auth: Make ssh_userauth_autopubkey legacy.
This commit is contained in:
parent
21261270e5
commit
89253fd22a
@ -23,7 +23,7 @@ int main(int argc, const char **argv){
|
||||
else
|
||||
session.setOption(SSH_OPTIONS_HOST,"localhost");
|
||||
session.connect();
|
||||
session.userauthAutopubkey();
|
||||
session.userauthPublickeyAuto();
|
||||
session.disconnect();
|
||||
} catch (ssh::SshException e){
|
||||
std::cout << "Error during connection : ";
|
||||
|
@ -29,7 +29,7 @@ int main(int argc, const char **argv){
|
||||
err=session.connect();
|
||||
if(err==SSH_ERROR)
|
||||
goto error;
|
||||
err=session.userauthAutopubkey();
|
||||
err=session.userauthPublickeyAuto();
|
||||
if(err==SSH_ERROR)
|
||||
goto error;
|
||||
|
||||
|
@ -37,6 +37,7 @@ LIBSSH_API int ssh_userauth_pubkey(ssh_session session, const char *username, ss
|
||||
LIBSSH_API int ssh_userauth_agent_pubkey(ssh_session session, const char *username,
|
||||
ssh_public_key publickey);
|
||||
#endif
|
||||
LIBSSH_API int ssh_userauth_autopubkey(ssh_session session, const char *passphrase);
|
||||
|
||||
LIBSSH_API void buffer_free(ssh_buffer buffer);
|
||||
LIBSSH_API void *buffer_get(ssh_buffer buffer);
|
||||
|
@ -508,7 +508,6 @@ LIBSSH_API int ssh_userauth_publickey_auto(ssh_session session,
|
||||
const char *username,
|
||||
const char *passphrase);
|
||||
|
||||
LIBSSH_API int ssh_userauth_autopubkey(ssh_session session, const char *passphrase);
|
||||
LIBSSH_API int ssh_userauth_kbdint(ssh_session session, const char *user, const char *submethods);
|
||||
LIBSSH_API const char *ssh_userauth_kbdint_getinstruction(ssh_session session);
|
||||
LIBSSH_API const char *ssh_userauth_kbdint_getname(ssh_session session);
|
||||
|
@ -177,8 +177,8 @@ public:
|
||||
* @returns SSH_AUTH_SUCCESS, SSH_AUTH_PARTIAL, SSH_AUTH_DENIED
|
||||
* @see ssh_userauth_autopubkey
|
||||
*/
|
||||
int userauthAutopubkey(void){
|
||||
int ret=ssh_userauth_autopubkey(c_session,NULL);
|
||||
int userauthPublickeyAuto(void){
|
||||
int ret=ssh_userauth_publickey_auto(c_session, NULL, NULL);
|
||||
ssh_throw(ret);
|
||||
return ret;
|
||||
}
|
||||
|
171
src/auth.c
171
src/auth.c
@ -1435,177 +1435,6 @@ error:
|
||||
return rc;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Tries to automatically authenticate with public key and "none"
|
||||
*
|
||||
* It may fail, for instance it doesn't ask for a password and uses a default
|
||||
* asker for passphrases (in case the private key is encrypted).
|
||||
*
|
||||
* @param[in] session The ssh session to authenticate with.
|
||||
*
|
||||
* @param[in] passphrase Use this passphrase to unlock the privatekey. Use NULL
|
||||
* if you don't want to use a passphrase or the user
|
||||
* should be asked.
|
||||
*
|
||||
* @returns SSH_AUTH_ERROR: A serious error happened\n
|
||||
* SSH_AUTH_DENIED: Authentication failed: use another method\n
|
||||
* SSH_AUTH_PARTIAL: You've been partially authenticated, you still
|
||||
* have to use another method\n
|
||||
* SSH_AUTH_SUCCESS: Authentication success
|
||||
*
|
||||
* @see ssh_userauth_kbdint()
|
||||
* @see ssh_userauth_password()
|
||||
*/
|
||||
int ssh_userauth_autopubkey(ssh_session session, const char *passphrase) {
|
||||
struct ssh_iterator *it;
|
||||
ssh_private_key privkey;
|
||||
ssh_public_key pubkey;
|
||||
ssh_string pubkey_string;
|
||||
int type = 0;
|
||||
int rc;
|
||||
|
||||
enter_function();
|
||||
|
||||
/* Always test none authentication */
|
||||
rc = ssh_userauth_none(session, NULL);
|
||||
if (rc == SSH_AUTH_ERROR || rc == SSH_AUTH_SUCCESS) {
|
||||
leave_function();
|
||||
return rc;
|
||||
}
|
||||
|
||||
/* Try authentication with ssh-agent first */
|
||||
#ifndef _WIN32
|
||||
rc = ssh_userauth_agent(session, NULL);
|
||||
if (rc == SSH_AUTH_ERROR || rc == SSH_AUTH_SUCCESS) {
|
||||
leave_function();
|
||||
return rc;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
for (it = ssh_list_get_iterator(session->identity);
|
||||
it != NULL;
|
||||
it = it->next) {
|
||||
const char *privkey_file = it->data;
|
||||
int privkey_open = 0;
|
||||
|
||||
privkey = NULL;
|
||||
|
||||
