ports/libssh
ports/libssh
1
1
Форкнуть 0
Код Релизы 1 Активность

auth: Use the new SSH_LOG function.

Просмотр исходного кода
Этот коммит содержится в:
Andreas Schneider 2011-09-17 10:29:49 +02:00
родитель c19c638d74
Коммит c2883c1f37
1 изменённых файлов: 63 добавлений и 43 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

106
src/auth.c
Просмотреть файл

@ -64,7 +64,15 @@
* again is necessary * again is necessary
*/ */
static int ssh_userauth_request_service(ssh_session session) { static int ssh_userauth_request_service(ssh_session session) {
return ssh_service_request(session,"ssh-userauth"); int rc;
rc = ssh_service_request(session, "ssh-userauth");
if (rc != SSH_OK) {
SSH_LOG(session, SSH_LOG_WARN,
"Failed to request \"ssh-userauth\" service");
}
return rc;
} }
static int ssh_auth_response_termination(void *user){ static int ssh_auth_response_termination(void *user){
@ -146,10 +154,10 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_banner){
enter_function(); enter_function();
banner = buffer_get_ssh_string(packet); banner = buffer_get_ssh_string(packet);
if (banner == NULL) { if (banner == NULL) {
ssh_log(session, SSH_LOG_RARE, SSH_LOG(session, SSH_LOG_WARN,
"Invalid SSH_USERAUTH_BANNER packet"); "Invalid SSH_USERAUTH_BANNER packet");
} else { } else {
ssh_log(session, SSH_LOG_PACKET, SSH_LOG(session, SSH_LOG_DEBUG,
"Received SSH_USERAUTH_BANNER packet"); "Received SSH_USERAUTH_BANNER packet");
if(session->banner != NULL) if(session->banner != NULL)
ssh_string_free(session->banner); ssh_string_free(session->banner);
@ -190,12 +198,12 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_failure){
if (partial) { if (partial) {
session->auth_state=SSH_AUTH_STATE_PARTIAL; session->auth_state=SSH_AUTH_STATE_PARTIAL;
ssh_log(session,SSH_LOG_PROTOCOL, SSH_LOG(session, SSH_LOG_INFO,
"Partial success. Authentication that can continue: %s", "Partial success. Authentication that can continue: %s",
auth_methods); auth_methods);
} else { } else {
session->auth_state=SSH_AUTH_STATE_FAILED; session->auth_state=SSH_AUTH_STATE_FAILED;
ssh_log(session, SSH_LOG_PROTOCOL, SSH_LOG(session, SSH_LOG_INFO,
"Access denied. Authentication that can continue: %s", "Access denied. Authentication that can continue: %s",
auth_methods); auth_methods);
ssh_set_error(session, SSH_REQUEST_DENIED, ssh_set_error(session, SSH_REQUEST_DENIED,
@ -236,16 +244,18 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_success){
(void)packet; (void)packet;
(void)type; (void)type;
(void)user; (void)user;
ssh_log(session,SSH_LOG_PACKET,"Received SSH_USERAUTH_SUCCESS");
ssh_log(session,SSH_LOG_PROTOCOL,"Authentication successful"); SSH_LOG(session, SSH_LOG_DEBUG, "Authentication successful");
SSH_LOG(session, SSH_LOG_TRACE, "Received SSH_USERAUTH_SUCCESS");
session->auth_state=SSH_AUTH_STATE_SUCCESS; session->auth_state=SSH_AUTH_STATE_SUCCESS;
session->session_state=SSH_SESSION_STATE_AUTHENTICATED; session->session_state=SSH_SESSION_STATE_AUTHENTICATED;
if(session->current_crypto && session->current_crypto->delayed_compress_out){ if(session->current_crypto && session->current_crypto->delayed_compress_out){
ssh_log(session,SSH_LOG_PROTOCOL,"Enabling delayed compression OUT"); SSH_LOG(session, SSH_LOG_DEBUG, "Enabling delayed compression OUT");
session->current_crypto->do_compress_out=1; session->current_crypto->do_compress_out=1;
} }
if(session->current_crypto && session->current_crypto->delayed_compress_in){ if(session->current_crypto && session->current_crypto->delayed_compress_in){
ssh_log(session,SSH_LOG_PROTOCOL,"Enabling delayed compression IN"); SSH_LOG(session,SSH_LOG_DEBUG, "Enabling delayed compression IN");
