diff options
Diffstat (limited to 'ssh-agent-filter.C')
| -rw-r--r-- | ssh-agent-filter.C | 102 |
1 files changed, 51 insertions, 51 deletions
diff --git a/ssh-agent-filter.C b/ssh-agent-filter.C index 175fba2..750ae60 100644 --- a/ssh-agent-filter.C +++ b/ssh-agent-filter.C @@ -236,13 +236,13 @@ void setup_filters () { arm(agent); agent << rfc4251::string{string{SSH2_AGENTC_REQUEST_IDENTITIES}}; - rfc4251::string answer{agent}; + rfc4251::string const answer{agent}; io::stream<io::array_source> answer_iss{answer.data(), answer.size()}; arm(answer_iss); - rfc4251::byte resp_code{answer_iss}; + rfc4251::byte const resp_code{answer_iss}; if (resp_code != SSH2_AGENT_IDENTITIES_ANSWER) throw runtime_error{"unexpected answer from ssh-agent"}; - rfc4251::uint32 keycount{answer_iss}; + rfc4251::uint32 const keycount{answer_iss}; for (uint32_t i = keycount; i; --i) { rfc4251::string key{answer_iss}; rfc4251::string comment{answer_iss}; @@ -329,7 +329,7 @@ std::optional<string> dissect_auth_data_ssh_cert (rfc4251::string const & data) string request_description{}; // Format specified in https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.certkeys?annotate=1.13 - rfc4251::string keytype{datastream}; + rfc4251::string const keytype{datastream}; std::string keytype_str{keytype}; { // check for and remove suffix to get the base keytype @@ -341,40 +341,40 @@ std::optional<string> dissect_auth_data_ssh_cert (rfc4251::string const & data) return {}; keytype_str.erase(suffix_start, keytype_str.end()); } - rfc4251::string nonce{datastream}; + rfc4251::string const nonce{datastream}; std::ostringstream key_to_be_signed{}; if (keytype_str == "ssh-rsa") { - rfc4251::mpint e{datastream}; - rfc4251::mpint n{datastream}; + rfc4251::mpint const e{datastream}; + rfc4251::mpint const n{datastream}; key_to_be_signed << rfc4251::string{keytype_str} << e << n; } else if (keytype_str == "ssh-dss") { - rfc4251::mpint p{datastream}; - rfc4251::mpint q{datastream}; - rfc4251::mpint g{datastream}; - rfc4251::mpint y{datastream}; + rfc4251::mpint const p{datastream}; + rfc4251::mpint const q{datastream}; + rfc4251::mpint const g{datastream}; + rfc4251::mpint const y{datastream}; key_to_be_signed << rfc4251::string{keytype_str} << p << q << g << y; } else if (keytype_str == "ecdsa-sha2-nistp256" || keytype_str == "ecdsa-sha2-nistp384" || keytype_str == "ecdsa-sha2-nistp521") { - rfc4251::string curve{datastream}; - rfc4251::string public_key{datastream}; + rfc4251::string const curve{datastream}; + rfc4251::string const public_key{datastream}; key_to_be_signed << rfc4251::string{keytype_str} << curve << public_key; } else if (keytype_str == "ssh-ed25519") { - rfc4251::string pk{datastream}; + rfc4251::string const pk{datastream}; key_to_be_signed << rfc4251::string{keytype_str} << pk; } else { return {}; } - rfc4251::uint64 serial{datastream}; - rfc4251::uint32 type{datastream}; - rfc4251::string key_id{datastream}; - rfc4251::string valid_principals{datastream}; - rfc4251::uint64 valid_after{datastream}; - rfc4251::uint64 valid_before{datastream}; - rfc4251::string critical_options{datastream}; - rfc4251::string extensions{datastream}; - rfc4251::string reserved{datastream}; - rfc4251::string signature_key{datastream}; + rfc4251::uint64 const serial{datastream}; + rfc4251::uint32 const type{datastream}; + rfc4251::string const key_id{datastream}; + rfc4251::string const valid_principals{datastream}; + rfc4251::uint64 const valid_after{datastream}; + rfc4251::uint64 const valid_before{datastream}; + rfc4251::string const critical_options{datastream}; + rfc4251::string const extensions{datastream}; + rfc4251::string const reserved{datastream}; + rfc4251::string const signature_key{datastream}; request_description = "The request is for a certificate signature on key " + base64_encode(key_to_be_signed.str()) + "."; @@ -389,14 +389,14 @@ std::optional<string> dissect_auth_data_ssh (rfc4251::string const & data) try { string request_description{}; // Format specified in RFC 4252 Section 7 - rfc4251::string