upstream: authfd: add function to check if key is in agent

This commit adds a helper function which allows the caller to
check if a given public key is present in ssh-agent.

work by Sebastian Kinne; ok markus@

OpenBSD-Commit-ID: d43c5826353e1fdc1af71eb42961b30782c7bd13
This commit is contained in:
djm@openbsd.org 2019-09-03 08:29:15 +00:00 committed by Damien Miller
parent 2ab5a84648
commit 06af3583f4
2 changed files with 29 additions and 2 deletions

View File

@ -1,4 +1,4 @@
/* $OpenBSD: authfd.c,v 1.116 2019/09/03 08:28:30 djm Exp $ */
/* $OpenBSD: authfd.c,v 1.117 2019/09/03 08:29:15 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -317,6 +317,32 @@ ssh_free_identitylist(struct ssh_identitylist *idl)
free(idl);
}
/*
* Check if the ssh agent has a given key.
* Returns 0 if found, or a negative SSH_ERR_* error code on failure.
*/
int
ssh_agent_has_key(int sock, struct sshkey *key)
{
int r, ret = SSH_ERR_KEY_NOT_FOUND;
size_t i;
struct ssh_identitylist *idlist = NULL;
if ((r = ssh_fetch_identitylist(sock, &idlist)) < 0) {
return r;
}
for (i = 0; i < idlist->nkeys; i++) {
if (sshkey_equal_public(idlist->keys[i], key)) {
ret = 0;
break;
}
}
ssh_free_identitylist(idlist);
return ret;
}
/*
* Sends a challenge (typically from a server via ssh(1)) to the agent,
* and waits for a response from the agent.

View File

@ -1,4 +1,4 @@
/* $OpenBSD: authfd.h,v 1.45 2019/06/21 04:21:04 djm Exp $ */
/* $OpenBSD: authfd.h,v 1.46 2019/09/03 08:29:15 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -31,6 +31,7 @@ int ssh_fetch_identitylist(int sock, struct ssh_identitylist **idlp);
void ssh_free_identitylist(struct ssh_identitylist *idl);
int ssh_add_identity_constrained(int sock, struct sshkey *key,
const char *comment, u_int life, u_int confirm, u_int maxsign);
int ssh_agent_has_key(int sock, struct sshkey *key);
int ssh_remove_identity(int sock, struct sshkey *key);
int ssh_update_card(int sock, int add, const char *reader_id,
const char *pin, u_int life, u_int confirm);