Improve the autopubkey authentication.
git-svn-id: svn+ssh://svn.berlios.de/svnroot/repos/libssh/trunk@658 7dcaeef0-15fb-0310-b436-a5af3365683c
Этот коммит содержится в:
родитель
06a0dea2ad
Коммит
567cc5984a
@ -256,9 +256,9 @@ PUBLIC_KEY *publickey_from_privatekey(PRIVATE_KEY *prv);
|
|||||||
void privatekey_free(PRIVATE_KEY *prv);
|
void privatekey_free(PRIVATE_KEY *prv);
|
||||||
STRING *publickey_from_file(SSH_SESSION *session, const char *filename,
|
STRING *publickey_from_file(SSH_SESSION *session, const char *filename,
|
||||||
int *type);
|
int *type);
|
||||||
STRING *publickey_from_next_file(SSH_SESSION *session,
|
STRING *try_publickey_from_file(SSH_SESSION *session,
|
||||||
struct keys_struct *keytab, size_t keytab_size,
|
struct keys_struct keytab,
|
||||||
char **privkeyfile, int *type, unsigned int *count);
|
char **privkeyfile, int *type);
|
||||||
int ssh_is_server_known(SSH_SESSION *session);
|
int ssh_is_server_known(SSH_SESSION *session);
|
||||||
int ssh_write_knownhost(SSH_SESSION *session);
|
int ssh_write_knownhost(SSH_SESSION *session);
|
||||||
|
|
||||||
|
@ -88,6 +88,7 @@ set(libssh_SRCS
|
|||||||
socket.c
|
socket.c
|
||||||
string.c
|
string.c
|
||||||
wrapper.c
|
wrapper.c
|
||||||
|
libssh.map
|
||||||
)
|
)
|
||||||
|
|
||||||
if (WITH_SFTP)
|
if (WITH_SFTP)
|
||||||
|
@ -738,7 +738,7 @@ int ssh_userauth_autopubkey(SSH_SESSION *session, const char *passphrase) {
|
|||||||
char *privkeyfile = NULL;
|
char *privkeyfile = NULL;
|
||||||
char *id = NULL;
|
char *id = NULL;
|
||||||
size_t size;
|
size_t size;
|
||||||
unsigned int count = 0;
|
unsigned int i = 0;
|
||||||
int type = 0;
|
int type = 0;
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
@ -834,8 +834,15 @@ int ssh_userauth_autopubkey(SSH_SESSION *session, const char *passphrase) {
|
|||||||
keytab[size - 1].public = id;
|
keytab[size - 1].public = id;
|
||||||
}
|
}
|
||||||
|
|
||||||
while ((pubkey = publickey_from_next_file(session, keytab, size,
|
for (i = 0, pubkey = try_publickey_from_file(session, keytab[i],
|
||||||
&privkeyfile, &type, &count))) {
|
&privkeyfile, &type);
|
||||||
|
i < size;
|
||||||
|
pubkey = try_publickey_from_file(session, keytab[++i],
|
||||||
|
&privkeyfile, &type)) {
|
||||||
|
if (pubkey == NULL) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
rc = ssh_userauth_offer_pubkey(session, NULL, type, pubkey);
|
rc = ssh_userauth_offer_pubkey(session, NULL, type, pubkey);
|
||||||
if (rc == SSH_AUTH_ERROR){
|
if (rc == SSH_AUTH_ERROR){
|
||||||
if (id != NULL) {
|
if (id != NULL) {
|
||||||
|
@ -919,18 +919,8 @@ STRING *publickey_from_file(SSH_SESSION *session, const char *filename,
|
|||||||
return str;
|
return str;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
STRING *try_publickey_from_file(SSH_SESSION *session, struct keys_struct keytab,
|
||||||
/*
|
char **privkeyfile, int *type) {
|
||||||
* Why a recursive function?
