Improve auto public key authentication.
git-svn-id: svn+ssh://svn.berlios.de/svnroot/repos/libssh/trunk@636 7dcaeef0-15fb-0310-b436-a5af3365683c
Этот коммит содержится в:
родитель
9f7d4d2d60
Коммит
2c75ad7e19
@ -82,6 +82,7 @@ typedef struct channel_struct CHANNEL;
|
|||||||
typedef struct agent_struct AGENT;
|
typedef struct agent_struct AGENT;
|
||||||
typedef struct ssh_session SSH_SESSION;
|
typedef struct ssh_session SSH_SESSION;
|
||||||
typedef struct ssh_kbdint SSH_KBDINT;
|
typedef struct ssh_kbdint SSH_KBDINT;
|
||||||
|
struct keys_struct;
|
||||||
|
|
||||||
/* integer values */
|
/* integer values */
|
||||||
typedef uint32_t u32;
|
typedef uint32_t u32;
|
||||||
@ -255,8 +256,9 @@ PUBLIC_KEY *publickey_from_privatekey(PRIVATE_KEY *prv);
|
|||||||
void privatekey_free(PRIVATE_KEY *prv);
|
void privatekey_free(PRIVATE_KEY *prv);
|
||||||
STRING *publickey_from_file(SSH_SESSION *session, const char *filename,
|
STRING *publickey_from_file(SSH_SESSION *session, const char *filename,
|
||||||
int *type);
|
int *type);
|
||||||
STRING *publickey_from_next_file(SSH_SESSION *session, const char **pub_keys_path,
|
STRING *publickey_from_next_file(SSH_SESSION *session,
|
||||||
const char **keys_path, char **privkeyfile, int *type, int *count);
|
struct keys_struct *keytab, size_t keytab_size,
|
||||||
|
char **privkeyfile, int *type, unsigned int *count);
|
||||||
int ssh_is_server_known(SSH_SESSION *session);
|
int ssh_is_server_known(SSH_SESSION *session);
|
||||||
int ssh_write_knownhost(SSH_SESSION *session);
|
int ssh_write_knownhost(SSH_SESSION *session);
|
||||||
|
|
||||||
|
@ -299,6 +299,11 @@ struct agent_struct {
|
|||||||
unsigned int count;
|
unsigned int count;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
struct keys_struct {
|
||||||
|
const char *private;
|
||||||
|
const char *public;
|
||||||
|
};
|
||||||
|
|
||||||
struct ssh_session {
|
struct ssh_session {
|
||||||
struct error_struct error;
|
struct error_struct error;
|
||||||
struct socket *socket;
|
struct socket *socket;
|
||||||
@ -719,6 +724,9 @@ int match_hostname(const char *host, const char *pattern, unsigned int len);
|
|||||||
/** Zero a structure given a pointer to the structure */
|
/** Zero a structure given a pointer to the structure */
|
||||||
#define ZERO_STRUCTP(x) do { if ((x) != NULL) memset((char *)(x), 0, sizeof(*(x))); } while(0)
|
#define ZERO_STRUCTP(x) do { if ((x) != NULL) memset((char *)(x), 0, sizeof(*(x))); } while(0)
|
||||||
|
|
||||||
|
/** Get the size of an array */
|
||||||
|
#define ARRAY_SIZE(a) (sizeof(a)/sizeof(a[0]))
|
||||||
|
|
||||||
#ifdef HAVE_LIBGCRYPT
|
#ifdef HAVE_LIBGCRYPT
|
||||||
/* gcrypt_missing.c */
|
/* gcrypt_missing.c */
|
||||||
int my_gcry_dec2bn(bignum *bn, const char *data);
|
int my_gcry_dec2bn(bignum *bn, const char *data);
|
||||||
|
396
libssh/auth.c
396
libssh/auth.c
@ -687,224 +687,242 @@ error:
|
|||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
static const char *keys_path[] = {
|
static struct keys_struct keytab[] = {
|
||||||
NULL,
|
{
|
||||||
"%s/.ssh/identity",
|
.private = "%s/.ssh/identity",
|
||||||
"%s/.ssh/id_dsa",
|
.public = "%s/.ssh/identity.pub"
|
||||||
"%s/.ssh/id_rsa",
|
},
|
||||||
NULL
|
{
|
||||||
};
|
.private = "%s/.ssh/id_dsa",