session->current_crypto->do_compress_in=1; session->current_crypto->do_compress_in=1;
} }
leave_function(); leave_function();
@ -263,14 +273,17 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_success){
SSH_PACKET_CALLBACK(ssh_packet_userauth_pk_ok){ SSH_PACKET_CALLBACK(ssh_packet_userauth_pk_ok){
int rc; int rc;
enter_function(); enter_function();
ssh_log(session,SSH_LOG_PACKET,"Received SSH_USERAUTH_PK_OK/INFO_REQUEST");
SSH_LOG(session, SSH_LOG_TRACE, "Received SSH_USERAUTH_PK_OK/INFO_REQUEST");
if(session->auth_state==SSH_AUTH_STATE_KBDINT_SENT){ if(session->auth_state==SSH_AUTH_STATE_KBDINT_SENT){
/* Assuming we are in keyboard-interactive context */ /* Assuming we are in keyboard-interactive context */
ssh_log(session,SSH_LOG_PACKET,"keyboard-interactive context, assuming SSH_USERAUTH_INFO_REQUEST"); SSH_LOG(session, SSH_LOG_TRACE,
"keyboard-interactive context, assuming SSH_USERAUTH_INFO_REQUEST");
rc=ssh_packet_userauth_info_request(session,type,packet,user); rc=ssh_packet_userauth_info_request(session,type,packet,user);
} else { } else {
session->auth_state=SSH_AUTH_STATE_PK_OK; session->auth_state=SSH_AUTH_STATE_PK_OK;
ssh_log(session,SSH_LOG_PACKET,"assuming SSH_USERAUTH_PK_OK"); SSH_LOG(session, SSH_LOG_TRACE, "Assuming SSH_USERAUTH_PK_OK");
rc=SSH_PACKET_USED; rc=SSH_PACKET_USED;
} }
leave_function(); leave_function();
@ -960,7 +973,8 @@ int ssh_userauth_agent(ssh_session session,
state->pubkey = ssh_agent_get_first_ident(session, &state->comment); state->pubkey = ssh_agent_get_first_ident(session, &state->comment);
while (state->pubkey != NULL) { while (state->pubkey != NULL) {
if(state->state == SSH_AGENT_STATE_NONE){ if(state->state == SSH_AGENT_STATE_NONE){
ssh_log(session, SSH_LOG_RARE, "Trying identity %s", state->comment); SSH_LOG(session, SSH_LOG_DEBUG,
"Trying identity %s", state->comment);
} }
if(state->state == SSH_AGENT_STATE_NONE || if(state->state == SSH_AGENT_STATE_NONE ||
state->state == SSH_AGENT_STATE_PUBKEY){ state->state == SSH_AGENT_STATE_PUBKEY){
@ -974,7 +988,8 @@ int ssh_userauth_agent(ssh_session session,
state->state = SSH_AGENT_STATE_PUBKEY; state->state = SSH_AGENT_STATE_PUBKEY;
return rc; return rc;
} else if (rc != SSH_AUTH_SUCCESS) { } else if (rc != SSH_AUTH_SUCCESS) {
ssh_log(session, SSH_LOG_PROTOCOL, "Public key of %s refused by server", state->comment); SSH_LOG(session, SSH_LOG_DEBUG,
"Public key of %s refused by server", state->comment);
ssh_string_free_char(state->comment); ssh_string_free_char(state->comment);
ssh_key_free(state->pubkey); ssh_key_free(state->pubkey);
state->pubkey = ssh_agent_get_next_ident(session, &state->comment); state->pubkey = ssh_agent_get_next_ident(session, &state->comment);
@ -982,7 +997,8 @@ int ssh_userauth_agent(ssh_session session,
continue; continue;
} }
ssh_log(session, SSH_LOG_PROTOCOL, "Public key of %s accepted by server", state->comment); SSH_LOG(session, SSH_LOG_DEBUG,
"Public key of %s accepted by server", state->comment);
state->state = SSH_AGENT_STATE_AUTH; state->state = SSH_AGENT_STATE_AUTH;
} }
if (state->state == SSH_AGENT_STATE_AUTH){ if (state->state == SSH_AGENT_STATE_AUTH){
@ -995,8 +1011,7 @@ int ssh_userauth_agent(ssh_session session,
SAFE_FREE(session->agent_state); SAFE_FREE(session->agent_state);
return rc; return rc;
} else if (rc != SSH_AUTH_SUCCESS) { } else if (rc != SSH_AUTH_SUCCESS) {
ssh_log(session, SSH_LOG(session, SSH_LOG_INFO,
SSH_LOG_RARE,
"Server accepted public key but refused the signature"); "Server accepted public key but refused the signature");
