Add a more generic auth callback function.

You should be able to obtain passwords or usernames with this function. Signed-off-by: Andreas Schneider <mail@cynapses.org> git-svn-id: svn+ssh://svn.berlios.de/svnroot/repos/libssh/trunk@198 7dcaeef0-15fb-0310-b436-a5af3365683c
2008-12-29 11:33:51 +00:00 · 2008-12-29 11:33:51 +00:00 · f9f8ded7f0
--- a/include/libssh/libssh.h
+++ b/include/libssh/libssh.h
@ -216,7 +216,7 @@ void publickey_free(PUBLIC_KEY *key);
 /* in keyfiles.c */
-PRIVATE_KEY *privatekey_from_file(SSH_SESSION *session,char *filename,int type,char *passphrase);
+PRIVATE_KEY *privatekey_from_file(SSH_SESSION *session,char *filename,int type,const char *passphrase);
 STRING *publickey_to_string(PUBLIC_KEY *key);
 PUBLIC_KEY *publickey_from_privatekey(PRIVATE_KEY *prv);
 void private_key_free(PRIVATE_KEY *prv);
@ -253,6 +253,22 @@ int channel_select(CHANNEL **readchans, CHANNEL **writechans, CHANNEL **exceptch
        timeval * timeout);
 /* in options.c */
 /**
 * @brief SSH authentication callback.
 *
 * @param prompt        Prompt to be displayed.
 * @param buf           Buffer to save the password. You should null-terminate it.
 * @param len           Length of the buffer.
 * @param echo          Enable or disable the echo of what you type.
 * @param verify        Should the password be verified?
 * @param userdata      Userdata to be passed to the callback function. Useful
 *                      for GUI applications.
 *
 * @return              0 on success, < 0 on error.
 */
 typedef int (*ssh_auth_callback) (const char *prompt, char *buf, size_t len,
    int echo, int verify, void *userdata);
 SSH_OPTIONS *ssh_options_new();
 SSH_OPTIONS *ssh_options_copy(SSH_OPTIONS *opt);
 int ssh_options_set_wanted_algos(SSH_OPTIONS *opt, int algo, const char *list);
@ -276,6 +292,17 @@ void ssh_options_set_log_function(SSH_OPTIONS *opt,
    void (*callback)(const char *message, SSH_SESSION *session, int verbosity ));
 void ssh_options_set_log_verbosity(SSH_OPTIONS *opt, int verbosity);
 /**
 * @brief Set the authentication callback.
 *
 * @param opt           The options structure to use.
 * @param cb            The callback function to use.
 * @param userdata      A pointer to some user data you can pass to the
 *                      callback.
 */
 void ssh_options_set_auth_callback(SSH_OPTIONS *opt, ssh_auth_callback cb,
    void *userdata);
 /* buffer.c */
@ -299,7 +326,7 @@ int ssh_userauth_none(SSH_SESSION *session, const char *username);
 int ssh_userauth_password(SSH_SESSION *session, const char *username, const char *password);
 int ssh_userauth_offer_pubkey(SSH_SESSION *session, const char *username, int type, STRING *publickey);
 int ssh_userauth_pubkey(SSH_SESSION *session, const char *username, STRING *publickey, PRIVATE_KEY *privatekey);
-int ssh_userauth_autopubkey(SSH_SESSION *session);
+int ssh_userauth_autopubkey(SSH_SESSION *session, const char *passphrase);
 int ssh_userauth_kbdint(SSH_SESSION *session, const char *user, const char *submethods);
 int ssh_userauth_kbdint_getnprompts(SSH_SESSION *session);
 char *ssh_userauth_kbdint_getname(SSH_SESSION *session);
--- a/include/libssh/priv.h
+++ b/include/libssh/priv.h
@ -228,7 +228,8 @@ struct ssh_options_struct {
    int use_nonexisting_algo; /* if user sets a not supported algorithm for kex, don't complain */
    char *wanted_methods[10]; /* the kex methods can be choosed. better use the kex fonctions to do that */
    void *wanted_cookie; /* wants a specific cookie to be sent ? if null, generate a new one */
-    void *passphrase_function; /* this functions will be called if a keyphrase is needed. look keyfiles.c for more info */
+    ssh_auth_callback auth_function; /* this functions will be called if e.g. a keyphrase is needed. */
    void *auth_userdata;
    void (*connect_status_function)(void *arg, float status); /* status callback function */
    void *connect_status_arg; /* arbitrary argument */
    long timeout; /* seconds */
--- a/libssh/auth.c
+++ b/libssh/auth.c
@ -405,6 +405,9 @@ static char *pub_keys_path[]={NULL,"%s/.ssh/identity.pub","%s/.ssh/id_dsa.pub","
 * asker for passphrases (in case the private key is encrypted)
 * \brief Tries to automaticaly authenticate with public key and "none"
 * \param session ssh session
 * \param passphrase use this passphrase to unlock the privatekey. Use
 *                   NULL if you don't want to use a passphrase or the
 *                   user should be asked.