|
||||||
|
.public = "%s/.ssh/id_dsa.pub",
|
||||||
static const char *pub_keys_path[] = {
|
},
|
||||||
NULL,
|
{
|
||||||
"%s/.ssh/identity.pub",
|
.private = "%s/.ssh/id_rsa",
|
||||||
"%s/.ssh/id_dsa.pub",
|
.public = "%s/.ssh/id_rsa.pub",
|
||||||
"%s/.ssh/id_rsa.pub",
|
},
|
||||||
NULL
|
{
|
||||||
|
.private = NULL,
|
||||||
|
.public = NULL
|
||||||
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
/* this function initialy was in the client */
|
/* this function initialy was in the client */
|
||||||
/* but the fools are the ones who never change mind */
|
/* but the fools are the ones who never change mind */
|
||||||
|
|
||||||
/** it may fail, for instance it doesn't ask for a password and uses a default
|
/**
|
||||||
* asker for passphrases (in case the private key is encrypted)
|
* @brief Tries to automaticaly authenticate with public key and "none"
|
||||||
* \brief Tries to automaticaly authenticate with public key and "none"
|
*
|
||||||
* \param session ssh session
|
* It may fail, for instance it doesn't ask for a password and uses a default
|
||||||
* \param passphrase use this passphrase to unlock the privatekey. Use
|
* asker for passphrases (in case the private key is encrypted).
|
||||||
* NULL if you don't want to use a passphrase or the
|
*
|
||||||
* user should be asked.
|
* @param session The ssh session to authenticate with.
|
||||||
* \returns SSH_AUTH_ERROR : a serious error happened\n
|
*
|
||||||
* SSH_AUTH_DENIED : Authentication failed : use another method\n
|
* @param passphrase Use this passphrase to unlock the privatekey. Use NULL
|
||||||
* SSH_AUTH_PARTIAL : You've been partially authenticated, you still have to use another method\n
|
* if you don't want to use a passphrase or the user
|
||||||
* SSH_AUTH_SUCCESS : Authentication success
|
* should be asked.
|
||||||
* \see ssh_userauth_kbdint()
|
*
|
||||||
* \see ssh_userauth_password()
|
* @returns SSH_AUTH_ERROR: A serious error happened\n
|
||||||
* \see ssh_options_set_identity()
|
* SSH_AUTH_DENIED: Authentication failed: use another method\n
|
||||||
|
* SSH_AUTH_PARTIAL: You've been partially authenticated, you still
|
||||||
|
* have to use another method\n
|
||||||
|
* SSH_AUTH_SUCCESS: Authentication success
|
||||||
|
*
|
||||||
|
* @see ssh_userauth_kbdint()
|
||||||
|
* @see ssh_userauth_password()
|
||||||
|
* @see ssh_options_set_identity()
|
||||||
*/
|
*/
|
||||||
|
|
||||||
int ssh_userauth_autopubkey(SSH_SESSION *session, const char *passphrase) {
|
int ssh_userauth_autopubkey(SSH_SESSION *session, const char *passphrase) {
|
||||||
int count=1; /* bypass identity */
|
struct public_key_struct *publickey;
|
||||||
int type=0;
|
STRING *pubkey;
|
||||||
int err;
|
PRIVATE_KEY *privkey;
|
||||||
STRING *pubkey;
|
char *privkeyfile = NULL;
|
||||||
struct public_key_struct *publickey;
|
char *id = NULL;
|
||||||
char *privkeyfile=NULL;
|
size_t size;
|
||||||
PRIVATE_KEY *privkey;
|
unsigned int count = 0;
|
||||||
char *id = NULL;
|
int type = 0;
|
||||||
|
int rc;
|
||||||
|
|
||||||
enter_function();
|
enter_function();
|
||||||
|
|
||||||
// always testing none
|
/* Always test none authentication */
|
||||||
err=ssh_userauth_none(session,NULL);
|
rc = ssh_userauth_none(session, NULL);
|
||||||
