aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Makefile10
-rw-r--r--changelog54
-rw-r--r--rfc4251.C16
-rw-r--r--rfc4251.H214
-rw-r--r--rfc4251.h210
-rw-r--r--rfc4251_gmp.C16
-rw-r--r--ssh-agent-filter.C126
-rw-r--r--version.h2
8 files changed, 356 insertions, 292 deletions
diff --git a/Makefile b/Makefile
index fcecbaa..a0dd007 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,4 @@
-# Copyright (C) 2013 Timo Weingärtner <timo@tiwe.de>
+# Copyright (C) 2013,2015 Timo Weingärtner <timo@tiwe.de>
#
# This file is part of ssh-agent-filter.
#
@@ -20,7 +20,7 @@ CXXFLAGS ?= -g -O2 -Wall -Wold-style-cast
CPPFLAGS += -D_FILE_OFFSET_BITS=64
CXXFLAGS += -std=c++11
-LDLIBS = -lstdc++ -lboost_program_options -lboost_filesystem -lboost_system -lboost_iostreams -lnettle
+LDLIBS = -lstdc++ -lboost_program_options -lboost_filesystem -lboost_system -lboost_iostreams -lnettle -lpthread
all: ssh-agent-filter.1 afssh.1 ssh-askpass-noinput.1
@@ -32,9 +32,9 @@ ssh-agent-filter.1: ssh-agent-filter
ssh-agent-filter: ssh-agent-filter.o
-ssh-agent-filter.o: ssh-agent-filter.C rfc4251.h ssh-agent.h version.h
-rfc4251.o: rfc4251.C rfc4251.h
-rfc4251_gmp.o: rfc4251_gmp.C rfc4251.h
+ssh-agent-filter.o: ssh-agent-filter.C rfc4251.H ssh-agent.h version.h
+rfc4251.o: rfc4251.C rfc4251.H
+rfc4251_gmp.o: rfc4251_gmp.C rfc4251.H
version.h:
test ! -d .git || git describe | sed 's/^.*$$/#define SSH_AGENT_FILTER_VERSION "ssh-agent-filter \0"/' > $@
diff --git a/changelog b/changelog
index 57f7e7e..39261c0 100644
--- a/changelog
+++ b/changelog
@@ -1,3 +1,57 @@
+commit 6bf9113ea96a99a5eb1b8f832497dd9e24857468
+Author: Timo Weingärtner <timo@tiwe.de>
+Date: 2015-09-06 16:41:22 +0200
+
+ release 0.4.1
+
+commit d4584ca24834ca07f34c27c99ddf48c4c9156947
+Author: Timo Weingärtner <timo@tiwe.de>
+Date: 2015-09-06 16:40:23 +0200
+
+ update copyright
+
+commit 33485a9d38ad40ee971695384cfc869ced281a8c
+Author: Timo Weingärtner <timo@tiwe.de>
+Date: 2015-09-06 17:01:47 +0200
+
+ Makefile: link to pthread
+
+ some versions of gcc reference a pthread function in the <thread> header
+
+commit ad1c2d2b28209654b447e1a5198c6516cfa50b88
+Author: Timo Weingärtner <timo@tiwe.de>
+Date: 2015-08-31 23:36:29 +0200
+
+ call functions with namespace instead of using their names
+
+ avoids problems with ADL
+
+ Closes: #797235
+
+commit 8f675da301eafe79897f3ad67ff5450fcc397f78
+Author: Timo Weingärtner <timo@tiwe.de>
+Date: 2015-08-31 20:22:37 +0200
+
+ move rfc4251 types into their own namespace
+
+commit 774ff2757de2a32c57046cbdc8425c6c22759035
+Author: Timo Weingärtner <timo@tiwe.de>
+Date: 2015-08-28 19:12:58 +0200
+
+ rename C++ header to .H
+
+commit d9ffc789b1c7e781acbdd8310aef871dc3a41c13 (tag: 0.4)
+Author: Timo Weingärtner <timo@tiwe.de>
+Date: 2014-05-26 23:47:02 +0200
+
+ release 0.4
+
+commit 57f385d44cdc4eec0d0d2de7ea04ade6f4154dbf
+Author: Timo Weingärtner <timo@tiwe.de>
+Date: 2014-05-27 00:16:40 +0200
+
+ update copyright
+
commit 4318a9a998f78f1d6ee4d32facd0fc8e1e231179
Author: Timo Weingärtner <timo@tiwe.de>
Date: 2014-05-26 23:36:33 +0200
diff --git a/rfc4251.C b/rfc4251.C
index 8ca5f2b..5ea0a93 100644
--- a/rfc4251.C
+++ b/rfc4251.C
@@ -1,10 +1,10 @@
/*
* rfc4251.C -- support for name-list type from RFC 4251, section 5
*
- * These are the conversions between an rfc4251string containing a name-list
+ * These are the conversions between an rfc4251::string containing a name-list
* and vector<string>.
