From 3e371bd2124427403971db853fb2e36ce789b6fd Mon Sep 17 00:00:00 2001
From: "naddy@openbsd.org" <naddy@openbsd.org>
Date: Fri, 5 May 2017 10:42:49 +0000
Subject: [PATCH] upstream commit

more simplification and removal of SSHv1-related code;
ok djm@

Upstream-ID: d2f041aa0b79c0ebd98c68a01e5a0bfab2cf3b55
---
 authfd.c      | 46 +++++++++++---------------------------
 authfd.h      |  5 ++---
 pathnames.h   |  3 +--
 ssh-add.c     | 62 +++++++++++++++++++++------------------------------
 sshconnect2.c |  4 ++--
 5 files changed, 44 insertions(+), 76 deletions(-)

diff --git a/authfd.c b/authfd.c
index ea664a167..8486e28b3 100644
--- a/authfd.c
+++ b/authfd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfd.c,v 1.102 2017/05/04 06:10:57 djm Exp $ */
+/* $OpenBSD: authfd.c,v 1.103 2017/05/05 10:42:49 naddy Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -227,35 +227,21 @@ deserialise_identity2(struct sshbuf *ids, struct sshkey **keyp, char **commentp)
  * Fetch list of identities held by the agent.
  */
 int
-ssh_fetch_identitylist(int sock, int version, struct ssh_identitylist **idlp)
+ssh_fetch_identitylist(int sock, struct ssh_identitylist **idlp)
 {
-	u_char type, code1 = 0, code2 = 0;
+	u_char type;
 	u_int32_t num, i;
 	struct sshbuf *msg;
 	struct ssh_identitylist *idl = NULL;
 	int r;
 
-	/* Determine request and expected response types */
-	switch (version) {
-	case 1:
-		code1 = SSH_AGENTC_REQUEST_RSA_IDENTITIES;
-		code2 = SSH_AGENT_RSA_IDENTITIES_ANSWER;
-		break;
-	case 2:
-		code1 = SSH2_AGENTC_REQUEST_IDENTITIES;
-		code2 = SSH2_AGENT_IDENTITIES_ANSWER;
-		break;
-	default:
-		return SSH_ERR_INVALID_ARGUMENT;
-	}
-
 	/*
 	 * Send a message to the agent requesting for a list of the
 	 * identities it can represent.
 	 */
 	if ((msg = sshbuf_new()) == NULL)
 		return SSH_ERR_ALLOC_FAIL;
-	if ((r = sshbuf_put_u8(msg, code1)) != 0)
+	if ((r = sshbuf_put_u8(msg, SSH2_AGENTC_REQUEST_IDENTITIES)) != 0)
 		goto out;
 
 	if ((r = ssh_request_reply(sock, msg, msg)) != 0)
@@ -267,7 +253,7 @@ ssh_fetch_identitylist(int sock, int version, struct ssh_identitylist **idlp)
 	if (agent_failed(type)) {
 		r = SSH_ERR_AGENT_FAILURE;
 		goto out;
-	} else if (type != code2) {
+	} else if (type != SSH2_AGENT_IDENTITIES_ANSWER) {
 		r = SSH_ERR_INVALID_FORMAT;
 		goto out;
 	}
@@ -292,20 +278,14 @@ ssh_fetch_identitylist(int sock, int version, struct ssh_identitylist **idlp)
 		goto out;
 	}
 	for (i = 0; i < num;) {
-		switch (version) {
-		case 1:
-			break;
-		case 2:
-			if ((r = deserialise_identity2(msg,
-			    &(idl->keys[i]), &(idl->comments[i]))) != 0) {
-				if (r == SSH_ERR_KEY_TYPE_UNKNOWN) {
-					/* Gracefully skip unknown key types */
-					num--;
-					continue;
-				} else
-					goto out;
-			}
-			break;
+		if ((r = deserialise_identity2(msg, &(idl->keys[i]),
+		    &(idl->comments[i]))) != 0) {
+			if (r == SSH_ERR_KEY_TYPE_UNKNOWN) {
+				/* Gracefully skip unknown key types */
+				num--;
+				continue;
+			} else
+				goto out;
 		}
 		i++;
 	}
diff --git a/authfd.h b/authfd.h
index 4b417e3f4..0e98331d7 100644
--- a/authfd.h
+++ b/authfd.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfd.h,v 1.39 2015/12/04 16:41:28 markus Exp $ */
+/* $OpenBSD: authfd.h,v 1.40 2017/05/05 10:42:49 naddy Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -27,8 +27,7 @@ int	ssh_get_authentication_socket(int *fdp);
 void	ssh_close_authentication_socket(int sock);
 