if(err==SSH_AUTH_ERROR || err==SSH_AUTH_SUCCESS){
|
if (rc == SSH_AUTH_ERROR || rc == SSH_AUTH_SUCCESS) {
|
||||||
leave_function();
|
leave_function();
|
||||||
return err;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* try ssh-agent keys first */
|
/* Try authentication with ssh-agent first */
|
||||||
#ifndef _WIN32
|
#ifndef _WIN32
|
||||||
if (agent_is_running(session)) {
|
if (agent_is_running(session)) {
|
||||||
ssh_log(session, SSH_LOG_RARE,
|
ssh_log(session, SSH_LOG_RARE,
|
||||||
"Trying to authenticate with SSH agent keys");
|
"Trying to authenticate with SSH agent keys");
|
||||||
|
|
||||||
for (publickey = agent_get_first_ident(session, &privkeyfile);
|
for (publickey = agent_get_first_ident(session, &privkeyfile);
|
||||||
publickey != NULL;
|
publickey != NULL;
|
||||||
publickey = agent_get_next_ident(session, &privkeyfile)) {
|
publickey = agent_get_next_ident(session, &privkeyfile)) {
|
||||||
|
|
||||||
ssh_log(session, SSH_LOG_RARE, "Trying identity %s", privkeyfile);
|
ssh_log(session, SSH_LOG_RARE, "Trying identity %s", privkeyfile);
|
||||||
|
|
||||||
pubkey = publickey_to_string(publickey);
|
pubkey = publickey_to_string(publickey);
|
||||||
if (pubkey) {
|
if (pubkey) {
|
||||||
err = ssh_userauth_offer_pubkey(session, NULL, publickey->type, pubkey);
|
rc = ssh_userauth_offer_pubkey(session, NULL, publickey->type, pubkey);
|
||||||
string_free(pubkey);
|
string_free(pubkey);
|
||||||
if (err == SSH_AUTH_ERROR) {
|
if (rc == SSH_AUTH_ERROR) {
|
||||||
SAFE_FREE(id);
|
|
||||||
SAFE_FREE(privkeyfile);
|
|
||||||
publickey_free(publickey);
|
|
||||||
leave_function();
|
|
||||||
|
|
||||||
return err;
|
|
||||||
} else if (err != SSH_AUTH_SUCCESS) {
|
|
||||||
ssh_log(session, SSH_LOG_PACKET, "Public key refused by server\n");
|
|
||||||
SAFE_FREE(id);
|
|
||||||
SAFE_FREE(privkeyfile);
|
|
||||||
publickey_free(publickey);
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
ssh_log(session, SSH_LOG_RARE, "Public key accepted");
|
|
||||||
/* pubkey accepted by server ! */
|
|
||||||
err = ssh_userauth_agent_pubkey(session, NULL, publickey);
|
|
||||||
if (err == SSH_AUTH_ERROR) {
|
|
||||||
SAFE_FREE(id);
|
|
||||||
SAFE_FREE(privkeyfile);
|
|
||||||
publickey_free(publickey);
|
|
||||||
leave_function();
|
|
||||||
|
|
||||||
return err;
|
|
||||||
} else if (err != SSH_AUTH_SUCCESS) {
|
|
||||||
ssh_log(session, SSH_LOG_RARE,
|
|
||||||
"Server accepted public key but refused the signature\n"
|
|
||||||
"It might be a bug of libssh\n");
|
|
||||||
SAFE_FREE(id);
|
|
||||||
SAFE_FREE(privkeyfile);
|
|
||||||
publickey_free(publickey);
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
/* auth success */
|
|
||||||
ssh_log(session, SSH_LOG_RARE, "Authentication using %s success\n",
|
|
||||||
privkeyfile);
|
|
||||||
SAFE_FREE(id);
|
SAFE_FREE(id);
|
||||||
SAFE_FREE(privkeyfile);
|
SAFE_FREE(privkeyfile);
|
||||||
publickey_free(publickey);
|
publickey_free(publickey);
|
||||||
|
|
||||||
leave_function();
|
leave_function();
|
||||||
|
|
||||||
return SSH_AUTH_SUCCESS;
|
return rc;
|
||||||
} /* if pubkey */
|
} else if (rc != SSH_AUTH_SUCCESS) {
|
||||||
|
ssh_log(session, SSH_LOG_PACKET, "Public key refused by server\n");
|
||||||
|
SAFE_FREE(id);
|
||||||
|