*
- * Copyright (C) 2013 Timo Weingärtner <timo@tiwe.de>
+ * Copyright (C) 2013,2015 Timo Weingärtner <timo@tiwe.de>
*
* This file is part of ssh-agent-filter.
*
@@ -22,14 +22,16 @@
* along with ssh-agent-filter. If not, see <http://www.gnu.org/licenses/>.
*/
-#include "rfc4251.h"
+#include "rfc4251.H"
-rfc4251string::rfc4251string (std::vector<std::string> const & v) {
+namespace rfc4251 {
+
+string::string (std::vector<std::string> const & v) {
for (auto it = v.begin(); it != v.end();) {
if (it->size() == 0)
throw std::length_error{"name of zero length"};
if (value.size() + it->size() > std::numeric_limits<uint32_t>::max())
- throw std::length_error{"32-bit limit for rfc4251string exceeded"};
+ throw std::length_error{"32-bit limit for rfc4251::string exceeded"};
value.insert(value.end(), it->data(), it->data() + it->size());
++it;
if (it == v.end())
@@ -38,7 +40,7 @@ rfc4251string::rfc4251string (std::vector<std::string> const & v) {
}
}
-rfc4251string::operator std::vector<std::string> () const {
+string::operator std::vector<std::string> () const {
std::vector<std::string> ret;
auto name_start = value.begin();
if (name_start != value.end())
@@ -54,3 +56,5 @@ rfc4251string::operator std::vector<std::string> () const {
}
return ret;
}
+
+}
diff --git a/rfc4251.H b/rfc4251.H
new file mode 100644
index 0000000..7d4c0d3
--- /dev/null
+++ b/rfc4251.H
@@ -0,0 +1,214 @@
+/*
+ * rfc4251.h -- implements types from RFC 4251, section 5
+ *
+ * rfc4251::byte byte
+ * rfc4251::boolean boolean
+ * rfc4251::uint32 uint32
+ * rfc4251::uint64 uint64
+ * rfc4251::string string, incl. mpint and name-list
+ *
+ * those structs contain the objects in their RFC 4251 representation,
+ * conversions are provided via constructors and cast operators
+ *
+ * Copyright (C) 2013-2015 Timo Weingärtner <timo@tiwe.de>
+ *
+ * This file is part of ssh-agent-filter.
+ *
+ * ssh-agent-filter is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * ssh-agent-filter is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with ssh-agent-filter. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <vector>
+#include <string>
+#include <iostream>
+#include <limits>
+#include <stdexcept>
+#include <arpa/inet.h> // ntohl() / htonl()
+#include <gmpxx.h>
+#include <boost/operators.hpp>
+
+namespace rfc4251 {
+
+struct byte {
+ union {
+ uint8_t value;
+ char buf[1];
+ };
+
+ byte () = default;
+ explicit byte (uint8_t v) : value(v) {}
+ inline explicit byte (std::istream &);
+
+ operator uint8_t () const { return value; }
+};
+
+inline std::istream & operator>> (std::istream & is, byte & x) {
+ return is.read(x.buf, sizeof(x.buf));
+}
+
+inline std::ostream & operator<< (std::ostream & os, byte const & x) {
+ return os.write(x.buf, sizeof(x.buf));
+}
+
+inline byte::byte (std::istream & is) {
+ is >> *this;
+}
+
+struct boolean {
+ union {
+ bool value;
+ char buf[1];
+ };
+
+ boolean () = default;
+ explicit boolean (uint8_t v) : value(v) {}
+ inline explicit boolean (std::istream &);
+
+ operator uint8_t () const { return value; }
+};
+
+inline std::istream & operator>> (std::istream & is, boolean & x) {
+ return is.read(x.buf, sizeof(x.buf));
+}
+
+inline std::ostream & operator<< (std::ostream & os, boolean const & x) {
+ return os.write(x.buf, sizeof(x.buf));
+}
+
+inline boolean::boolean (std::istream & is) {
+ is >> *this;
+}
+
+struct uint32 {
+ union {
+ uint32_t value;
+ char buf[4];
+ };
+
+ uint32 () = default;
+ explicit uint32 (uint32_t v) { value = htonl(v); }
+ inline explicit uint32 (std::istream &);
