@ rfc4251string::operator std::vector<std::string> () const {
}
return ret;
}
+
+}
diff --git a/rfc4251.H b/rfc4251.H
index d9ac93e..7284f20 100644
--- a/rfc4251.H
+++ b/rfc4251.H
@@ -1,11 +1,11 @@
/*
* rfc4251.h -- implements types from RFC 4251, section 5
*
- * rfc4251byte byte
- * rfc4251bool bool
- * rfc4251uint32 uint32
- * rfc4251uint64 uint64
- * rfc4251string string, incl. mpint and name-list
+ * rfc4251::byte byte
+ * rfc4251::boolean boolean
+ * rfc4251::uint32 uint32
+ * rfc4251::uint64 uint64
+ * rfc4251::string string, incl. mpint and name-list
*
* those structs contain the objects in their RFC 4251 representation,
* conversions are provided via constructors and cast operators
@@ -37,102 +37,104 @@
#include <gmpxx.h>
#include <boost/operators.hpp>
-struct rfc4251byte {
+namespace rfc4251 {
+
+struct byte {
union {
uint8_t value;
char buf[1];
};
- rfc4251byte () = default;
- explicit rfc4251byte (uint8_t v) : value(v) {}
- inline explicit rfc4251byte (std::istream &);
+ byte () = default;
+ explicit byte (uint8_t v) : value(v) {}
+ inline explicit byte (std::istream &);
operator uint8_t () const { return value; }
};
-inline std::istream & operator>> (std::istream & is, rfc4251byte & x) {
+inline std::istream & operator>> (std::istream & is, byte & x) {
return is.read(x.buf, sizeof(x.buf));
}
-inline std::ostream & operator<< (std::ostream & os, rfc4251byte const & x) {
+inline std::ostream & operator<< (std::ostream & os, byte const & x) {
return os.write(x.buf, sizeof(x.buf));
}
-inline rfc4251byte::rfc4251byte (std::istream & is) {
+inline byte::byte (std::istream & is) {
is >> *this;
}
-struct rfc4251bool {
+struct boolean {
union {
bool value;
char buf[1];
};
- rfc4251bool () = default;
- explicit rfc4251bool (uint8_t v) : value(v) {}
- inline explicit rfc4251bool (std::istream &);
+ boolean () = default;
+ explicit boolean (uint8_t v) : value(v) {}
+ inline explicit boolean (std::istream &);
operator uint8_t () const { return value; }
};
-inline std::istream & operator>> (std::istream & is, rfc4251bool & x) {
+inline std::istream & operator>> (std::istream & is, boolean & x) {
return is.read(x.buf, sizeof(x.buf));
}
-inline std::ostream & operator<< (std::ostream & os, rfc4251bool const & x) {
+inline std::ostream & operator<< (std::ostream & os, boolean const & x) {
return os.write(x.buf, sizeof(x.buf));
}
-inline rfc4251bool::rfc4251bool (std::istream & is) {
+inline boolean::boolean (std::istream & is) {
is >> *this;
}
-struct rfc4251uint32 {
+struct uint32 {
union {
uint32_t value;
char buf[4];
};
- rfc4251uint32 () = default;
- explicit rfc4251uint32 (uint32_t v) { value = htonl(v); }
- inline explicit rfc4251uint32 (std::istream &);
+ uint32 () = default;
+ explicit uint32 (uint32_t v) { value = htonl(v); }
+ inline explicit uint32 (std::istream &);
operator uint32_t () const { return ntohl(value); }
};
-inline std::istream & operator>> (std::istream & is, rfc4251uint32 & x) {
+inline std::istream & operator>> (std::istream & is, uint32 & x) {
return is.read(x.buf, sizeof(x.buf));
}
-inline std::ostream & operator<< (std::ostream & os, rfc4251uint32 const & x) {
+inline std::ostream & operator<< (std::ostream & os, uint32 const & x) {
return os.write(x.buf, sizeof(x.buf));
}
-inline rfc4251uint32::rfc4251uint32 (std::istream & is) {
