auth: Make ssh_userauth_autopubkey legacy.

This commit is contained in:
Andreas Schneider 2011-08-25 09:54:26 +02:00
parent 21261270e5
commit 89253fd22a
7 changed files with 9 additions and 176 deletions

View File

@ -23,7 +23,7 @@ int main(int argc, const char **argv){
else
session.setOption(SSH_OPTIONS_HOST,"localhost");
session.connect();
session.userauthAutopubkey();
session.userauthPublickeyAuto();
session.disconnect();
} catch (ssh::SshException e){
std::cout << "Error during connection : ";

View File

@ -29,7 +29,7 @@ int main(int argc, const char **argv){
err=session.connect();
if(err==SSH_ERROR)
goto error;
err=session.userauthAutopubkey();
err=session.userauthPublickeyAuto();
if(err==SSH_ERROR)
goto error;

View File

@ -37,6 +37,7 @@ LIBSSH_API int ssh_userauth_pubkey(ssh_session session, const char *username, ss
LIBSSH_API int ssh_userauth_agent_pubkey(ssh_session session, const char *username,
ssh_public_key publickey);
#endif
LIBSSH_API int ssh_userauth_autopubkey(ssh_session session, const char *passphrase);
LIBSSH_API void buffer_free(ssh_buffer buffer);
LIBSSH_API void *buffer_get(ssh_buffer buffer);

View File

@ -508,7 +508,6 @@ LIBSSH_API int ssh_userauth_publickey_auto(ssh_session session,
const char *username,
const char *passphrase);
LIBSSH_API int ssh_userauth_autopubkey(ssh_session session, const char *passphrase);
LIBSSH_API int ssh_userauth_kbdint(ssh_session session, const char *user, const char *submethods);
LIBSSH_API const char *ssh_userauth_kbdint_getinstruction(ssh_session session);
LIBSSH_API const char *ssh_userauth_kbdint_getname(ssh_session session);

View File

@ -177,8 +177,8 @@ public:
* @returns SSH_AUTH_SUCCESS, SSH_AUTH_PARTIAL, SSH_AUTH_DENIED
* @see ssh_userauth_autopubkey
*/
int userauthAutopubkey(void){
int ret=ssh_userauth_autopubkey(c_session,NULL);
int userauthPublickeyAuto(void){
int ret=ssh_userauth_publickey_auto(c_session, NULL, NULL);
ssh_throw(ret);
return ret;
}