+
+ operator uint32_t () const { return ntohl(value); }
+};
+
+inline std::istream & operator>> (std::istream & is, uint32 & x) {
+ return is.read(x.buf, sizeof(x.buf));
+}
+
+inline std::ostream & operator<< (std::ostream & os, uint32 const & x) {
+ return os.write(x.buf, sizeof(x.buf));
+}
+
+inline uint32::uint32 (std::istream & is) {
+ is >> *this;
+}
+
+struct uint64 {
+ union {
+ uint64_t value;
+ char buf[8];
+ };
+
+ uint64 () = default;
+ inline explicit uint64 (uint64_t v);
+ inline explicit uint64 (std::istream &);
+
+ inline explicit operator uint64_t () const;
+};
+
+inline uint64::uint64 (uint64_t v) {
+ for (int_fast8_t i{7}; i >= 0; --i) {
+ buf[i] = v & 0xff;
+ v >>= 8;
+ }
+}
+
+inline uint64::operator uint64_t () const {
+ uint64_t ret{0};
+ for (uint_fast8_t i{0}; i < 8; ++i) {
+ ret <<= 8;
+ ret |= static_cast<uint8_t>(buf[i]);
+ }
+ return ret;
+}
+
+inline std::istream & operator>> (std::istream & is, uint64 & x) {
+ return is.read(x.buf, sizeof(x.buf));
+}
+
+inline std::ostream & operator<< (std::ostream & os, uint64 const & x) {
+ return os.write(x.buf, sizeof(x.buf));
+}
+
+inline uint64::uint64 (std::istream & is) {
+ is >> *this;
+}
+
+struct string : boost::totally_ordered<string> {
+ std::vector<char> value;
+
+ string () = default;
+ inline explicit string (char const *, size_t);
+ explicit string (std::string const & s) : string{s.data(), s.size()} {}
+ explicit string (std::vector<std::string> const &);
+ explicit string (mpz_srcptr);
+ explicit string (mpz_class const & x) : string{x.get_mpz_t()} {}
+ inline explicit string (std::istream &);
+
+ size_t size () const { return value.size(); }
+ char const * data () const { return value.data(); }
+ char * data () { return value.data(); }
+
+ operator std::string () const { return {value.begin(), value.end()}; }
+ operator std::vector<std::string> () const;
+ operator mpz_class () const;
+};
+
+inline string::string (char const * s, size_t l) {
+ if (l > std::numeric_limits<uint32_t>::max())
+ throw std::length_error{"32-bit limit for rfc4251::string exceeded"};
+ value.insert(value.end(), s, s + l);
+}
+
+inline std::istream & operator>> (std::istream & is, string & s) {
+ s.value.clear();
+ uint32 len;
+ if (is >> len) {
+ s.value.resize(len);
+ is.read(s.value.data(), len);
+ }
+ return is;
+}
+
+inline std::ostream & operator<< (std::ostream & os, string const & s) {
+ if (s.value.size() > std::numeric_limits<uint32_t>::max())
+ throw std::length_error{"32-bit limit for rfc4251::string exceeded"};
+ if (os << uint32{static_cast<uint32_t>(s.value.size())})
+ os.write(s.value.data(), s.value.size());
+ return os;
+}
+
+inline string::string (std::istream & is) {
+ is >> *this;
+}
+
+inline bool operator== (string const & l, string const & r) {
+ return l.value == r.value;
+}
+
+inline bool operator< (string const & l, string const & r) {
+ return l.value < r.value;
+}
+
+}
diff --git a/rfc4251.h b/rfc4251.h
deleted file mode 100644
index d9ac93e..0000000
--- a/rfc4251.h
+++ /dev/null
@@ -1,210 +0,0 @@
-/*
- * rfc4251.h -- implements types from RFC 4251, section 5
- *
- * rfc4251byte byte
- * rfc4251bool bool
- * rfc4251uint32 uint32
- * rfc4251uint64 uint64
- * rfc4251string string, incl. mpint and name-list
- *
- * those structs contain the objects in their RFC 4251 representation,
- * conversions are provided via constructors and cast operators
- *
- * Copyright (C) 2013-2014 Timo Weingärtner <timo@tiwe.de>
- *
- * This file is part of ssh-agent-filter.