+inline uint32::uint32 (std::istream & is) {
is >> *this;
}
-struct rfc4251uint64 {
+struct uint64 {
union {
uint64_t value;
char buf[8];
};
- rfc4251uint64 () = default;
- inline explicit rfc4251uint64 (uint64_t v);
- inline explicit rfc4251uint64 (std::istream &);
+ uint64 () = default;
+ inline explicit uint64 (uint64_t v);
+ inline explicit uint64 (std::istream &);
inline explicit operator uint64_t () const;
};
-inline rfc4251uint64::rfc4251uint64 (uint64_t v) {
+inline uint64::uint64 (uint64_t v) {
for (int_fast8_t i{7}; i >= 0; --i) {
buf[i] = v & 0xff;
v >>= 8;
}
}
-inline rfc4251uint64::operator uint64_t () const {
+inline uint64::operator uint64_t () const {
uint64_t ret{0};
for (uint_fast8_t i{0}; i < 8; ++i) {
ret <<= 8;
@@ -141,28 +143,28 @@ inline rfc4251uint64::operator uint64_t () const {
return ret;
}
-inline std::istream & operator>> (std::istream & is, rfc4251uint64 & x) {
+inline std::istream & operator>> (std::istream & is, uint64 & x) {
return is.read(x.buf, sizeof(x.buf));
}
-inline std::ostream & operator<< (std::ostream & os, rfc4251uint64 const & x) {
+inline std::ostream & operator<< (std::ostream & os, uint64 const & x) {
return os.write(x.buf, sizeof(x.buf));
}
-inline rfc4251uint64::rfc4251uint64 (std::istream & is) {
+inline uint64::uint64 (std::istream & is) {
is >> *this;
}
-struct rfc4251string : boost::totally_ordered<rfc4251string> {
+struct string : boost::totally_ordered<string> {
std::vector<char> value;
- rfc4251string () = default;
- inline explicit rfc4251string (char const *, size_t);
- explicit rfc4251string (std::string const & s) : rfc4251string{s.data(), s.size()} {}
- explicit rfc4251string (std::vector<std::string> const &);
- explicit rfc4251string (mpz_srcptr);
- explicit rfc4251string (mpz_class const & x) : rfc4251string{x.get_mpz_t()} {}
- inline explicit rfc4251string (std::istream &);
+ string () = default;
+ inline explicit string (char const *, size_t);
+ explicit string (std::string const & s) : string{s.data(), s.size()} {}
+ explicit string (std::vector<std::string> const &);
+ explicit string (mpz_srcptr);
+ explicit string (mpz_class const & x) : string{x.get_mpz_t()} {}
+ inline explicit string (std::istream &);
size_t size () const { return value.size(); }
char const * data () const { return value.data(); }
@@ -173,15 +175,15 @@ struct rfc4251string : boost::totally_ordered<rfc4251string> {
operator mpz_class () const;
};
-inline rfc4251string::rfc4251string (char const * s, size_t l) {
+inline string::string (char const * s, size_t l) {
if (l > std::numeric_limits<uint32_t>::max())
- throw std::length_error{"32-bit limit for rfc4251string exceeded"};
+ throw std::length_error{"32-bit limit for rfc4251::string exceeded"};
value.insert(value.end(), s, s + l);
}
-inline std::istream & operator>> (std::istream & is, rfc4251string & s) {
+inline std::istream & operator>> (std::istream & is, string & s) {
s.value.clear();
- rfc4251uint32 len;
+ uint32 len;
if (is >> len) {
s.value.resize(len);
is.read(s.value.data(), len);
@@ -189,22 +191,24 @@ inline std::istream & operator>> (std::istream & is, rfc4251string & s) {
return is;
}
-inline std::ostream & operator<< (std::ostream & os, rfc4251string const & s) {
+inline std::ostream & operator<< (std::ostream & os, string const & s) {
if (s.value.size() > std::numeric_limits<uint32_t>::max())
