Improve the autopubkey authentication.
git-svn-id: svn+ssh://svn.berlios.de/svnroot/repos/libssh/trunk@658 7dcaeef0-15fb-0310-b436-a5af3365683c
Этот коммит содержится в:
родитель
06a0dea2ad
Коммит
567cc5984a
@ -256,9 +256,9 @@ PUBLIC_KEY *publickey_from_privatekey(PRIVATE_KEY *prv);
|
||||
void privatekey_free(PRIVATE_KEY *prv);
|
||||
STRING *publickey_from_file(SSH_SESSION *session, const char *filename,
|
||||
int *type);
|
||||
STRING *publickey_from_next_file(SSH_SESSION *session,
|
||||
struct keys_struct *keytab, size_t keytab_size,
|
||||
char **privkeyfile, int *type, unsigned int *count);
|
||||
STRING *try_publickey_from_file(SSH_SESSION *session,
|
||||
struct keys_struct keytab,
|
||||
char **privkeyfile, int *type);
|
||||
int ssh_is_server_known(SSH_SESSION *session);
|
||||
int ssh_write_knownhost(SSH_SESSION *session);
|
||||
|
||||
|
@ -88,6 +88,7 @@ set(libssh_SRCS
|
||||
socket.c
|
||||
string.c
|
||||
wrapper.c
|
||||
libssh.map
|
||||
)
|
||||
|
||||
if (WITH_SFTP)
|
||||
|
@ -738,7 +738,7 @@ int ssh_userauth_autopubkey(SSH_SESSION *session, const char *passphrase) {
|
||||
char *privkeyfile = NULL;
|
||||
char *id = NULL;
|
||||
size_t size;
|
||||
unsigned int count = 0;
|
||||
unsigned int i = 0;
|
||||
int type = 0;
|
||||
int rc;
|
||||
|
||||
@ -834,8 +834,15 @@ int ssh_userauth_autopubkey(SSH_SESSION *session, const char *passphrase) {
|
||||
keytab[size - 1].public = id;
|
||||
}
|
||||
|
||||
while ((pubkey = publickey_from_next_file(session, keytab, size,
|
||||
&privkeyfile, &type, &count))) {
|
||||
for (i = 0, pubkey = try_publickey_from_file(session, keytab[i],
|
||||
&privkeyfile, &type);
|
||||
i < size;
|
||||
pubkey = try_publickey_from_file(session, keytab[++i],
|
||||
&privkeyfile, &type)) {
|
||||
if (pubkey == NULL) {
|
||||
continue;
|
||||
}
|
||||
|
||||
rc = ssh_userauth_offer_pubkey(session, NULL, type, pubkey);
|
||||
if (rc == SSH_AUTH_ERROR){
|
||||
if (id != NULL) {
|
||||
|
@ -919,18 +919,8 @@ STRING *publickey_from_file(SSH_SESSION *session, const char *filename,
|
||||
return str;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Why a recursive function?
|
||||
*
|
||||
* publickey_from_next_file() will be executed until NULL is returned
|
||||
* We can't return NULL if one of the possible keys is wrong. We want to
|
||||
* test them before getting over
|
||||
*/
|
||||
STRING *publickey_from_next_file(SSH_SESSION *session,
|
||||
struct keys_struct *keytab, size_t keytab_size,
|
||||
char **privkeyfile, int *type,
|
||||
unsigned int *count) {
|
||||
STRING *try_publickey_from_file(SSH_SESSION *session, struct keys_struct keytab,
|
||||
char **privkeyfile, int *type) {
|
||||
static char *home = NULL;
|
||||
|
||||
char public[256] = {0};
|
||||
@ -948,36 +938,28 @@ STRING *publickey_from_next_file(SSH_SESSION *session,
|
||||
}
|
||||
}
|
||||
|
||||
if (*count >= keytab_size) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
pub = keytab[*count].public;
|
||||
pub = keytab.public;
|
||||
if (pub == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
priv = keytab[*count].private;
|
||||
priv = keytab.private;
|
||||
if (priv == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
(*count)++;
|
||||
|
||||
/* are them readable ? */
|
||||
snprintf(public, sizeof(public), pub, home);
|
||||
ssh_log(session, SSH_LOG_PACKET, "Trying to open public key %s", public);
|
||||
if (!ssh_file_readaccess_ok(public)) {
|
||||
ssh_log(session, SSH_LOG_PACKET, "Failed");
|
||||
return publickey_from_next_file(session, keytab, keytab_size,
|
||||
privkeyfile, type, count);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
snprintf(private, sizeof(private), priv, home);
|
||||
ssh_log(session, SSH_LOG_PACKET, "Trying to open private key %s", private);
|
||||
if (!ssh_file_readaccess_ok(private)) {
|
||||
ssh_log(session, SSH_LOG_PACKET, "Failed");
|
||||
return publickey_from_next_file(session, keytab, keytab_size,
|
||||
privkeyfile, type, count);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ssh_log(session, SSH_LOG_PACKET, "Success reading public and private key");
|
||||
@ -992,8 +974,7 @@ STRING *publickey_from_next_file(SSH_SESSION *session,
|
||||
"Wasn't able to open public key file %s: %s",
|
||||
public,
|
||||
ssh_get_error(session));
|
||||
return publickey_from_next_file(session, keytab, keytab_size,
|
||||
privkeyfile, type, count);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
new = realloc(*privkeyfile, strlen(private) + 1);
|
||||
|
@ -12,7 +12,7 @@ SSH_0.3 {
|
||||
ssh_get_pubkey_hash; ssh_get_pubkey;
|
||||
ssh_fd_poll; ssh_select; publickey_free;
|
||||
privatekey_from_file; publickey_to_string; publickey_from_privatekey;
|
||||
private_key_free; publickey_from_file; publickey_from_next_file;
|
||||
private_key_free; publickey_from_file; try_publickey_from_file;
|
||||
ssh_is_server_known; ssh_write_knownhost;
|
||||
channel_new; channel_open_forward; channel_open_session; channel_free;
|
||||
channel_request_pty; channel_request_pty_size; channel_change_pty_size;
|
||||
|
Загрузка…
Ссылка в новой задаче
Block a user