- *
- * ssh-agent-filter is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * ssh-agent-filter is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with ssh-agent-filter. If not, see <http://www.gnu.org/licenses/>.
- */
-
-#include <vector>
-#include <string>
-#include <iostream>
-#include <limits>
-#include <stdexcept>
-#include <arpa/inet.h> // ntohl() / htonl()
-#include <gmpxx.h>
-#include <boost/operators.hpp>
-
-struct rfc4251byte {
- union {
- uint8_t value;
- char buf[1];
- };
-
- rfc4251byte () = default;
- explicit rfc4251byte (uint8_t v) : value(v) {}
- inline explicit rfc4251byte (std::istream &);
-
- operator uint8_t () const { return value; }
-};
-
-inline std::istream & operator>> (std::istream & is, rfc4251byte & x) {
- return is.read(x.buf, sizeof(x.buf));
-}
-
-inline std::ostream & operator<< (std::ostream & os, rfc4251byte const & x) {
- return os.write(x.buf, sizeof(x.buf));
-}
-
-inline rfc4251byte::rfc4251byte (std::istream & is) {
- is >> *this;
-}
-
-struct rfc4251bool {
- union {
- bool value;
- char buf[1];
- };
-
- rfc4251bool () = default;
- explicit rfc4251bool (uint8_t v) : value(v) {}
- inline explicit rfc4251bool (std::istream &);
-
- operator uint8_t () const { return value; }
-};
-
-inline std::istream & operator>> (std::istream & is, rfc4251bool & x) {
- return is.read(x.buf, sizeof(x.buf));
-}
-
-inline std::ostream & operator<< (std::ostream & os, rfc4251bool const & x) {
- return os.write(x.buf, sizeof(x.buf));
-}
-
-inline rfc4251bool::rfc4251bool (std::istream & is) {
- is >> *this;
-}
-
-struct rfc4251uint32 {
- union {
- uint32_t value;
- char buf[4];
- };
-
- rfc4251uint32 () = default;
- explicit rfc4251uint32 (uint32_t v) { value = htonl(v); }
- inline explicit rfc4251uint32 (std::istream &);
-
- operator uint32_t () const { return ntohl(value); }
-};
-
-inline std::istream & operator>> (std::istream & is, rfc4251uint32 & x) {
- return is.read(x.buf, sizeof(x.buf));
-}
-
-inline std::ostream & operator<< (std::ostream & os, rfc4251uint32 const & x) {
- return os.write(x.buf, sizeof(x.buf));
-}
-
-inline rfc4251uint32::rfc4251uint32 (std::istream & is) {
- is >> *this;
-}
-
-struct rfc4251uint64 {
- union {
- uint64_t value;
- char buf[8];
- };
-
- rfc4251uint64 () = default;
- inline explicit rfc4251uint64 (uint64_t v);
- inline explicit rfc4251uint64 (std::istream &);
-
- inline explicit operator uint64_t () const;
-};
-
-inline rfc4251uint64::rfc4251uint64 (uint64_t v) {
- for (int_fast8_t i{7}; i >= 0; --i) {
- buf[i] = v & 0xff;
- v >>= 8;
- }
-}
-
-inline rfc4251uint64::operator uint64_t () const {
- uint64_t ret{0};
- for (uint_fast8_t i{0}; i < 8; ++i) {
- ret <<= 8;
- ret |= static_cast<uint8_t>(buf[i]);
- }
- return ret;
-}
-
-inline std::istream & operator>> (std::istream & is, rfc4251uint64 & x) {
- return is.read(x.buf, sizeof(x.buf));
-}
-
-inline std::ostream & operator<< (std::ostream & os, rfc4251uint64 const & x) {
- return os.write(x.buf, sizeof(x.buf));
-}
-
-inline rfc4251uint64::rfc4251uint64 (std::istream & is) {
- is >> *this;
-}
-
-struct rfc4251string : boost::totally_ordered<rfc4251string> {
- std::vector<char> value;
-
- rfc4251string () = default;
- inline explicit rfc4251string (char const *, size_t);
- explicit rfc4251string (std::string const & s) : rfc4251string{s.data(), s.size()} {}
- explicit rfc4251string (std::vector<std::string> const &);
- explicit rfc4251string (mpz_srcptr);
- explicit rfc4251string (mpz_class const & x) : rfc4251string{x.get_mpz_t()} {}
