!33 agent支持rsa-sha2，修复libssh2使用agent登录sshd失败的问题

From: @renmingshuai Reviewed-by: @seuzw Signed-off-by: @seuzw
2023-02-16 03:49:05 +00:00 · 2023-02-16 03:49:05 +00:00 · 99c0b207e8
commit 99c0b207e8
parent 15873ea1f5 5758f88d2c
2 changed files with 72 additions and 2 deletions
--- a/backport-Support-rsa-sha2-agent-flags.patch
+++ b/backport-Support-rsa-sha2-agent-flags.patch
@ -0,0 +1,63 @@
+From 50a1262772fd9cdbdd8f747958e42ef480aecb2b Mon Sep 17 00:00:00 2001
+From: Ian Hattendorf <ian@ianhattendorf.com>
+Date: Thu, 13 Jan 2022 16:05:53 -0700
+Subject: [PATCH] Support rsa-sha2 agent flags (#661)
+
+File: agent.c
+Notes: implements rsa-sha2 flags used to tell the agent which signing algo to use.
+ https://tools.ietf.org/id/draft-miller-ssh-agent-01.html#rfc.section.4.5.1
+
+Credit:
+Ian Hattendorf
+Conflict:NA
+Reference:https://github.com/libssh2/commit/50a1262772fd9cdbdd8f747958e42ef480aecb2b
+---
+ src/agent.c | 18 +++++++++++++++++-
+ 1 file changed, 17 insertions(+), 1 deletion(-)
+
+diff --git a/src/agent.c b/src/agent.c
+index a526c77..bce7175 100644
+--- a/src/agent.c
+++ b/src/agent.c
+@@ -94,6 +94,10 @@
+ #define SSH_AGENT_CONSTRAIN_LIFETIME 1
+ #define SSH_AGENT_CONSTRAIN_CONFIRM 2
+ 
+/* Signature request methods */
+#define SSH_AGENT_RSA_SHA2_256 2
+#define SSH_AGENT_RSA_SHA2_512 4
+
+ #ifdef PF_UNIX
+ static int
+ agent_connect_unix(LIBSSH2_AGENT *agent)
+@@ -375,6 +379,7 @@ agent_sign(LIBSSH2_SESSION *session, unsigned char **sig, size_t *sig_len,
+     ssize_t method_len;
+     unsigned char *s;
+     int rc;
+    uint32_t sign_flags = 0;
+ 
+     /* Create a request to sign the data */
+     if(transctx->state == agent_NB_state_init) {
+@@ -391,7 +396,18 @@ agent_sign(LIBSSH2_SESSION *session, unsigned char **sig, size_t *sig_len,
+         _libssh2_store_str(&s, (const char *)data, data_len);
+ 
+         /* flags */
+-        _libssh2_store_u32(&s, 0);
+        if(session->userauth_pblc_method_len > 0 &&
+            session->userauth_pblc_method) {
+            if(session->userauth_pblc_method_len == 12 &&
+                !memcmp(session->userauth_pblc_method, "rsa-sha2-512", 12)) {
+                sign_flags = SSH_AGENT_RSA_SHA2_512;
+            }
+            else if(session->userauth_pblc_method_len == 12 &&
+                !memcmp(session->userauth_pblc_method, "rsa-sha2-256", 12)) {
+                sign_flags = SSH_AGENT_RSA_SHA2_256;
+            }
+        }
+        _libssh2_store_u32(&s, sign_flags);
+ 
+         transctx->request_len = s - transctx->request;
+         transctx->send_recv_total = 0;
+-- 
+2.23.0
+
--- a/libssh2.spec
+++ b/libssh2.spec
@ -1,6 +1,6 @@
 Name:		libssh2
 Version:	1.10.0
-Release:	4
+Release:	5
 Summary:	A library implementing the SSH2 protocol
 License:	BSD
 URL:		https://www.libssh2.org/
@ -8,7 +8,8 @@ Source0:	https://libssh2.org/download/libssh2-%{version}.tar.gz

 Patch0:		backport-RSA-SHA2-256-512-key-upgrade-support-RFC-8332.patch
 Patch1:		backport-misc-libssh2_copy_string-avoid-malloc-zero-bytes.patch
-Patch2:         sftp-Prevent-files-from-being-skipped-if-the-output.patch
+Patch2:		sftp-Prevent-files-from-being-skipped-if-the-output.patch
+Patch3:		backport-Support-rsa-sha2-agent-flags.patch

 BuildRequires:	coreutils findutils /usr/bin/man zlib-devel
 BuildRequires:	gcc make sed openssl-devel > 1:1.0.1 openssh-server
@ -88,6 +89,12 @@ LC_ALL=en_US.UTF-8 make -C tests check
 %{_mandir}/man3/libssh2_*.3*

 %changelog
+* Thu Feb 16 2023 renmingshuai <renmingshuai> - 1.10.0-5
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:Support rsa-sha2 agent flags
+
 * Mon Oct 17 2022 zhangjun <zhangjun@kylinos.cn> - 1.10.0-4
 - Type:bugfix
 - ID:NA