 * \returns SSH_AUTH_ERROR : a serious error happened\n
 * SSH_AUTH_DENIED : Authentication failed : use another method\n
 * SSH_AUTH_PARTIAL : You've been partially authenticated, you still have to use another method\n
@ -414,7 +417,7 @@ static char *pub_keys_path[]={NULL,"%s/.ssh/identity.pub","%s/.ssh/id_dsa.pub","
 * \see ssh_options_set_identity()
 */
-int ssh_userauth_autopubkey(SSH_SESSION *session){
+int ssh_userauth_autopubkey(SSH_SESSION *session, const char *passphrase) {
    int count=1; /* bypass identity */
    int type=0;
    int err;
@ -460,7 +463,7 @@ int ssh_userauth_autopubkey(SSH_SESSION *session){
            continue;
        }
        /* pubkey accepted by server ! */
-        privkey=privatekey_from_file(session,privkeyfile,type,NULL);
+        privkey=privatekey_from_file(session,privkeyfile,type,passphrase);
        if(!privkey){
            ssh_say(0,"Reading private key %s failed (bad passphrase ?)\n",privkeyfile);
            free(pubkey);
--- a/libssh/keyfiles.c
+++ b/libssh/keyfiles.c
@ -192,22 +192,29 @@ int passphrase_to_key(char *data, unsigned int datalen, unsigned char *salt, uns
 int privatekey_decrypt(int algo, int mode, unsigned int key_len,
                       unsigned char *iv, unsigned int iv_len,
-                       BUFFER *data, int cb(char *,int , int , char *),
+                       BUFFER *data, ssh_auth_callback cb,
                       void *userdata,
                       char *desc)
 {
  gcry_cipher_hd_t cipher;
-  unsigned int passphrase_len;
+  int rc = -1;
-  char passphrase[MAX_PASSPHRASE_SIZE];
+  char passphrase[MAX_PASSPHRASE_SIZE] = {0};
-  unsigned char key[MAX_KEY_SIZE];
+  unsigned char key[MAX_KEY_SIZE] = {0};
  unsigned char *tmp;
  gcry_error_t err;
  if (!algo)
    return 1;
-  passphrase_len=cb(passphrase, MAX_PASSPHRASE_SIZE, 0, desc);
+
-  if (passphrase_len <= 0)
+  if (cb) {
-    return 0;
+    rc = (*cb)(desc, passphrase, MAX_PASSPHRASE_SIZE, 0, 0, userdata);
-  passphrase_to_key(passphrase, passphrase_len, iv, key, key_len);
+    if (rc < 0) {
      return 0;
    }
  } else if (cb == NULL && userdata != NULL) {
    sprintf(buf, MAX_PASSPHRASE_SIZE, "%s", userdata);
  }
  passphrase_to_key(passphrase, strlen(passphrase), iv, key, key_len);
  if (gcry_cipher_open(&cipher, algo, mode, 0)
      || gcry_cipher_setkey(cipher, key, key_len)
      || gcry_cipher_setiv(cipher, iv, iv_len)
@ -274,7 +281,7 @@ int privatekey_dek_header(char *header, unsigned int header_len, int *algo, int
  return 1;
 }
-BUFFER *privatekey_file_to_buffer(FILE *fp, int type, int cb(char *, int , int , char *), char *desc)
+BUFFER *privatekey_file_to_buffer(FILE *fp, int type, ssh_auth_callback cb, void *userdata, char *desc)
 {
  char buf[MAXLINESIZE];
  char *header_begin;
@ -353,7 +360,7 @@ BUFFER *privatekey_file_to_buffer(FILE *fp, int type, int cb(char *, int , int ,
  buffer_free(buffer);
  if (algo)
  {
-    if (!privatekey_decrypt(algo, mode, key_len, iv, iv_len, ret, cb, desc))
+    if (!privatekey_decrypt(algo, mode, key_len, iv, iv_len, ret, cb, userdata, desc))