SAFE_FREE(privkeyfile);
|
||||||
|
publickey_free(publickey);
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
ssh_log(session, SSH_LOG_RARE, "Public key accepted");
|
||||||
|
/* pubkey accepted by server ! */
|
||||||
|
rc = ssh_userauth_agent_pubkey(session, NULL, publickey);
|
||||||
|
if (rc == SSH_AUTH_ERROR) {
|
||||||
|
SAFE_FREE(id);
|
||||||
|
SAFE_FREE(privkeyfile);
|
||||||
|
publickey_free(publickey);
|
||||||
|
leave_function();
|
||||||
|
|
||||||
|
return rc;
|
||||||
|
} else if (rc != SSH_AUTH_SUCCESS) {
|
||||||
|
ssh_log(session, SSH_LOG_RARE,
|
||||||
|
"Server accepted public key but refused the signature\n"
|
||||||
|
"It might be a bug of libssh\n");
|
||||||
|
SAFE_FREE(id);
|
||||||
|
SAFE_FREE(privkeyfile);
|
||||||
|
publickey_free(publickey);
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
/* auth success */
|
||||||
|
ssh_log(session, SSH_LOG_RARE, "Authentication using %s success\n",
|
||||||
|
privkeyfile);
|
||||||
SAFE_FREE(id);
|
SAFE_FREE(id);
|
||||||
SAFE_FREE(privkeyfile);
|
SAFE_FREE(privkeyfile);
|
||||||
publickey_free(publickey);
|
publickey_free(publickey);
|
||||||
} /* for each privkey */
|
|
||||||
} /* if agent is running */
|
leave_function();
|
||||||
|
|
||||||
|
return SSH_AUTH_SUCCESS;
|
||||||
|
} /* if pubkey */
|
||||||
|
SAFE_FREE(id);
|
||||||
|
SAFE_FREE(privkeyfile);
|
||||||
|
publickey_free(publickey);
|
||||||
|
} /* for each privkey */
|
||||||
|
} /* if agent is running */
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if(session->options->identity){
|
size = ARRAY_SIZE(keytab);
|
||||||
ssh_log(session, SSH_LOG_RARE,
|
if (session->options->identity) {
|
||||||
"Trying identity file %s\n", session->options->identity);
|
ssh_log(session, SSH_LOG_RARE,
|
||||||
keys_path[0]=session->options->identity;
|
"Trying identity file %s\n", session->options->identity);
|
||||||
/* let's hope alloca exists */
|
|
||||||
id=malloc(strlen(session->options->identity)+1 + 4);
|
id = malloc(strlen(session->options->identity) + 1 + 4);
|
||||||
if (id == NULL) {
|
if (id == NULL) {
|
||||||
keys_path[0] = NULL;
|
leave_function();
|
||||||
leave_function();
|
return SSH_AUTH_ERROR;
|
||||||
return SSH_AUTH_ERROR;
|
|
||||||
}
|
|
||||||
sprintf(id,"%s.pub",session->options->identity);
|
|
||||||
pub_keys_path[0]=id;
|
|
||||||
count =0;
|
|
||||||
}
|
}
|
||||||
while((pubkey=publickey_from_next_file(session,pub_keys_path,keys_path, &privkeyfile,&type,&count))){
|
sprintf(id, "%s.pub", session->options->identity);
|
||||||
err=ssh_userauth_offer_pubkey(session,NULL,type,pubkey);
|
|
||||||
if(err==SSH_AUTH_ERROR){
|
keytab[size - 1].private = session->options->identity;
|
||||||
if(id){
|
keytab[size - 1].public = id;
|
||||||
pub_keys_path[0]=NULL;
|
}
|
||||||
keys_path[0]=NULL;
|
|
||||||
free(id);
|
while ((pubkey = publickey_from_next_file(session, keytab, size,
|
||||||
}
|
&privkeyfile, &type, &count))) {
|
||||||
free(pubkey);
|
rc = ssh_userauth_offer_pubkey(session, NULL, type, pubkey);
|
||||||
free(privkeyfile);
|
if (rc == SSH_AUTH_ERROR){
|
||||||
leave_function();
|
if (id != NULL) {
|
||||||
return err;
|
keytab[size - 1].private = NULL;
|
||||||
} else
|
keytab[size - 1].public = NULL;
|
||||||
if(err != SSH_AUTH_SUCCESS){
|
SAFE_FREE(id);