- inline explicit rfc4251string (std::istream &);
-
- size_t size () const { return value.size(); }
- char const * data () const { return value.data(); }
- char * data () { return value.data(); }
-
- operator std::string () const { return {value.begin(), value.end()}; }
- operator std::vector<std::string> () const;
- operator mpz_class () const;
-};
-
-inline rfc4251string::rfc4251string (char const * s, size_t l) {
- if (l > std::numeric_limits<uint32_t>::max())
- throw std::length_error{"32-bit limit for rfc4251string exceeded"};
- value.insert(value.end(), s, s + l);
-}
-
-inline std::istream & operator>> (std::istream & is, rfc4251string & s) {
- s.value.clear();
- rfc4251uint32 len;
- if (is >> len) {
- s.value.resize(len);
- is.read(s.value.data(), len);
- }
- return is;
-}
-
-inline std::ostream & operator<< (std::ostream & os, rfc4251string const & s) {
- if (s.value.size() > std::numeric_limits<uint32_t>::max())
- throw std::length_error{"32-bit limit for rfc4251string exceeded"};
- if (os << rfc4251uint32{static_cast<uint32_t>(s.value.size())})
- os.write(s.value.data(), s.value.size());
- return os;
-}
-
-inline rfc4251string::rfc4251string (std::istream & is) {
- is >> *this;
-}
-
-inline bool operator== (rfc4251string const & l, rfc4251string const & r) {
- return l.value == r.value;
-}
-
-inline bool operator< (rfc4251string const & l, rfc4251string const & r) {
- return l.value < r.value;
-}
diff --git a/rfc4251_gmp.C b/rfc4251_gmp.C
index d3a664e..b4c369b 100644
--- a/rfc4251_gmp.C
+++ b/rfc4251_gmp.C
@@ -1,9 +1,9 @@
/*
- * rfc4251_gmp.C -- implements mpint/gmp conversions for rfc4251string
+ * rfc4251_gmp.C -- implements mpint/gmp conversions for rfc4251::string
*
* these functions need linking against libgmp
*
- * Copyright (C) 2013 Timo Weingärtner <timo@tiwe.de>
+ * Copyright (C) 2013,2015 Timo Weingärtner <timo@tiwe.de>
*
* This file is part of ssh-agent-filter.
*
@@ -21,9 +21,11 @@
* along with ssh-agent-filter. If not, see <http://www.gnu.org/licenses/>.
*/
-#include "rfc4251.h"
+#include "rfc4251.H"
-rfc4251string::rfc4251string (mpz_srcptr x) {
+namespace rfc4251 {
+
+string::string (mpz_srcptr x) {
if (mpz_sgn(x) == 0)
return;
@@ -32,7 +34,7 @@ rfc4251string::rfc4251string (mpz_srcptr x) {
size_t bytes{(bits + 7) / 8};
size_t extrabyte{(bits % 8) == 0}; // need extra byte if MSB is 1 to keep it non-negative
if (bytes + extrabyte > std::numeric_limits<uint32_t>::max())
- throw std::length_error{"32-bit limit for rfc4251string exceeded"};
+ throw std::length_error{"32-bit limit for rfc4251::string exceeded"};
value.resize(bytes + extrabyte);
value[0] = 0;
mpz_export(value.data() + extrabyte, nullptr, 1, 1, 1, 0, x);
@@ -49,7 +51,7 @@ rfc4251string::rfc4251string (mpz_srcptr x) {
}
}
-rfc4251string::operator mpz_class () const {
+string::operator mpz_class () const {
mpz_class ret;
mpz_import(ret.get_mpz_t(), value.size(), 1, 1, 1, 0, value.data());
if (mpz_sizeinbase(ret.get_mpz_t(), 2) == value.size() * 8) { // negative
@@ -59,3 +61,5 @@ rfc4251string::operator mpz_class () const {
}
return ret;
}
+
+}
diff --git a/ssh-agent-filter.C b/ssh-agent-filter.C
index faa31f9..4d9b2ba 100644
--- a/ssh-agent-filter.C
+++ b/ssh-agent-filter.C
@@ -1,7 +1,7 @@
/*
* ssh-agent-filter.C -- filtering proxy for ssh-agent meant to be forwarded to untrusted servers
*
- * Copyright (C) 2013-2014 Timo Weingärtner <timo@tiwe.de>
+ * Copyright (C) 2013-2015 Timo Weingärtner <timo@tiwe.de>
*
* This file is part of ssh-agent-filter.