    {
      free(iv);
      return NULL;
@ -364,7 +371,7 @@ BUFFER *privatekey_file_to_buffer(FILE *fp, int type, int cb(char *, int , int ,
 }
 int read_rsa_privatekey(FILE *fp, gcry_sexp_t *r,
-                        int cb(char *, int , int , char *), char *desc)
+                        ssh_auth_callback cb, void *userdata, char *desc)
 {
  STRING *n;
  STRING *e;
@ -377,7 +384,7 @@ int read_rsa_privatekey(FILE *fp, gcry_sexp_t *r,
  STRING *v;
  BUFFER *buffer;
-  if (!(buffer=privatekey_file_to_buffer(fp, TYPE_RSA, cb, desc)))
+  if (!(buffer=privatekey_file_to_buffer(fp, TYPE_RSA, cb, userdata, desc)))
    return 0;
  if (!asn1_check_sequence(buffer))
  {
@ -414,7 +421,7 @@ int read_rsa_privatekey(FILE *fp, gcry_sexp_t *r,
  return 1;
 }
-int read_dsa_privatekey(FILE *fp, gcry_sexp_t *r, int cb(char *, int , int , char *), char *desc)
+int read_dsa_privatekey(FILE *fp, gcry_sexp_t *r, ssh_auth_callback cb, void *userdata; char *desc)
 {
  STRING *p;
  STRING *q;
@ -424,7 +431,7 @@ int read_dsa_privatekey(FILE *fp, gcry_sexp_t *r, int cb(char *, int , int , cha
  STRING *v;
  BUFFER *buffer;
-  if (!(buffer=privatekey_file_to_buffer(fp, TYPE_DSS, cb, desc)))
+  if (!(buffer=privatekey_file_to_buffer(fp, TYPE_DSS, cb, userdata, desc)))
    return 0;
  if (!asn1_check_sequence(buffer))
  {
@ -456,18 +463,23 @@ int read_dsa_privatekey(FILE *fp, gcry_sexp_t *r, int cb(char *, int , int , cha
 }
 #endif /* GCRYPT */
 static int pem_get_password(char *buf, int size, int rwflag, void *userdata) {
  SSH_SESSION *session = userdata;
-/* completely deprecated */
+  ZERO_STRUCTP(buf);
-static int default_get_password(char *buf, int size,int rwflag, char *descr){
+
-	memset(buf,0,size);
+  if (session && session->options->auth_function) {
-	return 0;
+    if ((*session->options->auth_function)("Passphrase for private key:", buf, size, 0, 0,
-}
+        session->options->auth_userdata ? session->options->auth_userdata : NULL) < 0) {
      return 0;
    }
 /* in case the passphrase has been given in parameter */
 static int get_password_specified(char *buf,int size, int rwflag, char *password){
    snprintf(buf,size,"%s",password);
    return strlen(buf);
  }
  return 0;
 }
 /** \addtogroup ssh_auth
 * @{
 */
@ -481,9 +493,11 @@ static int get_password_specified(char *buf,int size, int rwflag, char *password
 * \see private_key_free()
 * \see publickey_from_privatekey()
 */
-PRIVATE_KEY  *privatekey_from_file(SSH_SESSION *session,char *filename,int type,char *passphrase){
+PRIVATE_KEY  *privatekey_from_file(SSH_SESSION *session,char *filename,int type, const char *passphrase){
    FILE *file=fopen(filename,"r");
    PRIVATE_KEY *privkey;
    ssh_auth_callback auth_cb = NULL;
    void *auth_ud = NULL;
 #ifdef HAVE_LIBGCRYPT
    gcry_sexp_t dsa=NULL;
    gcry_sexp_t rsa=NULL;
@ -498,24 +512,28 @@ PRIVATE_KEY  *privatekey_from_file(SSH_SESSION *session,char *filename,int type,
    }
    if(type==TYPE_DSS){
        if(!passphrase){
-            if(session && session->options->passphrase_function)