 int	ssh_lock_agent(int sock, int lock, const char *password);
-int	ssh_fetch_identitylist(int sock, int version,
-	    struct ssh_identitylist **idlp);
+int	ssh_fetch_identitylist(int sock, struct ssh_identitylist **idlp);
 void	ssh_free_identitylist(struct ssh_identitylist *idl);
 int	ssh_add_identity_constrained(int sock, struct sshkey *key,
 	    const char *comment, u_int life, u_int confirm);
diff --git a/pathnames.h b/pathnames.h
index cff672e2f..1c221b01b 100644
--- a/pathnames.h
+++ b/pathnames.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pathnames.h,v 1.26 2017/05/03 21:08:09 naddy Exp $ */
+/* $OpenBSD: pathnames.h,v 1.27 2017/05/05 10:42:49 naddy Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -71,7 +71,6 @@
  * Name of the default file containing client-side authentication key. This
  * file should only be readable by the user him/herself.
  */
-#define _PATH_SSH_CLIENT_IDENTITY	_PATH_SSH_USER_DIR "/identity"
 #define _PATH_SSH_CLIENT_ID_DSA		_PATH_SSH_USER_DIR "/id_dsa"
 #define _PATH_SSH_CLIENT_ID_ECDSA	_PATH_SSH_USER_DIR "/id_ecdsa"
 #define _PATH_SSH_CLIENT_ID_RSA		_PATH_SSH_USER_DIR "/id_rsa"
diff --git a/ssh-add.c b/ssh-add.c
index 5f62420f9..a1e0d464b 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.130 2017/05/04 06:10:57 djm Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.131 2017/05/05 10:42:49 naddy Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -362,46 +362,36 @@ static int
 list_identities(int agent_fd, int do_fp)
 {
 	char *fp;
-	int r, had_identities = 0;
+	int r;
 	struct ssh_identitylist *idlist;
 	size_t i;
-	int version = 2;
 
-	for (; version <= 2; version++) {
-		if ((r = ssh_fetch_identitylist(agent_fd, version,
-		    &idlist)) != 0) {
-			if (r != SSH_ERR_AGENT_NO_IDENTITIES)
-				fprintf(stderr, "error fetching identities for "
-				    "protocol %d: %s\n", version, ssh_err(r));
-			continue;
-		}
-		for (i = 0; i < idlist->nkeys; i++) {
-			had_identities = 1;
-			if (do_fp) {
-				fp = sshkey_fingerprint(idlist->keys[i],
-				    fingerprint_hash, SSH_FP_DEFAULT);
-				printf("%u %s %s (%s)\n",
-				    sshkey_size(idlist->keys[i]),
-				    fp == NULL ? "(null)" : fp,
-				    idlist->comments[i],
-				    sshkey_type(idlist->keys[i]));
-				free(fp);
-			} else {
-				if ((r = sshkey_write(idlist->keys[i],
-				    stdout)) != 0) {
-					fprintf(stderr, "sshkey_write: %s\n",
-					    ssh_err(r));
-					continue;
-				}
-				fprintf(stdout, " %s\n", idlist->comments[i]);
-			}
-		}
-		ssh_free_identitylist(idlist);
-	}
-	if (!had_identities) {
-		printf("The agent has no identities.\n");
+	if ((r = ssh_fetch_identitylist(agent_fd, &idlist)) != 0) {
+		if (r != SSH_ERR_AGENT_NO_IDENTITIES)
+			fprintf(stderr, "error fetching identities: %s\n",
+			    ssh_err(r));
+		else
+			printf("The agent has no identities.\n");
 		return -1;
 	}
+	for (i = 0; i < idlist->nkeys; i++) {
+		if (do_fp) {
+			fp = sshkey_fingerprint(idlist->keys[i],
+			    fingerprint_hash, SSH_FP_DEFAULT);
+			printf("%u %s %s (%s)\n", sshkey_size(idlist->keys[i]),
+			    fp == NULL ? "(null)" : fp, idlist->comments[i],
+			    sshkey_type(idlist->keys[i]));
+			free(fp);
+		} else {
+			if ((r = sshkey_write(idlist->keys[i], stdout)) != 0) {
+				fprintf(stderr, "sshkey_write: %s\n",
+				    ssh_err(r));
+				continue;
+			}
+			fprintf(stdout, " %s\n", idlist->comments[i]);
+		}
+	}
+	ssh_free_identitylist(idlist);
 	return 0;
 }
 
diff --git a/sshconnect2.c b/sshconnect2.c
index 393353db5..1b79253da 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.257 2017/04/30 23:18:44 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.258 2017/05/05 10:42:49 naddy Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -1345,7 +1345,7 @@ pubkey_prepare(Authctxt *authctxt)
 		if (r != SSH_ERR_AGENT_NOT_PRESENT)
 			debug("%s: ssh_get_authentication_socket: %s",
 			    __func__, ssh_err(r));
-	} else if ((r = ssh_fetch_identitylist(agent_fd, 2, &idlist)) != 0) {
+	} else if ((r = ssh_fetch_identitylist(agent_fd, &idlist)) != 0) {
 		if (r != SSH_ERR_AGENT_NO_IDENTITIES)
 			debug("%s: ssh_fetch_identitylist: %s",
 			    __func__, ssh_err(r));