aboutsummaryrefslogtreecommitdiffstats
path: root/src/com/trilead/ssh2/channel/AuthAgentForwardThread.java
diff options
context:
space:
mode:
Diffstat (limited to 'src/com/trilead/ssh2/channel/AuthAgentForwardThread.java')
-rw-r--r--src/com/trilead/ssh2/channel/AuthAgentForwardThread.java27
1 files changed, 24 insertions, 3 deletions
diff --git a/src/com/trilead/ssh2/channel/AuthAgentForwardThread.java b/src/com/trilead/ssh2/channel/AuthAgentForwardThread.java
index 1c6be84..b4ab108 100644
--- a/src/com/trilead/ssh2/channel/AuthAgentForwardThread.java
+++ b/src/com/trilead/ssh2/channel/AuthAgentForwardThread.java
@@ -129,7 +129,10 @@ public class AuthAgentForwardThread extends Thread implements IChannelWorkerThre
sendIdentities();
break;
case SSH2_AGENTC_ADD_IDENTITY:
- addIdentity(tr);
+ addIdentity(tr, false);
+ break;
+ case SSH2_AGENTC_ADD_ID_CONSTRAINED:
+ addIdentity(tr, true);
break;
case SSH2_AGENTC_REMOVE_IDENTITY:
removeIdentity(tr);
@@ -240,7 +243,7 @@ public class AuthAgentForwardThread extends Thread implements IChannelWorkerThre
/**
* @param tr
*/
- private void addIdentity(TypesReader tr) {
+ private void addIdentity(TypesReader tr, boolean checkConstraints) {
try
{
if (failWhenLocked())
@@ -275,7 +278,25 @@ public class AuthAgentForwardThread extends Thread implements IChannelWorkerThre
return;
}
- if (authAgent.addIdentity(key, comment))
+ boolean confirmUse = false;
+ int lifetime = 0;
+
+ if (checkConstraints) {
+ while (tr.remain() > 0) {
+ int constraint = tr.readByte();
+ if (constraint == SSH_AGENT_CONSTRAIN_CONFIRM)
+ confirmUse = true;
+ else if (constraint == SSH_AGENT_CONSTRAIN_LIFETIME)
+ lifetime = tr.readUINT32();
+ else {
+ // Unknown constraint. Bail.
+ os.write(SSH_AGENT_FAILURE);
+ return;
+ }
+ }
+ }
+
+ if (authAgent.addIdentity(key, comment, confirmUse, lifetime))
os.write(SSH_AGENT_SUCCESS);
else
os.write(SSH_AGENT_FAILURE);
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-10 06:33:52 +0000