*
@@ -56,10 +56,8 @@ using std::system_category;
#include <utility>
using std::pair;
-using std::move;
#include <algorithm>
-using std::count;
#include <thread>
#include <mutex>
@@ -83,7 +81,7 @@ using std::lock_guard;
#include <nettle/base64.h>
#include <nettle/base16.h>
-#include "rfc4251.h"
+#include "rfc4251.H"
#include "ssh-agent.h"
#include "version.h"
@@ -97,8 +95,8 @@ vector<string> allowed_comment;
vector<string> confirmed_b64;
vector<string> confirmed_md5;
vector<string> confirmed_comment;
-std::set<rfc4251string> allowed_pubkeys;
-std::map<rfc4251string, string> confirmed_pubkeys;
+std::set<rfc4251::string> allowed_pubkeys;
+std::map<rfc4251::string, string> confirmed_pubkeys;
bool debug{false};
bool all_confirmed{false};
string saf_name;
@@ -237,17 +235,17 @@ void setup_filters () {
io::stream<io::file_descriptor> agent{make_upstream_agent_conn(), io::close_handle};
arm(agent);
- agent << rfc4251string{string{SSH2_AGENTC_REQUEST_IDENTITIES}};
- rfc4251string answer{agent};
+ agent << rfc4251::string{string{SSH2_AGENTC_REQUEST_IDENTITIES}};
+ rfc4251::string answer{agent};
io::stream<io::array_source> answer_iss{answer.data(), answer.size()};
arm(answer_iss);
- rfc4251byte resp_code{answer_iss};
+ rfc4251::byte resp_code{answer_iss};
if (resp_code != SSH2_AGENT_IDENTITIES_ANSWER)
throw runtime_error{"unexpected answer from ssh-agent"};
- rfc4251uint32 keycount{answer_iss};
+ rfc4251::uint32 keycount{answer_iss};
for (uint32_t i = keycount; i; --i) {
- rfc4251string key{answer_iss};
- rfc4251string comment{answer_iss};
+ rfc4251::string key{answer_iss};
+ rfc4251::string comment{answer_iss};
auto b64 = base64_encode(key);
if (debug) clog << b64 << endl;
@@ -260,32 +258,32 @@ void setup_filters () {
bool allow{false};
- if (count(allowed_b64.begin(), allowed_b64.end(), b64)) {
+ if (std::count(allowed_b64.begin(), allowed_b64.end(), b64)) {
allow = true;
if (debug) clog << "key allowed by equal base64 representation" << endl;
}
- if (count(allowed_md5.begin(), allowed_md5.end(), md5)) {
+ if (std::count(allowed_md5.begin(), allowed_md5.end(), md5)) {
allow = true;
if (debug) clog << "key allowed by matching md5 fingerprint" << endl;
}
- if (count(allowed_comment.begin(), allowed_comment.end(), comm)) {
+ if (std::count(allowed_comment.begin(), allowed_comment.end(), comm)) {
allow = true;
if (debug) clog << "key allowed by matching comment" << endl;
}
- if (allow) allowed_pubkeys.emplace(move(key));
+ if (allow) allowed_pubkeys.emplace(std::move(key));
else {
bool confirm{false};
- if (count(confirmed_b64.begin(), confirmed_b64.end(), b64)) {
+ if (std::count(confirmed_b64.begin(), confirmed_b64.end(), b64)) {
confirm = true;
if (debug) clog << "key allowed with confirmation by equal base64 representation" << endl;
}
- if (count(confirmed_md5.begin(), confirmed_md5.end(), md5)) {
+ if (std::count(confirmed_md5.begin(), confirmed_md5.end(), md5)) {
confirm = true;
if (debug) clog << "key allowed with confirmation by matching md5 fingerprint" << endl;
}
- if (count(confirmed_comment.begin(), confirmed_comment.end(), comm)) {
+ if (std::count(confirmed_comment.begin(), confirmed_comment.end(), comm)) {
confirm = true;
if (debug) clog << "key allowed with confirmation by matching comment" << endl;
}
@@ -294,7 +292,7 @@ void setup_filters () {
if (debug) clog << "key allowed with confirmation by catch-all (-A)" << endl;
}