|
||||||
ssh_log(session, SSH_LOG_RARE, "Public key refused by server\n");
|
}
|
||||||
free(pubkey);
|
string_free(pubkey);
|
||||||
pubkey=NULL;
|
SAFE_FREE(privkeyfile);
|
||||||
free(privkeyfile);
|
leave_function();
|
||||||
privkeyfile=NULL;
|
return rc;
|
||||||
continue;
|
} else {
|
||||||
}
|
if (rc != SSH_AUTH_SUCCESS){
|
||||||
/* pubkey accepted by server ! */
|
ssh_log(session, SSH_LOG_RARE, "Public key refused by server");
|
||||||
privkey=privatekey_from_file(session,privkeyfile,type,passphrase);
|
string_free(pubkey);
|
||||||
if(!privkey){
|
pubkey = NULL;
|
||||||
ssh_log(session, SSH_LOG_FUNCTIONS,
|
SAFE_FREE(privkeyfile);
|
||||||
"Reading private key %s failed (bad passphrase ?)\n",
|
privkeyfile = NULL;
|
||||||
privkeyfile);
|
continue;
|
||||||
free(pubkey);
|
}
|
||||||
pubkey=NULL;
|
}
|
||||||
free(privkeyfile);
|
|
||||||
privkeyfile=NULL;
|
/* Public key accepted by server! */
|
||||||
continue; /* continue the loop with other pubkey */
|
privkey = privatekey_from_file(session, privkeyfile, type, passphrase);
|
||||||
}
|
if (privkey == NULL) {
|
||||||
err=ssh_userauth_pubkey(session,NULL,pubkey,privkey);
|
ssh_log(session, SSH_LOG_FUNCTIONS,
|
||||||
if(err==SSH_AUTH_ERROR){
|
"Reading private key %s failed (bad passphrase ?)",
|
||||||
if(id){
|
privkeyfile);
|
||||||
pub_keys_path[0]=NULL;
|
string_free(pubkey);
|
||||||
keys_path[0]=NULL;
|
pubkey = NULL;
|
||||||
free(id);
|
SAFE_FREE(privkeyfile);
|
||||||
}
|
privkeyfile = NULL;
|
||||||
free(pubkey);
|
continue; /* continue the loop with other pubkey */
|
||||||
free(privkeyfile);
|
}
|
||||||
privatekey_free(privkey);
|
|
||||||
leave_function();
|
rc = ssh_userauth_pubkey(session, NULL, pubkey, privkey);
|
||||||
return err;
|
if (rc == SSH_AUTH_ERROR) {
|
||||||
} else
|
if (id != NULL) {
|
||||||
if(err != SSH_AUTH_SUCCESS){
|
keytab[size - 1].private = NULL;
|
||||||
ssh_log(session, SSH_LOG_FUNCTIONS,
|
keytab[size - 1].public = NULL;
|
||||||
"Weird : server accepted our public key but refused the signature\n"
|
SAFE_FREE(id);
|
||||||
"it might be a bug of libssh\n");
|
}
|
||||||
free(pubkey);
|
string_free(pubkey);
|
||||||
pubkey=NULL;
|
SAFE_FREE(privkeyfile);
|
||||||
free(privkeyfile);
|
privatekey_free(privkey);
|
||||||
privkeyfile=NULL;
|
leave_function();
|
||||||
privatekey_free(privkey);
|
return rc;
|
||||||
continue;
|
} else {
|
||||||
}
|
if (rc != SSH_AUTH_SUCCESS){
|
||||||
/* auth success */
|
ssh_log(session, SSH_LOG_FUNCTIONS,
|
||||||
ssh_log(session, SSH_LOG_RARE,
|
"The server accepted the public key but refused the signature");
|
||||||
"Authentication using %s success\n", privkeyfile);
|
string_free(pubkey);
|
||||||
free(pubkey);
|
pubkey = NULL;
|
||||||
|
SAFE_FREE(privkeyfile);
|
||||||
|
privkeyfile = NULL;
|
||||||
privatekey_free(privkey);
|
privatekey_free(privkey);
|
||||||
free(privkeyfile);
|
continue;
|
||||||
if(id){
|
}
|
||||||
pub_keys_path[0]=NULL;
|
|
||||||
keys_path[0]=NULL;
|
|
||||||
free(id);
|
|
||||||
}
|
|
||||||
leave_function();
|
|
||||||
return SSH_AUTH_SUCCESS;
|
|
||||||
}
|
}
|
||||||
/* at this point, pubkey is NULL and so is privkeyfile */
|
|
||||||
ssh_log(session, SSH_LOG_FUNCTIONS,
|
/* auth success */
|
||||||
"Tried every public key, none matched\n");
