1
1

Improve the autopubkey authentication.

git-svn-id: svn+ssh://svn.berlios.de/svnroot/repos/libssh/trunk@658 7dcaeef0-15fb-0310-b436-a5af3365683c
Этот коммит содержится в:
Andreas Schneider 2009-04-30 13:58:20 +00:00
родитель 06a0dea2ad
Коммит 567cc5984a
5 изменённых файлов: 22 добавлений и 33 удалений

Просмотреть файл

@ -256,9 +256,9 @@ PUBLIC_KEY *publickey_from_privatekey(PRIVATE_KEY *prv);
void privatekey_free(PRIVATE_KEY *prv); void privatekey_free(PRIVATE_KEY *prv);
STRING *publickey_from_file(SSH_SESSION *session, const char *filename, STRING *publickey_from_file(SSH_SESSION *session, const char *filename,
int *type); int *type);
STRING *publickey_from_next_file(SSH_SESSION *session, STRING *try_publickey_from_file(SSH_SESSION *session,
struct keys_struct *keytab, size_t keytab_size, struct keys_struct keytab,
char **privkeyfile, int *type, unsigned int *count); char **privkeyfile, int *type);
int ssh_is_server_known(SSH_SESSION *session); int ssh_is_server_known(SSH_SESSION *session);
int ssh_write_knownhost(SSH_SESSION *session); int ssh_write_knownhost(SSH_SESSION *session);

Просмотреть файл

@ -88,6 +88,7 @@ set(libssh_SRCS
socket.c socket.c
string.c string.c
wrapper.c wrapper.c
libssh.map
) )
if (WITH_SFTP) if (WITH_SFTP)

Просмотреть файл

@ -738,7 +738,7 @@ int ssh_userauth_autopubkey(SSH_SESSION *session, const char *passphrase) {
char *privkeyfile = NULL; char *privkeyfile = NULL;
char *id = NULL; char *id = NULL;
size_t size; size_t size;
unsigned int count = 0; unsigned int i = 0;
int type = 0; int type = 0;
int rc; int rc;
@ -834,8 +834,15 @@ int ssh_userauth_autopubkey(SSH_SESSION *session, const char *passphrase) {
keytab[size - 1].public = id; keytab[size - 1].public = id;
} }
while ((pubkey = publickey_from_next_file(session, keytab, size, for (i = 0, pubkey = try_publickey_from_file(session, keytab[i],
&privkeyfile, &type, &count))) { &privkeyfile, &type);
i < size;
pubkey = try_publickey_from_file(session, keytab[++i],
&privkeyfile, &type)) {
if (pubkey == NULL) {
continue;
}
rc = ssh_userauth_offer_pubkey(session, NULL, type, pubkey); rc = ssh_userauth_offer_pubkey(session, NULL, type, pubkey);
if (rc == SSH_AUTH_ERROR){ if (rc == SSH_AUTH_ERROR){
if (id != NULL) { if (id != NULL) {

Просмотреть файл

@ -919,18 +919,8 @@ STRING *publickey_from_file(SSH_SESSION *session, const char *filename,
return str; return str;
} }
STRING *try_publickey_from_file(SSH_SESSION *session, struct keys_struct keytab,
/* char **privkeyfile, int *type) {
* Why a recursive function?
*
* publickey_from_next_file() will be executed until NULL is returned
* We can't return NULL if one of the possible keys is wrong. We want to
* test them before getting over
*/
STRING *publickey_from_next_file(SSH_SESSION *session,
struct keys_struct *keytab, size_t keytab_size,
char **privkeyfile, int *type,
unsigned int *count) {
static char *home = NULL; static char *home = NULL;
char public[256] = {0}; char public[256] = {0};
@ -948,36 +938,28 @@ STRING *publickey_from_next_file(SSH_SESSION *session,
} }
} }
if (*count >= keytab_size) { pub = keytab.public;
return NULL;
}
pub = keytab[*count].public;
if (pub == NULL) { if (pub == NULL) {
return NULL; return NULL;
} }
priv = keytab[*count].private; priv = keytab.private;
if (priv == NULL) { if (priv == NULL) {
return NULL; return NULL;
} }
(*count)++;
/* are them readable ? */ /* are them readable ? */
snprintf(public, sizeof(public), pub, home); snprintf(public, sizeof(public), pub, home);
ssh_log(session, SSH_LOG_PACKET, "Trying to open public key %s", public); ssh_log(session, SSH_LOG_PACKET, "Trying to open public key %s", public);
if (!ssh_file_readaccess_ok(public)) { if (!ssh_file_readaccess_ok(public)) {
ssh_log(session, SSH_LOG_PACKET, "Failed"); ssh_log(session, SSH_LOG_PACKET, "Failed");
return publickey_from_next_file(session, keytab, keytab_size, return NULL;
privkeyfile, type, count);
} }
snprintf(private, sizeof(private), priv, home); snprintf(private, sizeof(private), priv, home);
ssh_log(session, SSH_LOG_PACKET, "Trying to open private key %s", private); ssh_log(session, SSH_LOG_PACKET, "Trying to open private key %s", private);
if (!ssh_file_readaccess_ok(private)) { if (!ssh_file_readaccess_ok(private)) {
ssh_log(session, SSH_LOG_PACKET, "Failed"); ssh_log(session, SSH_LOG_PACKET, "Failed");
return publickey_from_next_file(session, keytab, keytab_size, return NULL;
privkeyfile, type, count);
} }
ssh_log(session, SSH_LOG_PACKET, "Success reading public and private key"); ssh_log(session, SSH_LOG_PACKET, "Success reading public and private key");
@ -992,8 +974,7 @@ STRING *publickey_from_next_file(SSH_SESSION *session,
"Wasn't able to open public key file %s: %s", "Wasn't able to open public key file %s: %s",
public, public,
ssh_get_error(session)); ssh_get_error(session));
return publickey_from_next_file(session, keytab, keytab_size, return NULL;
privkeyfile, type, count);
} }
new = realloc(*privkeyfile, strlen(private) + 1); new = realloc(*privkeyfile, strlen(private) + 1);

Просмотреть файл

@ -12,7 +12,7 @@ SSH_0.3 {
ssh_get_pubkey_hash; ssh_get_pubkey; ssh_get_pubkey_hash; ssh_get_pubkey;
ssh_fd_poll; ssh_select; publickey_free; ssh_fd_poll; ssh_select; publickey_free;
privatekey_from_file; publickey_to_string; publickey_from_privatekey; privatekey_from_file; publickey_to_string; publickey_from_privatekey;
private_key_free; publickey_from_file; publickey_from_next_file; private_key_free; publickey_from_file; try_publickey_from_file;
ssh_is_server_known; ssh_write_knownhost; ssh_is_server_known; ssh_write_knownhost;
channel_new; channel_open_forward; channel_open_session; channel_free; channel_new; channel_open_forward; channel_open_session; channel_free;
channel_request_pty; channel_request_pty_size; channel_change_pty_size; channel_request_pty; channel_request_pty_size; channel_change_pty_size;