ports/libssh
ports/libssh
1
1
Форкнуть 0
Код Релизы 1 Активность

server: Migrate more functions to new pki.

Просмотр исходного кода
Этот коммит содержится в:
Andreas Schneider 2011-08-22 17:05:48 +02:00
родитель bf2f553fc3
Коммит 8c8a91a9b7
4 изменённых файлов: 95 добавлений и 58 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
include/libssh/messages.h
Просмотреть файл

@ -28,7 +28,7 @@ struct ssh_auth_request {
char *username; char *username;
int method; int method;
char *password; char *password;
struct ssh_public_key_struct *public_key; struct ssh_key_struct *pubkey;
char signature_state; char signature_state;
char kbdint_response; char kbdint_response;
}; };

13
include/libssh/server.h
Просмотреть файл

@ -281,6 +281,19 @@ LIBSSH_API const char *ssh_message_auth_user(ssh_message msg);
* @see ssh_message_type() * @see ssh_message_type()
*/ */
LIBSSH_API const char *ssh_message_auth_password(ssh_message msg); LIBSSH_API const char *ssh_message_auth_password(ssh_message msg);
/**
* @brief Get the publickey of the authenticated user.
*
* @param[in] msg The message to get the public key from.
*
* @return The public key or NULL.
*
* @see ssh_message_get()
* @see ssh_message_type()
*/
LIBSSH_API ssh_key ssh_message_auth_pubkey(ssh_message msg);
LIBSSH_API ssh_public_key ssh_message_auth_publickey(ssh_message msg); LIBSSH_API ssh_public_key ssh_message_auth_publickey(ssh_message msg);
LIBSSH_API int ssh_message_auth_kbdint_is_response(ssh_message msg); LIBSSH_API int ssh_message_auth_kbdint_is_response(ssh_message msg);
LIBSSH_API enum ssh_publickey_state_e ssh_message_auth_publickey_state(ssh_message msg); LIBSSH_API enum ssh_publickey_state_e ssh_message_auth_publickey_state(ssh_message msg);

98
src/messages.c
Просмотреть файл

@ -38,7 +38,7 @@
#include "libssh/channels.h" #include "libssh/channels.h"
#include "libssh/session.h" #include "libssh/session.h"
#include "libssh/misc.h" #include "libssh/misc.h"
#include "libssh/keys.h" #include "libssh/pki.h"
#include "libssh/dh.h" #include "libssh/dh.h"
#include "libssh/messages.h" #include "libssh/messages.h"
#ifdef WITH_SERVER #ifdef WITH_SERVER
@ -252,7 +252,7 @@ void ssh_message_free(ssh_message msg){
strlen(msg->auth_request.password)); strlen(msg->auth_request.password));
SAFE_FREE(msg->auth_request.password); SAFE_FREE(msg->auth_request.password);
} }
publickey_free(msg->auth_request.public_key); ssh_key_free(msg->auth_request.pubkey);
break; break;
case SSH_REQUEST_CHANNEL_OPEN: case SSH_REQUEST_CHANNEL_OPEN:
SAFE_FREE(msg->channel_request_open.originator); SAFE_FREE(msg->channel_request_open.originator);
@ -402,7 +402,7 @@ static ssh_buffer ssh_msg_userauth_build_digest(ssh_session session,
} }
/* Add the public key algorithm */ /* Add the public key algorithm */
str = ssh_string_from_char(msg->auth_request.public_key->type_c); str = ssh_string_from_char(msg->auth_request.pubkey->type_c);
if (str == NULL) { if (str == NULL) {
ssh_buffer_free(buffer); ssh_buffer_free(buffer);
return NULL; return NULL;
@ -415,7 +415,7 @@ static ssh_buffer ssh_msg_userauth_build_digest(ssh_session session,
} }
/* Add the publickey as blob */ /* Add the publickey as blob */
str = publickey_to_string(msg->auth_request.public_key); str = ssh_pki_export_pubkey_blob(msg->auth_request.pubkey);
if (str == NULL) { if (str == NULL) {
ssh_buffer_free(buffer); ssh_buffer_free(buffer);
return NULL; return NULL;
@ -560,8 +560,9 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_request){
if (strncmp(method_c, "publickey", method_size) == 0) { if (strncmp(method_c, "publickey", method_size) == 0) {
ssh_string algo = NULL; ssh_string algo = NULL;
ssh_string publickey = NULL; ssh_string pubkey_blob = NULL;
uint8_t has_sign; uint8_t has_sign;
int rc;
msg->auth_request.method = SSH_AUTH_METHOD_PUBLICKEY; msg->auth_request.method = SSH_AUTH_METHOD_PUBLICKEY;
SAFE_FREE(method_c); SAFE_FREE(method_c);
@ -570,64 +571,67 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_request){
if (algo == NULL) { if (algo == NULL) {
goto error; goto error;
} }
publickey = buffer_get_ssh_string(packet); pubkey_blob = buffer_get_ssh_string(packet);
if (publickey == NULL) { if (pubkey_blob == NULL) {
ssh_string_free(algo); ssh_string_free(algo);
algo = NULL; algo = NULL;
goto error; goto error;
} }
msg->auth_request.public_key = publickey_from_string(session, publickey);
ssh_string_free(algo); ssh_string_free(algo);
algo = NULL; algo = NULL;
ssh_string_free(publickey);
publickey = NULL; rc = ssh_pki_import_pubkey_blob(pubkey_blob, &msg->auth_request.pubkey);
if (msg->auth_request.public_key == NULL) { ssh_string_free(pubkey_blob);
goto error; pubkey_blob = NULL;
if (rc < 0) {
goto error;
} }
msg->auth_request.signature_state = SSH_PUBLICKEY_STATE_NONE; msg->auth_request.signature_state = SSH_PUBLICKEY_STATE_NONE;
// has a valid signature ? // has a valid signature ?
if(has_sign) { if(has_sign) {
SIGNATURE *signature = NULL; ssh_signature sig;
ssh_public_key public_key = msg->auth_request.public_key; ssh_string sig_blob = NULL;
ssh_string sign = NULL; ssh_buffer digest = NULL;
ssh_buffer digest = NULL;
sign = buffer_get_ssh_string(packet); sig_blob = buffer_get_ssh_string(packet);
if(sign == NULL) { if(sig_blob == NULL) {
ssh_log(session, SSH_LOG_PACKET, "Invalid signature packet from peer"); ssh_log(session, SSH_LOG_PACKET, "Invalid signature packet from peer");
msg->auth_request.signature_state = SSH_PUBLICKEY_STATE_ERROR; msg->auth_request.signature_state = SSH_PUBLICKEY_STATE_ERROR;
goto error; goto error;
} }
signature = signature_from_string(session, sign, public_key, rc = ssh_pki_import_signature_blob(sig_blob,
public_key->type); msg->auth_request.pubkey,
digest = ssh_msg_userauth_build_digest(session, msg, service_c); &sig);
if ((digest == NULL || signature == NULL) || ssh_string_free(sig_blob);
(digest != NULL && signature != NULL && if (rc < 0) {
sig_verify(session, public_key, signature, ssh_log(session, SSH_LOG_PACKET, "Wrong signature from peer");
buffer_get_rest(digest), buffer_get_rest_len(digest)) < 0)) { msg->auth_request.signature_state = SSH_PUBLICKEY_STATE_WRONG;
ssh_log(session, SSH_LOG_PACKET, "Wrong signature from peer"); goto error;
}
ssh_string_free(sign); digest = ssh_msg_userauth_build_digest(session, msg, service_c);
sign = NULL; if (digest == NULL) {
ssh_signature_free(sig);
ssh_log(session, SSH_LOG_PACKET, "Failed to get digest");
msg->auth_request.signature_state = SSH_PUBLICKEY_STATE_WRONG;
goto error;
}
rc = ssh_srv_pki_signature_verify_blob(session,
sig_blob,
msg->auth_request.pubkey,
buffer_get_rest(digest),
buffer_get_rest_len(digest));
ssh_string_free(sig_blob);
ssh_buffer_free(digest); ssh_buffer_free(digest);
digest = NULL; if (rc < 0) {
signature_free(signature); msg->auth_request.signature_state = SSH_PUBLICKEY_STATE_WRONG;
signature = NULL; goto error;
}
msg->auth_request.signature_state = SSH_PUBLICKEY_STATE_WRONG;
goto error;
}
else
ssh_log(session, SSH_LOG_PACKET, "Valid signature received"); ssh_log(session, SSH_LOG_PACKET, "Valid signature received");
ssh_buffer_free(digest); msg->auth_request.signature_state = SSH_PUBLICKEY_STATE_VALID;
digest = NULL;
ssh_string_free(sign);
sign = NULL;
signature_free(signature);
signature = NULL;
msg->auth_request.signature_state = SSH_PUBLICKEY_STATE_VALID;
} }
SAFE_FREE(service_c); SAFE_FREE(service_c);
goto end; goto end;