|
ssh_log(session, SSH_LOG_RARE,
|
||||||
ssh_set_error(session,SSH_NO_ERROR,"no public key matched");
|
"Successfully authenticated using %s", privkeyfile);
|
||||||
if(id){
|
string_free(pubkey);
|
||||||
pub_keys_path[0]=NULL;
|
privatekey_free(privkey);
|
||||||
keys_path[0]=NULL;
|
SAFE_FREE(privkeyfile);
|
||||||
free(id);
|
if (id != NULL) {
|
||||||
|
keytab[size - 1].private = NULL;
|
||||||
|
keytab[size - 1].public = NULL;
|
||||||
|
SAFE_FREE(id);
|
||||||
}
|
}
|
||||||
|
|
||||||
leave_function();
|
leave_function();
|
||||||
return SSH_AUTH_DENIED;
|
return SSH_AUTH_SUCCESS;
|
||||||
|
}
|
||||||
|
/* at this point, pubkey is NULL and so is privkeyfile */
|
||||||
|
ssh_log(session, SSH_LOG_FUNCTIONS,
|
||||||
|
"Tried every public key, none matched");
|
||||||
|
ssh_set_error(session,SSH_NO_ERROR,"No public key matched");
|
||||||
|
if (id) {
|
||||||
|
keytab[size - 1].private = NULL;
|
||||||
|
keytab[size - 1].public = NULL;
|
||||||
|
SAFE_FREE(id);
|
||||||
|
}
|
||||||
|
|
||||||
|
leave_function();
|
||||||
|
return SSH_AUTH_DENIED;
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct ssh_kbdint *kbdint_new() {
|
static struct ssh_kbdint *kbdint_new() {
|
||||||
|
@ -920,52 +920,92 @@ STRING *publickey_from_file(SSH_SESSION *session, const char *filename,
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* why recursing ? i'll explain. on top, publickey_from_next_file will be executed until NULL returned */
|
/*
|
||||||
/* we can't return null if one of the possible keys is wrong. we must test them before getting over */
|
* Why a recursive function?
|
||||||
STRING *publickey_from_next_file(SSH_SESSION *session, const char **pub_keys_path,
|
*
|
||||||
const char **keys_path, char **privkeyfile, int *type, int *count) {
|
* publickey_from_next_file() will be executed until NULL is returned
|
||||||
static char *home=NULL;
|
* We can't return NULL if one of the possible keys is wrong. We want to
|
||||||
char public[256];
|
* test them before getting over
|
||||||
char private[256];
|
*/
|
||||||
const char *priv;
|
STRING *publickey_from_next_file(SSH_SESSION *session,
|
||||||
const char *pub;
|
struct keys_struct *keytab, size_t keytab_size,
|
||||||
STRING *pubkey;
|
char **privkeyfile, int *type,
|
||||||
if(!home)
|
unsigned int *count) {
|
||||||
home=ssh_get_user_home_dir();
|
static char *home = NULL;
|
||||||
if(home==NULL) {
|
|
||||||
ssh_set_error(session,SSH_FATAL,"User home dir impossible to guess");
|
char public[256] = {0};
|
||||||
return NULL;
|
char private[256] = {0};
|
||||||
|
const char *priv;
|
||||||
|
const char *pub;
|
||||||
|
char *new;
|
||||||
|
STRING *pubkey;
|
||||||
|
|
||||||
|
if (home == NULL) {
|
||||||
|
home = ssh_get_user_home_dir();
|
||||||
|
if (home == NULL) {
|
||||||
|
ssh_set_error(session,SSH_FATAL,"User home dir impossible to guess");
|
||||||
|
return NULL;
|
||||||
}
|
}
|
||||||
ssh_set_error(session,SSH_REQUEST_DENIED,"no public key matched");
|
}
|
||||||
if((pub=pub_keys_path[*count])==NULL)
|
|
||||||
return NULL;
|
if (*count >= keytab_size) {
|
||||||
if((priv=keys_path[*count])==NULL)
|
return NULL;
|
||||||
return NULL;
|
}
|
||||||
++*count;
|
|
||||||
/* are them readable ? */
|
pub = keytab[*count].public;
|
||||||