- throw std::length_error{"32-bit limit for rfc4251string exceeded"};
- if (os << rfc4251uint32{static_cast<uint32_t>(s.value.size())})
+ throw std::length_error{"32-bit limit for rfc4251::string exceeded"};
+ if (os << uint32{static_cast<uint32_t>(s.value.size())})
os.write(s.value.data(), s.value.size());
return os;
}
-inline rfc4251string::rfc4251string (std::istream & is) {
+inline string::string (std::istream & is) {
is >> *this;
}
-inline bool operator== (rfc4251string const & l, rfc4251string const & r) {
+inline bool operator== (string const & l, string const & r) {
return l.value == r.value;
}
-inline bool operator< (rfc4251string const & l, rfc4251string const & r) {
+inline bool operator< (string const & l, string const & r) {
return l.value < r.value;
}
+
+}
diff --git a/rfc4251_gmp.C b/rfc4251_gmp.C
index db46429..fe1f770 100644
--- a/rfc4251_gmp.C
+++ b/rfc4251_gmp.C
@@ -1,5 +1,5 @@
/*
- * rfc4251_gmp.C -- implements mpint/gmp conversions for rfc4251string
+ * rfc4251_gmp.C -- implements mpint/gmp conversions for rfc4251::string
*
* these functions need linking against libgmp
*
@@ -23,7 +23,9 @@
#include "rfc4251.H"
-rfc4251string::rfc4251string (mpz_srcptr x) {
+namespace rfc4251 {
+
+string::string (mpz_srcptr x) {
if (mpz_sgn(x) == 0)
return;
@@ -32,7 +34,7 @@ rfc4251string::rfc4251string (mpz_srcptr x) {
size_t bytes{(bits + 7) / 8};
size_t extrabyte{(bits % 8) == 0}; // need extra byte if MSB is 1 to keep it non-negative
if (bytes + extrabyte > std::numeric_limits<uint32_t>::max())
- throw std::length_error{"32-bit limit for rfc4251string exceeded"};
+ throw std::length_error{"32-bit limit for rfc4251::string exceeded"};
value.resize(bytes + extrabyte);
value[0] = 0;
mpz_export(value.data() + extrabyte, nullptr, 1, 1, 1, 0, x);
@@ -49,7 +51,7 @@ rfc4251string::rfc4251string (mpz_srcptr x) {
}
}
-rfc4251string::operator mpz_class () const {
+string::operator mpz_class () const {
mpz_class ret;
mpz_import(ret.get_mpz_t(), value.size(), 1, 1, 1, 0, value.data());
if (mpz_sizeinbase(ret.get_mpz_t(), 2) == value.size() * 8) { // negative
@@ -59,3 +61,5 @@ rfc4251string::operator mpz_class () const {
}
return ret;
}
+
+}
diff --git a/ssh-agent-filter.C b/ssh-agent-filter.C
index 2b6df6f..8deaf19 100644
--- a/ssh-agent-filter.C
+++ b/ssh-agent-filter.C
@@ -97,8 +97,8 @@ vector<string> allowed_comment;
vector<string> confirmed_b64;
vector<string> confirmed_md5;
vector<string> confirmed_comment;
-std::set<rfc4251string> allowed_pubkeys;
-std::map<rfc4251string, string> confirmed_pubkeys;
+std::set<rfc4251::string> allowed_pubkeys;
+std::map<rfc4251::string, string> confirmed_pubkeys;
bool debug{false};
bool all_confirmed{false};
string saf_name;
@@ -237,17 +237,17 @@ void setup_filters () {
io::stream<io::file_descriptor> agent{make_upstream_agent_conn(), io::close_handle};
arm(agent);
- agent << rfc4251string{string{SSH2_AGENTC_REQUEST_IDENTITIES}};
- rfc4251string answer{agent};
+ agent << rfc4251::string{string{SSH2_AGENTC_REQUEST_IDENTITIES}};
+ rfc4251::string answer{agent};
io::stream<io::array_source> answer_iss{answer.data(), answer.size()};
arm(answer_iss);
- rfc4251byte resp_code{answer_iss};
+ rfc4251::byte resp_code{answer_iss};
if (resp_code != SSH2_AGENT_IDENTITIES_ANSWER)
throw runtime_error{"unexpected answer from ssh-agent"};