- if (confirm) confirmed_pubkeys.emplace(move(key), move(comm));
+ if (confirm) confirmed_pubkeys.emplace(std::move(key), std::move(comm));
}
if (debug) clog << endl;
@@ -325,19 +323,19 @@ bool confirm (string const & question) {
}
}
-bool dissect_auth_data_ssh (rfc4251string const & data, string & request_description) try {
+bool dissect_auth_data_ssh (rfc4251::string const & data, string & request_description) try {
io::stream<io::array_source> datastream{data.data(), data.size()};
arm(datastream);
// Format specified in RFC 4252 Section 7
- rfc4251string session_identifier{datastream};
- rfc4251byte requesttype{datastream};
- rfc4251string username{datastream};
- rfc4251string servicename{datastream};
- rfc4251string publickeystring{datastream};
- rfc4251bool shouldbetrue{datastream};
- rfc4251string publickeyalgorithm{datastream};
- rfc4251string publickey{datastream};
+ rfc4251::string session_identifier{datastream};
+ rfc4251::byte requesttype{datastream};
+ rfc4251::string username{datastream};
+ rfc4251::string servicename{datastream};
+ rfc4251::string publickeystring{datastream};
+ rfc4251::boolean shouldbetrue{datastream};
+ rfc4251::string publickeyalgorithm{datastream};
+ rfc4251::string publickey{datastream};
request_description = "The request is for an ssh connection as user '" + string{username} + "' with service name '" + string{servicename} + "'.";
@@ -346,17 +344,17 @@ bool dissect_auth_data_ssh (rfc4251string const & data, string & request_descrip
io::stream<io::array_source> idstream{session_identifier.data(), session_identifier.size()};
arm(idstream);
- rfc4251uint32 type{idstream};
+ rfc4251::uint32 type{idstream};
if (type == 101) {
// PAM_SSH_AGENT_AUTH_REQUESTv1
- rfc4251string cookie{idstream};
- rfc4251string user{idstream};
- rfc4251string ruser{idstream};
- rfc4251string pam_service{idstream};
- rfc4251string pwd{idstream};
- rfc4251string action{idstream};
- rfc4251string hostname{idstream};
- rfc4251uint64 timestamp{idstream};
+ rfc4251::string cookie{idstream};
+ rfc4251::string user{idstream};
+ rfc4251::string ruser{idstream};
+ rfc4251::string pam_service{idstream};
+ rfc4251::string pwd{idstream};
+ rfc4251::string action{idstream};
+ rfc4251::string hostname{idstream};
+ rfc4251::uint64 timestamp{idstream};
string singleuser{user};
if (user != ruser)
@@ -369,12 +367,12 @@ bool dissect_auth_data_ssh (rfc4251string const & data, string & request_descrip
io::stream<io::array_source> actionstream{action.data(), action.size()};
arm(actionstream);
- rfc4251uint32 argc{actionstream};
+ rfc4251::uint32 argc{actionstream};
if (argc) {
additional += " to run";
for (uint32_t i = argc; i; --i) {
- rfc4251string argv{actionstream};
+ rfc4251::string argv{actionstream};
additional += ' ' + string{argv};
}
}
@@ -395,45 +393,45 @@ bool dissect_auth_data_ssh (rfc4251string const & data, string & request_descrip
return false;
}
-rfc4251string handle_request (rfc4251string const & r) {
+rfc4251::string handle_request (rfc4251::string const & r) {
io::stream<io::array_source> request{r.data(), r.size()};
- rfc4251string ret;
+ rfc4251::string ret;
io::stream<io::back_insert_device<vector<char>>> answer{ret.value};
arm(request);
arm(answer);
- rfc4251byte request_code{request};
+ rfc4251::byte request_code{request};
switch (request_code) {
case SSH2_AGENTC_REQUEST_IDENTITIES:
{