state->pubkey = ssh_agent_get_next_ident(session, &state->comment); state->pubkey = ssh_agent_get_next_ident(session, &state->comment);
state->state = SSH_AGENT_STATE_NONE; state->state = SSH_AGENT_STATE_NONE;
@ -1081,7 +1096,7 @@ int ssh_userauth_publickey_auto(ssh_session session,
ZERO_STRUCTP(session->auth_auto_state); ZERO_STRUCTP(session->auth_auto_state);
} }
state = session->auth_auto_state; state = session->auth_auto_state;
if (state->state == SSH_AUTH_AUTO_STATE_NONE){ if (state->state == SSH_AUTH_AUTO_STATE_NONE) {
#ifndef _WIN32 #ifndef _WIN32
/* Try authentication with ssh-agent first */ /* Try authentication with ssh-agent first */
rc = ssh_userauth_agent(session, username); rc = ssh_userauth_agent(session, username);
@ -1091,18 +1106,18 @@ int ssh_userauth_publickey_auto(ssh_session session,
if (rc == SSH_AUTH_AGAIN) if (rc == SSH_AUTH_AGAIN)
return rc; return rc;
#endif #endif
state->state = SSH_AUTH_AUTO_STATE_PUBKEY; state->state = SSH_AUTH_AUTO_STATE_PUBKEY;
} }
if (state->it == NULL) if (state->it == NULL) {
state->it = ssh_list_get_iterator(session->identity); state->it = ssh_list_get_iterator(session->identity);
}
while (state->it != NULL){ while (state->it != NULL){
const char *privkey_file = state->it->data; const char *privkey_file = state->it->data;
char pubkey_file[1024] = {0}; char pubkey_file[1024] = {0};
if (state->state == SSH_AUTH_AUTO_STATE_PUBKEY){ if (state->state == SSH_AUTH_AUTO_STATE_PUBKEY){
ssh_log(session, SSH_LOG(session, SSH_LOG_DEBUG,
SSH_LOG_PROTOCOL, "Trying to authenticate with %s", privkey_file);
"Trying to authenticate with %s",
privkey_file);
state->privkey = NULL; state->privkey = NULL;
state->pubkey = NULL; state->pubkey = NULL;
snprintf(pubkey_file, sizeof(pubkey_file), "%s.pub", privkey_file); snprintf(pubkey_file, sizeof(pubkey_file), "%s.pub", privkey_file);
@ -1131,8 +1146,7 @@ int ssh_userauth_publickey_auto(ssh_session session,
continue; continue;
} else if (rc == SSH_EOF) { } else if (rc == SSH_EOF) {
/* If the file doesn't exist, continue */ /* If the file doesn't exist, continue */
ssh_log(session, SSH_LOG(session, SSH_LOG_DEBUG,
SSH_LOG_PACKET,
"Private key %s doesn't exist.", "Private key %s doesn't exist.",
privkey_file); privkey_file);
state->it=state->it->next; state->it=state->it->next;
@ -1148,8 +1162,8 @@ int ssh_userauth_publickey_auto(ssh_session session,
rc = ssh_pki_export_pubkey_file(state->pubkey, pubkey_file); rc = ssh_pki_export_pubkey_file(state->pubkey, pubkey_file);
if (rc == SSH_ERROR) { if (rc == SSH_ERROR) {
ssh_log(session, SSH_LOG(session,
SSH_LOG_PACKET, SSH_LOG_WARN,
"Could not write public key to file: %s", "Could not write public key to file: %s",
pubkey_file); pubkey_file);
} }
@ -1159,8 +1173,8 @@ int ssh_userauth_publickey_auto(ssh_session session,
if (state->state == SSH_AUTH_AUTO_STATE_KEY_IMPORTED){ if (state->state == SSH_AUTH_AUTO_STATE_KEY_IMPORTED){
rc = ssh_userauth_try_publickey(session, username, state->pubkey); rc = ssh_userauth_try_publickey(session, username, state->pubkey);
if (rc == SSH_AUTH_ERROR) { if (rc == SSH_AUTH_ERROR) {
ssh_log(session, SSH_LOG(session,
SSH_LOG_RARE, SSH_LOG_WARN,
"Public key authentication error for %s", "Public key authentication error for %s",
privkey_file); privkey_file);
ssh_key_free(state->privkey); ssh_key_free(state->privkey);
@ -1170,8 +1184,8 @@ int ssh_userauth_publickey_auto(ssh_session session,
} else if (rc == SSH_AUTH_AGAIN){ } else if (rc == SSH_AUTH_AGAIN){
return rc; return rc;
} else if (rc != SSH_AUTH_SUCCESS) { } else if (rc != SSH_AUTH_SUCCESS) {