- rfc4251uint32 keycount{answer_iss};
+ rfc4251::uint32 keycount{answer_iss};
for (uint32_t i = keycount; i; --i) {
- rfc4251string key{answer_iss};
- rfc4251string comment{answer_iss};
+ rfc4251::string key{answer_iss};
+ rfc4251::string comment{answer_iss};
auto b64 = base64_encode(key);
if (debug) clog << b64 << endl;
@@ -325,19 +325,19 @@ bool confirm (string const & question) {
}
}
-bool dissect_auth_data_ssh (rfc4251string const & data, string & request_description) try {
+bool dissect_auth_data_ssh (rfc4251::string const & data, string & request_description) try {
io::stream<io::array_source> datastream{data.data(), data.size()};
arm(datastream);
// Format specified in RFC 4252 Section 7
- rfc4251string session_identifier{datastream};
- rfc4251byte requesttype{datastream};
- rfc4251string username{datastream};
- rfc4251string servicename{datastream};
- rfc4251string publickeystring{datastream};
- rfc4251bool shouldbetrue{datastream};
- rfc4251string publickeyalgorithm{datastream};
- rfc4251string publickey{datastream};
+ rfc4251::string session_identifier{datastream};
+ rfc4251::byte requesttype{datastream};
+ rfc4251::string username{datastream};
+ rfc4251::string servicename{datastream};
+ rfc4251::string publickeystring{datastream};
+ rfc4251::boolean shouldbetrue{datastream};
+ rfc4251::string publickeyalgorithm{datastream};
+ rfc4251::string publickey{datastream};
request_description = "The request is for an ssh connection as user '" + string{username} + "' with service name '" + string{servicename} + "'.";
@@ -346,17 +346,17 @@ bool dissect_auth_data_ssh (rfc4251string const & data, string & request_descrip
io::stream<io::array_source> idstream{session_identifier.data(), session_identifier.size()};
arm(idstream);
- rfc4251uint32 type{idstream};
+ rfc4251::uint32 type{idstream};
if (type == 101) {
// PAM_SSH_AGENT_AUTH_REQUESTv1
- rfc4251string cookie{idstream};
- rfc4251string user{idstream};
- rfc4251string ruser{idstream};
- rfc4251string pam_service{idstream};
- rfc4251string pwd{idstream};
- rfc4251string action{idstream};
- rfc4251string hostname{idstream};
- rfc4251uint64 timestamp{idstream};
+ rfc4251::string cookie{idstream};
+ rfc4251::string user{idstream};
+ rfc4251::string ruser{idstream};
+ rfc4251::string pam_service{idstream};
+ rfc4251::string pwd{idstream};
+ rfc4251::string action{idstream};
+ rfc4251::string hostname{idstream};
+ rfc4251::uint64 timestamp{idstream};
string singleuser{user};
if (user != ruser)
@@ -369,12 +369,12 @@ bool dissect_auth_data_ssh (rfc4251string const & data, string & request_descrip
io::stream<io::array_source> actionstream{action.data(), action.size()};
arm(actionstream);
- rfc4251uint32 argc{actionstream};
+ rfc4251::uint32 argc{actionstream};
if (argc) {
additional += " to run";
for (uint32_t i = argc; i; --i) {
- rfc4251string argv{actionstream};
+ rfc4251::string argv{actionstream};
additional += ' ' + string{argv};
}
}
@@ -395,45 +395,45 @@ bool dissect_auth_data_ssh (rfc4251string const & data, string & request_descrip
return false;
}
-rfc4251string handle_request (rfc4251string const & r) {
+rfc4251::string handle_request (rfc4251::string const & r) {
io::stream<io::array_source> request{r.data(), r.size()};
- rfc4251string ret;
+ rfc4251::string ret;
io::stream<io::back_insert_device<vector<char>>> answer{ret.value};