io::stream<io::file_descriptor> agent{make_upstream_agent_conn(), io::close_handle};
arm(agent);
- agent << rfc4251string{string{SSH2_AGENTC_REQUEST_IDENTITIES}};
+ agent << rfc4251::string{string{SSH2_AGENTC_REQUEST_IDENTITIES}};
// temp to test key filtering when signing
- //return rfc4251string{agent};
- rfc4251string agent_answer{agent};
+ //return rfc4251::string{agent};
+ rfc4251::string agent_answer{agent};
io::stream<io::array_source> agent_answer_iss{agent_answer.data(), agent_answer.size()};
arm(agent_answer_iss);
- rfc4251byte answer_code{agent_answer_iss};
- rfc4251uint32 keycount{agent_answer_iss};
+ rfc4251::byte answer_code{agent_answer_iss};
+ rfc4251::uint32 keycount{agent_answer_iss};
if (answer_code != SSH2_AGENT_IDENTITIES_ANSWER)
throw runtime_error{"unexpected answer from ssh-agent"};
- vector<pair<rfc4251string, rfc4251string>> keys;
+ vector<pair<rfc4251::string, rfc4251::string>> keys;
for (uint32_t i = keycount; i; --i) {
- rfc4251string key{agent_answer_iss};
- rfc4251string comment{agent_answer_iss};
+ rfc4251::string key{agent_answer_iss};
+ rfc4251::string comment{agent_answer_iss};
if (allowed_pubkeys.count(key) or confirmed_pubkeys.count(key))
- keys.emplace_back(move(key), move(comment));
+ keys.emplace_back(std::move(key), std::move(comment));
}
- answer << answer_code << rfc4251uint32{static_cast<uint32_t>(keys.size())};
+ answer << answer_code << rfc4251::uint32{static_cast<uint32_t>(keys.size())};
for (auto const & k : keys)
answer << k.first << k.second;
}
break;
case SSH2_AGENTC_SIGN_REQUEST:
{
- rfc4251string key{request};
- rfc4251string data{request};
- rfc4251uint32 flags{request};
+ rfc4251::string key{request};
+ rfc4251::string data{request};
+ rfc4251::uint32 flags{request};
bool allow{false};
if (allowed_pubkeys.count(key))
@@ -460,21 +458,21 @@ rfc4251string handle_request (rfc4251string const & r) {
if (allow) {
io::stream<io::file_descriptor> agent{make_upstream_agent_conn(), io::close_handle};
arm(agent);
- rfc4251string agent_answer;
+ rfc4251::string agent_answer;
agent << r;
- return rfc4251string{agent};
+ return rfc4251::string{agent};
} else
- answer << rfc4251byte{SSH_AGENT_FAILURE};
+ answer << rfc4251::byte{SSH_AGENT_FAILURE};
}
break;
case SSH_AGENTC_REQUEST_RSA_IDENTITIES:
- answer << rfc4251byte{SSH_AGENT_RSA_IDENTITIES_ANSWER};
+ answer << rfc4251::byte{SSH_AGENT_RSA_IDENTITIES_ANSWER};
// we got no SSHv1 keys
- answer << rfc4251uint32{0};
+ answer << rfc4251::uint32{0};
break;
case SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES:
- answer << rfc4251byte{SSH_AGENT_SUCCESS};
+ answer << rfc4251::byte{SSH_AGENT_SUCCESS};
break;
case SSH_AGENTC_RSA_CHALLENGE:
case SSH_AGENTC_ADD_RSA_IDENTITY:
@@ -490,7 +488,7 @@ rfc4251string handle_request (rfc4251string const & r) {
case SSH_AGENTC_UNLOCK:
case SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED:
default:
- answer << rfc4251byte{SSH_AGENT_FAILURE};
+ answer << rfc4251::byte{SSH_AGENT_FAILURE};
break;
}
@@ -503,7 +501,7 @@ void handle_client (int const sock) try {
arm(client);
for (;;)
- client << handle_request(rfc4251string{client}) << flush;
+ client << handle_request(rfc4251::string{client}) << flush;
} catch (...) {
}
diff --git a/version.h b/version.h
index 70a2285..d36b567 100644
--- a/version.h
+++ b/version.h
@@ -1 +1 @@
-#define SSH_AGENT_FILTER_VERSION "ssh-agent-filter 0.4"
+#define SSH_AGENT_FILTER_VERSION "ssh-agent-filter 0.4.1"