session_identifier{datastream}; - rfc4251::byte requesttype{datastream}; - rfc4251::string username{datastream}; - rfc4251::string servicename{datastream}; - rfc4251::string publickeystring{datastream}; - rfc4251::boolean shouldbetrue{datastream}; - rfc4251::string publickeyalgorithm{datastream}; - rfc4251::string publickey{datastream}; + rfc4251::string const session_identifier{datastream}; + rfc4251::byte const requesttype{datastream}; + rfc4251::string const username{datastream}; + rfc4251::string const servicename{datastream}; + rfc4251::string const publickeystring{datastream}; + rfc4251::boolean const shouldbetrue{datastream}; + rfc4251::string const publickeyalgorithm{datastream}; + rfc4251::string const publickey{datastream}; request_description = "The request is for an ssh connection as user '" + string{username} + "' with service name '" + string{servicename} + "'."; @@ -405,17 +405,17 @@ std::optional<string> dissect_auth_data_ssh (rfc4251::string const & data) try { io::stream<io::array_source> idstream{session_identifier.data(), session_identifier.size()}; arm(idstream); - rfc4251::uint32 type{idstream}; + rfc4251::uint32 const type{idstream}; if (type == 101) { // PAM_SSH_AGENT_AUTH_REQUESTv1 - rfc4251::string cookie{idstream}; - rfc4251::string user{idstream}; - rfc4251::string ruser{idstream}; - rfc4251::string pam_service{idstream}; - rfc4251::string pwd{idstream}; - rfc4251::string action{idstream}; - rfc4251::string hostname{idstream}; - rfc4251::uint64 timestamp{idstream}; + rfc4251::string const cookie{idstream}; + rfc4251::string const user{idstream}; + rfc4251::string const ruser{idstream}; + rfc4251::string const pam_service{idstream}; + rfc4251::string const pwd{idstream}; + rfc4251::string const action{idstream}; + rfc4251::string const hostname{idstream}; + rfc4251::uint64 const timestamp{idstream}; string singleuser{user}; if (user != ruser) @@ -428,12 +428,12 @@ std::optional<string> dissect_auth_data_ssh (rfc4251::string const & data) try { io::stream<io::array_source> actionstream{action.data(), action.size()}; arm(actionstream); - rfc4251::uint32 argc{actionstream}; + rfc4251::uint32 const argc{actionstream}; if (argc) { additional += " to run"; for (uint32_t i = argc; i; --i) { - rfc4251::string argv{actionstream}; + rfc4251::string const argv{actionstream}; additional += ' ' + string{argv}; } } @@ -474,7 +474,7 @@ rfc4251::string handle_request (rfc4251::string const & r) { io::stream<io::back_insert_device<vector<char>>> answer{ret.buf}; arm(request); arm(answer); - rfc4251::byte request_code{request}; + rfc4251::byte const request_code{request}; switch (request_code) { case SSH2_AGENTC_REQUEST_IDENTITIES: { @@ -483,14 +483,14 @@ rfc4251::string handle_request (rfc4251::string const & r) { agent << rfc4251::string{string{SSH2_AGENTC_REQUEST_IDENTITIES}}; // temp to test key filtering when signing //return rfc4251::string{agent}; - rfc4251::string agent_answer{agent}; + rfc4251::string const agent_answer{agent}; io::stream<io::array_source> agent_answer_iss{agent_answer.data(), agent_answer.size()}; arm(agent_answer_iss); - rfc4251::byte answer_code{agent_answer_iss}; - rfc4251::uint32 keycount{agent_answer_iss}; + rfc4251::byte const answer_code{agent_answer_iss}; + rfc4251::uint32 const keycount{agent_answer_iss}; if (answer_code != SSH2_AGENT_IDENTITIES_ANSWER) throw runtime_error{"unexpected answer from ssh-agent"}; - vector<pair<rfc4251::string, rfc4251::string>> keys; + vector<pair<rfc4251::string const, rfc4251::string const>> keys; for (uint32_t i = keycount; i; --i) { rfc4251::string key{agent_answer_iss}; rfc4251::string comment{agent_answer_iss}; @@ -504,9 +504,9 @@ rfc4251::string handle_request (rfc4251::string const & r) { break; case SSH2_AGENTC_SIGN_REQUEST: { - rfc4251::string key{request}; - rfc4251::string data_to_be_signed{request}; - rfc4251::uint32 flags{request}; + rfc4251::string const key{request}; + rfc4251::string const data_to_be_signed{request}; + rfc4251::uint32 const flags{request}; bool allow{false}; if (allowed_pubkeys.count(key)) |