ssh_log(session, SSH_LOG_PROTOCOL, "Trying to read privatekey %s", privkey_file);
|
||||
|
||||
rc = ssh_try_publickey_from_file(session, privkey_file, &pubkey_string, &type);
|
||||
if (rc == 1) {
|
||||
char *publickey_file;
|
||||
size_t len;
|
||||
|
||||
privkey = privatekey_from_file(session, privkey_file, type, passphrase);
|
||||
if (privkey == NULL) {
|
||||
ssh_log(session, SSH_LOG_RARE,
|
||||
"Reading private key %s failed (bad passphrase ?)",
|
||||
privkey_file);
|
||||
leave_function();
|
||||
return SSH_AUTH_ERROR;
|
||||
}
|
||||
privkey_open = 1;
|
||||
|
||||
pubkey = publickey_from_privatekey(privkey);
|
||||
if (pubkey == NULL) {
|
||||
privatekey_free(privkey);
|
||||
ssh_set_error_oom(session);
|
||||
leave_function();
|
||||
return SSH_AUTH_ERROR;
|
||||
}
|
||||
|
||||
pubkey_string = publickey_to_string(pubkey);
|
||||
type = pubkey->type;
|
||||
publickey_free(pubkey);
|
||||
if (pubkey_string == NULL) {
|
||||
ssh_set_error_oom(session);
|
||||
leave_function();
|
||||
return SSH_AUTH_ERROR;
|
||||
}
|
||||
|
||||
len = strlen(privkey_file) + 5;
|
||||
publickey_file = malloc(len);
|
||||
if (publickey_file == NULL) {
|
||||
ssh_set_error_oom(session);
|
||||
leave_function();
|
||||
return SSH_AUTH_ERROR;
|
||||
}
|
||||
snprintf(publickey_file, len, "%s.pub", privkey_file);
|
||||
rc = ssh_publickey_to_file(session, publickey_file, pubkey_string, type);
|
||||
if (rc < 0) {
|
||||
ssh_log(session, SSH_LOG_PACKET,
|
||||
"Could not write public key to file: %s", publickey_file);
|
||||
}
|
||||
SAFE_FREE(publickey_file);
|
||||
} else if (rc < 0) {
|
||||
continue;
|
||||
}
|
||||
|
||||
rc = ssh_userauth_offer_pubkey(session, NULL, type, pubkey_string);
|
||||
if (rc == SSH_AUTH_ERROR){
|
||||
ssh_string_free(pubkey_string);
|
||||
ssh_log(session, SSH_LOG_RARE, "Publickey authentication error");
|
||||
leave_function();
|
||||
return rc;
|
||||
} else {
|
||||
if (rc != SSH_AUTH_SUCCESS){
|
||||
ssh_log(session, SSH_LOG_PROTOCOL, "Publickey refused by server");
|
||||
ssh_string_free(pubkey_string);
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
/* Public key accepted by server! */
|
||||
if (!privkey_open) {
|
||||
ssh_log(session, SSH_LOG_PROTOCOL, "Trying to read privatekey %s",
|
||||
privkey_file);
|
||||
privkey = privatekey_from_file(session, privkey_file, type, passphrase);
|
||||
if (privkey == NULL) {
|
||||
ssh_log(session, SSH_LOG_RARE,
|
||||
"Reading private key %s failed (bad passphrase ?)",
|
||||
privkey_file);
|
||||
ssh_string_free(pubkey_string);
|
||||
continue; /* continue the loop with other pubkey */
|
||||
}
|
||||
}
|
||||
|
||||
rc = ssh_userauth_pubkey(session, NULL, pubkey_string, privkey);
|
||||
if (rc == SSH_AUTH_ERROR) {
|
||||
ssh_string_free(pubkey_string);
|
||||
privatekey_free(privkey);
|
||||
leave_function();
|
||||
return rc;
|
||||
} else {
|
||||
if (rc != SSH_AUTH_SUCCESS){
|
||||
ssh_log(session, SSH_LOG_RARE,
|
||||
"The server accepted the public key but refused the signature");
|
||||
ssh_string_free(pubkey_string);
|
||||
privatekey_free(privkey);
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
/* auth success */
|
||||
ssh_log(session, SSH_LOG_PROTOCOL,
|
||||
"Successfully authenticated using %s", privkey_file);
|
||||
ssh_string_free(pubkey_string);
|
||||
privatekey_free(privkey);
|
||||
|
||||
leave_function();
|
||||
return SSH_AUTH_SUCCESS;
|
||||
}
|
||||
|
||||
/* at this point, pubkey is NULL and so is privkeyfile */
|
||||
ssh_log(session, SSH_LOG_PROTOCOL,
|
||||
"Tried every public key, none matched");
|
||||
ssh_set_error(session,SSH_NO_ERROR,"No public key matched");
|
||||
|
||||
leave_function();
|
||||
return SSH_AUTH_DENIED;
|
||||
}
|
||||
|
||||
ssh_kbdint kbdint_new(void) {
|
||||
ssh_kbdint kbd;
|
||||
|
||||
|
@ -89,6 +89,10 @@ int ssh_userauth_pubkey(ssh_session session,
|
||||
return rc;
|
||||
}
|
||||
|
||||
int ssh_userauth_autopubkey(ssh_session session, const char *passphrase) {
|
||||
return ssh_userauth_publickey_auto(session, NULL, passphrase);
|
||||
}
|
||||
|
||||
/* BUFFER FUNCTIONS */
|
||||
|
||||
void buffer_free(ssh_buffer buffer){
|
||||
|
Loading…
Reference in New Issue
Block a user