ssh_log(session, SSH_LOG(session,
SSH_LOG_PROTOCOL, SSH_LOG_DEBUG,
"Public key for %s refused by server", "Public key for %s refused by server",
privkey_file); privkey_file);
ssh_key_free(state->privkey); ssh_key_free(state->privkey);
@ -1203,8 +1217,8 @@ int ssh_userauth_publickey_auto(ssh_session session,
/* If the file doesn't exist, continue */ /* If the file doesn't exist, continue */
ssh_key_free(state->pubkey); ssh_key_free(state->pubkey);
state->pubkey=NULL; state->pubkey=NULL;
ssh_log(session, SSH_LOG(session,
SSH_LOG_PACKET, SSH_LOG_INFO,
"Private key %s doesn't exist.", "Private key %s doesn't exist.",
privkey_file); privkey_file);
state->it=state->it->next; state->it=state->it->next;
@ -1222,8 +1236,8 @@ int ssh_userauth_publickey_auto(ssh_session session,
if (rc == SSH_AUTH_ERROR) { if (rc == SSH_AUTH_ERROR) {
return rc; return rc;
} else if (rc == SSH_AUTH_SUCCESS) { } else if (rc == SSH_AUTH_SUCCESS) {
ssh_log(session, SSH_LOG(session,
SSH_LOG_PROTOCOL, SSH_LOG_INFO,
"Successfully authenticated using %s", "Successfully authenticated using %s",
privkey_file); privkey_file);
return rc; return rc;
@ -1231,16 +1245,16 @@ int ssh_userauth_publickey_auto(ssh_session session,
return rc; return rc;
} }
ssh_log(session, SSH_LOG(session,
SSH_LOG_RARE, SSH_LOG_WARN,
"The server accepted the public key but refused the signature"); "The server accepted the public key but refused the signature");
state->it=state->it->next; state->it=state->it->next;
state->state=SSH_AUTH_AUTO_STATE_PUBKEY; state->state=SSH_AUTH_AUTO_STATE_PUBKEY;
/* continue */ /* continue */
} }
} }
ssh_log(session, SSH_LOG(session,
SSH_LOG_PROTOCOL, SSH_LOG_INFO,
"Tried every public key, none matched"); "Tried every public key, none matched");
SAFE_FREE(session->auth_auto_state); SAFE_FREE(session->auth_auto_state);
return SSH_AUTH_DENIED; return SSH_AUTH_DENIED;
@ -1600,7 +1614,10 @@ static int ssh_userauth_kbdint_init(ssh_session session,
session->auth_state = SSH_AUTH_STATE_KBDINT_SENT; session->auth_state = SSH_AUTH_STATE_KBDINT_SENT;
session->pending_call_state = SSH_PENDING_CALL_AUTH_KBDINT_INIT; session->pending_call_state = SSH_PENDING_CALL_AUTH_KBDINT_INIT;
ssh_log(session,SSH_LOG_PROTOCOL,"Sending keyboard-interactive init request");
SSH_LOG(session, SSH_LOG_DEBUG,
"Sending keyboard-interactive init request");
rc = packet_send(session); rc = packet_send(session);
if (rc == SSH_ERROR) { if (rc == SSH_ERROR) {
return SSH_AUTH_ERROR; return SSH_AUTH_ERROR;
@ -1671,7 +1688,9 @@ static int ssh_userauth_kbdint_send(ssh_session session)
session->pending_call_state = SSH_PENDING_CALL_AUTH_KBDINT_SEND; session->pending_call_state = SSH_PENDING_CALL_AUTH_KBDINT_SEND;
ssh_kbdint_free(session->kbdint); ssh_kbdint_free(session->kbdint);
session->kbdint = NULL; session->kbdint = NULL;
ssh_log(session,SSH_LOG_PROTOCOL,"Sending keyboard-interactive response packet");
SSH_LOG(session, SSH_LOG_DEBUG,
"Sending keyboard-interactive response packet");
rc = packet_send(session); rc = packet_send(session);
if (rc == SSH_ERROR) { if (rc == SSH_ERROR) {
@ -1754,7 +1773,8 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_request) {
} }
nprompts = ntohl(nprompts); nprompts = ntohl(nprompts);
ssh_log(session,SSH_LOG_PACKET,"kbdint: %d prompts",nprompts); SSH_LOG(session, SSH_LOG_DEBUG,
"%d keyboard-interactive prompts", nprompts);
if (nprompts > KBDINT_MAX_PROMPT) { if (nprompts > KBDINT_MAX_PROMPT) {
ssh_set_error(session, SSH_FATAL, ssh_set_error(session, SSH_FATAL,
"Too much prompts requested by the server: %u (0x%.4x)", "Too much prompts requested by the server: %u (0x%.4x)",