View File

@ -1435,177 +1435,6 @@ error:
return rc;
}
/**
* @brief Tries to automatically authenticate with public key and "none"
*
* It may fail, for instance it doesn't ask for a password and uses a default
* asker for passphrases (in case the private key is encrypted).
*
* @param[in] session The ssh session to authenticate with.
*
* @param[in] passphrase Use this passphrase to unlock the privatekey. Use NULL
* if you don't want to use a passphrase or the user
* should be asked.
*
* @returns SSH_AUTH_ERROR: A serious error happened\n
* SSH_AUTH_DENIED: Authentication failed: use another method\n
* SSH_AUTH_PARTIAL: You've been partially authenticated, you still
* have to use another method\n
* SSH_AUTH_SUCCESS: Authentication success
*
* @see ssh_userauth_kbdint()
* @see ssh_userauth_password()
*/
int ssh_userauth_autopubkey(ssh_session session, const char *passphrase) {
struct ssh_iterator *it;
ssh_private_key privkey;
ssh_public_key pubkey;
ssh_string pubkey_string;
int type = 0;
int rc;
enter_function();
/* Always test none authentication */
rc = ssh_userauth_none(session, NULL);
if (rc == SSH_AUTH_ERROR || rc == SSH_AUTH_SUCCESS) {
leave_function();
return rc;
}
/* Try authentication with ssh-agent first */
#ifndef _WIN32
rc = ssh_userauth_agent(session, NULL);
if (rc == SSH_AUTH_ERROR || rc == SSH_AUTH_SUCCESS) {
leave_function();
return rc;
}
#endif
for (it = ssh_list_get_iterator(session->identity);
it != NULL;
it = it->next) {
const char *privkey_file = it->data;
int privkey_open = 0;
privkey = NULL;
ssh_log(session, SSH_LOG_PROTOCOL, "Trying to read privatekey %s", privkey_file);
rc = ssh_try_publickey_from_file(session, privkey_file, &pubkey_string, &type);
if (rc == 1) {
char *publickey_file;
size_t len;
privkey = privatekey_from_file(session, privkey_file, type, passphrase);
if (privkey == NULL) {
ssh_log(session, SSH_LOG_RARE,
"Reading private key %s failed (bad passphrase ?)",
privkey_file);
leave_function();
return SSH_AUTH_ERROR;
}
privkey_open = 1;
pubkey = publickey_from_privatekey(privkey);
if (pubkey == NULL) {
privatekey_free(privkey);
ssh_set_error_oom(session);
leave_function();
return SSH_AUTH_ERROR;
}
pubkey_string = publickey_to_string(pubkey);
type = pubkey->type;
publickey_free(pubkey);
if (pubkey_string == NULL) {
ssh_set_error_oom(session);
leave_function();
return SSH_AUTH_ERROR;
}
len = strlen(privkey_file) + 5;
publickey_file = malloc(len);
if (publickey_file == NULL) {
ssh_set_error_oom(session);
leave_function();
return SSH_AUTH_ERROR;
}
snprintf(publickey_file, len, "%s.pub", privkey_file);
rc = ssh_publickey_to_file(session, publickey_file, pubkey_string, type);
if (rc < 0) {
ssh_log(session, SSH_LOG_PACKET,
"Could not write public key to file: %s", publickey_file);
}
SAFE_FREE(publickey_file);
} else if (rc < 0) {
continue;
}
rc = ssh_userauth_offer_pubkey(session, NULL, type, pubkey_string);
if (rc == SSH_AUTH_ERROR){
ssh_string_free(pubkey_string);
ssh_log(session, SSH_LOG_RARE, "Publickey authentication error");
leave_function();
return rc;
} else {
if (rc != SSH_AUTH_SUCCESS){
ssh_log(session, SSH_LOG_PROTOCOL, "Publickey refused by server");
ssh_string_free(pubkey_string);
continue;
}
}
/* Public key accepted by server! */
if (!privkey_open) {
ssh_log(session, SSH_LOG_PROTOCOL, "Trying to read privatekey %s",
privkey_file);
privkey = privatekey_from_file(session, privkey_file, type, passphrase);
if (privkey == NULL) {
ssh_log(session, SSH_LOG_RARE,
"Reading private key %s failed (bad passphrase ?)",
privkey_file);
ssh_string_free(pubkey_string);
continue; /* continue the loop with other pubkey */
}
}
rc = ssh_userauth_pubkey(session, NULL, pubkey_string, privkey);
if (rc == SSH_AUTH_ERROR) {
ssh_string_free(pubkey_string);
privatekey_free(privkey);
leave_function();
return rc;
} else {
if (rc != SSH_AUTH_SUCCESS){
ssh_log(session, SSH_LOG_RARE,
"The server accepted the public key but refused the signature");
ssh_string_free(pubkey_string);
privatekey_free(privkey);
continue;
}
}
/* auth success */
ssh_log(session, SSH_LOG_PROTOCOL,
"Successfully authenticated using %s", privkey_file);
ssh_string_free(pubkey_string);
privatekey_free(privkey);
leave_function();
return SSH_AUTH_SUCCESS;
}
/* at this point, pubkey is NULL and so is privkeyfile */
ssh_log(session, SSH_LOG_PROTOCOL,
"Tried every public key, none matched");
ssh_set_error(session,SSH_NO_ERROR,"No public key matched");
leave_function();
return SSH_AUTH_DENIED;
}
ssh_kbdint kbdint_new(void) {
ssh_kbdint kbd;

View File

@ -89,6 +89,10 @@ int ssh_userauth_pubkey(ssh_session session,
return rc;
}
int ssh_userauth_autopubkey(ssh_session session, const char *passphrase) {
return ssh_userauth_publickey_auto(session, NULL, passphrase);
}
/* BUFFER FUNCTIONS */
void buffer_free(ssh_buffer buffer){