|
|
||||||
*
|
|
||||||
* publickey_from_next_file() will be executed until NULL is returned
|
|
||||||
* We can't return NULL if one of the possible keys is wrong. We want to
|
|
||||||
* test them before getting over
|
|
||||||
*/
|
|
||||||
STRING *publickey_from_next_file(SSH_SESSION *session,
|
|
||||||
struct keys_struct *keytab, size_t keytab_size,
|
|
||||||
char **privkeyfile, int *type,
|
|
||||||
unsigned int *count) {
|
|
||||||
static char *home = NULL;
|
static char *home = NULL;
|
||||||
|
|
||||||
char public[256] = {0};
|
char public[256] = {0};
|
||||||
@ -948,36 +938,28 @@ STRING *publickey_from_next_file(SSH_SESSION *session,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (*count >= keytab_size) {
|
pub = keytab.public;
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
pub = keytab[*count].public;
|
|
||||||
if (pub == NULL) {
|
if (pub == NULL) {
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
priv = keytab[*count].private;
|
priv = keytab.private;
|
||||||
if (priv == NULL) {
|
if (priv == NULL) {
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
(*count)++;
|
|
||||||
|
|
||||||
/* are them readable ? */
|
/* are them readable ? */
|
||||||
snprintf(public, sizeof(public), pub, home);
|
snprintf(public, sizeof(public), pub, home);
|
||||||
ssh_log(session, SSH_LOG_PACKET, "Trying to open public key %s", public);
|
ssh_log(session, SSH_LOG_PACKET, "Trying to open public key %s", public);
|
||||||
if (!ssh_file_readaccess_ok(public)) {
|
if (!ssh_file_readaccess_ok(public)) {
|
||||||
ssh_log(session, SSH_LOG_PACKET, "Failed");
|
ssh_log(session, SSH_LOG_PACKET, "Failed");
|
||||||
return publickey_from_next_file(session, keytab, keytab_size,
|
return NULL;
|
||||||
privkeyfile, type, count);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
snprintf(private, sizeof(private), priv, home);
|
snprintf(private, sizeof(private), priv, home);
|
||||||
ssh_log(session, SSH_LOG_PACKET, "Trying to open private key %s", private);
|
ssh_log(session, SSH_LOG_PACKET, "Trying to open private key %s", private);
|
||||||
if (!ssh_file_readaccess_ok(private)) {
|
if (!ssh_file_readaccess_ok(private)) {
|
||||||
ssh_log(session, SSH_LOG_PACKET, "Failed");
|
ssh_log(session, SSH_LOG_PACKET, "Failed");
|
||||||
return publickey_from_next_file(session, keytab, keytab_size,
|
return NULL;
|
||||||
privkeyfile, type, count);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
ssh_log(session, SSH_LOG_PACKET, "Success reading public and private key");
|
ssh_log(session, SSH_LOG_PACKET, "Success reading public and private key");
|
||||||
@ -992,8 +974,7 @@ STRING *publickey_from_next_file(SSH_SESSION *session,
|
|||||||
"Wasn't able to open public key file %s: %s",
|
"Wasn't able to open public key file %s: %s",
|
||||||
public,
|
public,
|
||||||
ssh_get_error(session));
|
ssh_get_error(session));
|
||||||
return publickey_from_next_file(session, keytab, keytab_size,
|
return NULL;
|
||||||
privkeyfile, type, count);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
new = realloc(*privkeyfile, strlen(private) + 1);
|
new = realloc(*privkeyfile, strlen(private) + 1);
|
||||||
|
@ -12,7 +12,7 @@ SSH_0.3 {
|
|||||||
ssh_get_pubkey_hash; ssh_get_pubkey;
|
ssh_get_pubkey_hash; ssh_get_pubkey;
|
||||||
ssh_fd_poll; ssh_select; publickey_free;
|
ssh_fd_poll; ssh_select; publickey_free;
|
||||||
privatekey_from_file; publickey_to_string; publickey_from_privatekey;
|
privatekey_from_file; publickey_to_string; publickey_from_privatekey;
|
||||||
private_key_free; publickey_from_file; publickey_from_next_file;
|
private_key_free; publickey_from_file; try_publickey_from_file;
|
||||||
ssh_is_server_known; ssh_write_knownhost;
|
ssh_is_server_known; ssh_write_knownhost;
|
||||||
channel_new; channel_open_forward; channel_open_session; channel_free;
|
channel_new; channel_open_forward; channel_open_session; channel_free;
|
||||||
channel_request_pty; channel_request_pty_size; channel_change_pty_size;
|
channel_request_pty; channel_request_pty_size; channel_change_pty_size;
|
||||||
|
Загрузка…
Ссылка в новой задаче
Block a user