arm(request);
arm(answer);
- rfc4251byte request_code{request};
+ rfc4251::byte request_code{request};
switch (request_code) {
case SSH2_AGENTC_REQUEST_IDENTITIES:
{
io::stream<io::file_descriptor> agent{make_upstream_agent_conn(), io::close_handle};
arm(agent);
- agent << rfc4251string{string{SSH2_AGENTC_REQUEST_IDENTITIES}};
+ agent << rfc4251::string{string{SSH2_AGENTC_REQUEST_IDENTITIES}};
// temp to test key filtering when signing
- //return rfc4251string{agent};
- rfc4251string agent_answer{agent};
+ //return rfc4251::string{agent};
+ rfc4251::string agent_answer{agent};
io::stream<io::array_source> agent_answer_iss{agent_answer.data(), agent_answer.size()};
arm(agent_answer_iss);
- rfc4251byte answer_code{agent_answer_iss};
- rfc4251uint32 keycount{agent_answer_iss};
+ rfc4251::byte answer_code{agent_answer_iss};
+ rfc4251::uint32 keycount{agent_answer_iss};
if (answer_code != SSH2_AGENT_IDENTITIES_ANSWER)
throw runtime_error{"unexpected answer from ssh-agent"};
- vector<pair<rfc4251string, rfc4251string>> keys;
+ vector<pair<rfc4251::string, rfc4251::string>> keys;
for (uint32_t i = keycount; i; --i) {
- rfc4251string key{agent_answer_iss};
- rfc4251string comment{agent_answer_iss};
+ rfc4251::string key{agent_answer_iss};
+ rfc4251::string comment{agent_answer_iss};
if (allowed_pubkeys.count(key) or confirmed_pubkeys.count(key))
keys.emplace_back(move(key), move(comment));
}
- answer << answer_code << rfc4251uint32{static_cast<uint32_t>(keys.size())};
+ answer << answer_code << rfc4251::uint32{static_cast<uint32_t>(keys.size())};
for (auto const & k : keys)
answer << k.first << k.second;
}
break;
case SSH2_AGENTC_SIGN_REQUEST:
{
- rfc4251string key{request};
- rfc4251string data{request};
- rfc4251uint32 flags{request};
+ rfc4251::string key{request};
+ rfc4251::string data{request};
+ rfc4251::uint32 flags{request};
bool allow{false};
if (allowed_pubkeys.count(key))
@@ -460,21 +460,21 @@ rfc4251string handle_request (rfc4251string const & r) {
if (allow) {
io::stream<io::file_descriptor> agent{make_upstream_agent_conn(), io::close_handle};
arm(agent);
- rfc4251string agent_answer;
+ rfc4251::string agent_answer;
agent << r;
- return rfc4251string{agent};
+ return rfc4251::string{agent};
} else
- answer << rfc4251byte{SSH_AGENT_FAILURE};
+ answer << rfc4251::byte{SSH_AGENT_FAILURE};
}
break;
case SSH_AGENTC_REQUEST_RSA_IDENTITIES:
- answer << rfc4251byte{SSH_AGENT_RSA_IDENTITIES_ANSWER};
+ answer << rfc4251::byte{SSH_AGENT_RSA_IDENTITIES_ANSWER};
// we got no SSHv1 keys
- answer << rfc4251uint32{0};
+ answer << rfc4251::uint32{0};
break;
case SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES:
- answer << rfc4251byte{SSH_AGENT_SUCCESS};
+ answer << rfc4251::byte{SSH_AGENT_SUCCESS};
break;
case SSH_AGENTC_RSA_CHALLENGE:
case SSH_AGENTC_ADD_RSA_IDENTITY:
@@ -490,7 +490,7 @@ rfc4251string handle_request (rfc4251string const & r) {
case SSH_AGENTC_UNLOCK:
case SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED:
default:
- answer << rfc4251byte{SSH_AGENT_FAILURE};
+ answer << rfc4251::byte{SSH_AGENT_FAILURE};
break;
}
@@ -503,7 +503,7 @@ void handle_client (int const sock) try {
arm(client);
for (;;)
- client << handle_request(rfc4251string{client}) << flush;
+ client << handle_request(rfc4251::string{client}) << flush;
} catch (...) {
}