snprintf(public,256,pub,home);
|
if (pub == NULL) {
|
||||||
ssh_log(session,SSH_LOG_PACKET,"Trying to open public key %s",public);
|
return NULL;
|
||||||
if(!ssh_file_readaccess_ok(public)){
|
}
|
||||||
ssh_log(session,SSH_LOG_PACKET,"Failed");
|
priv = keytab[*count].private;
|
||||||
return publickey_from_next_file(session,pub_keys_path,keys_path,privkeyfile,type,count);
|
if (priv == NULL) {
|
||||||
}
|
return NULL;
|
||||||
snprintf(private,256,priv,home);
|
}
|
||||||
ssh_log(session,SSH_LOG_PACKET,"Trying to open private key %s",private);
|
|
||||||
if(!ssh_file_readaccess_ok(private)){
|
(*count)++;
|
||||||
ssh_log(session,SSH_LOG_PACKET,"Failed");
|
|
||||||
return publickey_from_next_file(session,pub_keys_path,keys_path,privkeyfile,type,count);
|
/* are them readable ? */
|
||||||
}
|
snprintf(public, sizeof(public), pub, home);
|
||||||
ssh_log(session,SSH_LOG_PACKET,"Success reading public and private key");
|
ssh_log(session, SSH_LOG_PACKET, "Trying to open public key %s", public);
|
||||||
/* ok, we are sure both the priv8 and public key files are readable : we return the public one as a string,
|
if (!ssh_file_readaccess_ok(public)) {
|
||||||
and the private filename in arguments */
|
ssh_log(session, SSH_LOG_PACKET, "Failed");
|
||||||
pubkey=publickey_from_file(session,public,type);
|
return publickey_from_next_file(session, keytab, keytab_size,
|
||||||
if(!pubkey){
|
privkeyfile, type, count);
|
||||||
ssh_log(session,SSH_LOG_PACKET,"Wasn't able to open public key file %s : %s",public,ssh_get_error(session));
|
}
|
||||||
return publickey_from_next_file(session,pub_keys_path,keys_path,privkeyfile,type,count);
|
|
||||||
}
|
snprintf(private, sizeof(private), priv, home);
|
||||||
*privkeyfile=realloc(*privkeyfile,strlen(private)+1);
|
ssh_log(session, SSH_LOG_PACKET, "Trying to open private key %s", private);
|
||||||
strcpy(*privkeyfile,private);
|
if (!ssh_file_readaccess_ok(private)) {
|
||||||
return pubkey;
|
ssh_log(session, SSH_LOG_PACKET, "Failed");
|
||||||
|
return publickey_from_next_file(session, keytab, keytab_size,
|
||||||
|
privkeyfile, type, count);
|
||||||
|
}
|
||||||
|
|
||||||
|
ssh_log(session, SSH_LOG_PACKET, "Success reading public and private key");
|
||||||
|
|
||||||
|
/*
|
||||||
|
* We are sure both the private and public key file is readable. We return
|
||||||
|
* the public as a string, and the private filename as an argument
|
||||||
|
*/
|
||||||
|
pubkey = publickey_from_file(session, public, type);
|
||||||
|
if (pubkey == NULL) {
|
||||||
|
ssh_log(session, SSH_LOG_PACKET,
|
||||||
|
"Wasn't able to open public key file %s: %s",
|
||||||
|
public,
|
||||||
|
ssh_get_error(session));
|
||||||
|
return publickey_from_next_file(session, keytab, keytab_size,
|
||||||
|
privkeyfile, type, count);
|
||||||
|
}
|
||||||
|
|
||||||
|
new = realloc(*privkeyfile, strlen(private) + 1);
|
||||||
|
if (new == NULL) {
|
||||||
|
string_free(pubkey);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
strcpy(new, private);
|
||||||
|
*privkeyfile = new;
|
||||||
|
|
||||||
|
return pubkey;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int alldigits(const char *s) {
|
static int alldigits(const char *s) {
|
||||||
|
Загрузка…
Ссылка в новой задаче
Block a user