40
src/server.c
Просмотреть файл

@ -737,13 +737,21 @@ const char *ssh_message_auth_password(ssh_message msg){
return msg->auth_request.password; return msg->auth_request.password;
} }
ssh_key ssh_message_auth_pubkey(ssh_message msg) {
if (msg == NULL) {
return NULL;
}
return msg->auth_request.pubkey;
}
/* Get the publickey of an auth request */ /* Get the publickey of an auth request */
ssh_public_key ssh_message_auth_publickey(ssh_message msg){ ssh_public_key ssh_message_auth_publickey(ssh_message msg){
if (msg == NULL) { if (msg == NULL) {
return NULL; return NULL;
} }
return msg->auth_request.public_key; return ssh_pki_convert_key_to_publickey(msg->auth_request.pubkey);
} }
enum ssh_publickey_state_e ssh_message_auth_publickey_state(ssh_message msg){ enum ssh_publickey_state_e ssh_message_auth_publickey_state(ssh_message msg){
@ -944,15 +952,27 @@ int ssh_message_auth_reply_pk_ok(ssh_message msg, ssh_string algo, ssh_string pu
} }
int ssh_message_auth_reply_pk_ok_simple(ssh_message msg) { int ssh_message_auth_reply_pk_ok_simple(ssh_message msg) {
ssh_string algo; ssh_string algo;
ssh_string pubkey; ssh_string pubkey_blob;
int ret; int ret;
algo=ssh_string_from_char(msg->auth_request.public_key->type_c);
pubkey=publickey_to_string(msg->auth_request.public_key); algo = ssh_string_from_char(msg->auth_request.pubkey->type_c);
ret=ssh_message_auth_reply_pk_ok(msg,algo,pubkey); if (algo == NULL) {
ssh_string_free(algo); return SSH_ERROR;
ssh_string_free(pubkey); }
return ret;
pubkey_blob = ssh_pki_export_pubkey_blob(msg->auth_request.pubkey);
if (pubkey_blob == NULL) {
ssh_string_free(algo);
return SSH_ERROR;
}
ret = ssh_message_auth_reply_pk_ok(msg, algo, pubkey_blob);
ssh_string_free(algo);
ssh_string_free(pubkey_blob);
return ret;
} }