+          if (session && session->options->auth_function) {
            auth_cb = session->options->auth_function;
            if (session->options->auth_userdata) {
              auth_ud = session->options->auth_userdata;
            }
 #ifdef HAVE_LIBGCRYPT
-                valid = read_dsa_privatekey(file,&dsa, session->options->passphrase_function,"DSA private key");
+            valid = read_dsa_privatekey(file,&dsa, auth_cb, auth_ud, "Passphrase for private key:");
-            else
+          }
-                valid = read_dsa_privatekey(file,&dsa,(void *)default_get_password, "DSA private key");
+        } else {
          valid = read_dsa_privatekey(file,&dsa, NULL, passphrase, NULL);
        }
        else
            valid = read_dsa_privatekey(file,&dsa,(void *)get_password_specified,passphrase);
        fclose(file);
-        if(!valid){
+        if(!valid) {
-            ssh_set_error(session,SSH_FATAL,"parsing private key %s",filename);
+          ssh_set_error(session,SSH_FATAL,"parsing private key %s",filename);
 #elif defined HAVE_LIBCRYPTO
-                dsa=PEM_read_DSAPrivateKey(file,NULL, session->options->passphrase_function,"DSA private key");
+            dsa = PEM_read_DSAPrivateKey(file,NULL, pem_get_password, session);
-            else
+          } else {
-                dsa=PEM_read_DSAPrivateKey(file,NULL,(void *)default_get_password, "DSA private key");
+            dsa = PEM_read_DSAPrivateKey(file,NULL, NULL, NULL);
          }
        } else {
          dsa = PEM_read_DSAPrivateKey(file, NULL, NULL, (void *) passphrase);
        }
        else
            dsa=PEM_read_DSAPrivateKey(file,NULL,(void *)get_password_specified,passphrase);
        fclose(file);
        if(!dsa){
            ssh_set_error(session,SSH_FATAL,"parsing private key %s"
@ -526,24 +544,28 @@ PRIVATE_KEY  *privatekey_from_file(SSH_SESSION *session,char *filename,int type,
    }
    else if (type==TYPE_RSA){
        if(!passphrase){
-            if(session && session->options->passphrase_function)
+            if(session && session->options->auth_function) {
              auth_cb = session->options->auth_function;
              if (session->options->auth_userdata) {
                auth_ud = session->options->auth_userdata;
              }
 #ifdef HAVE_LIBGCRYPT
-                valid = read_rsa_privatekey(file,&rsa, session->options->passphrase_function,"RSA private key");
+              valid = read_rsa_privatekey(file, &rsa, auth_cb, auth_ud, "Passphrase for private key:");
-            else
+            }
-                valid = read_rsa_privatekey(file,&rsa,(void *)default_get_password, "RSA private key");
+        } else {
            valid = read_rsa_privatekey(file, &rsa, NULL, passphrase, NULL);
        }
        else
            valid = read_rsa_privatekey(file,&rsa,(void *)get_password_specified,passphrase);
        fclose(file);
        if(!valid){
            ssh_set_error(session,SSH_FATAL,"parsing private key %s",filename);
 #elif defined HAVE_LIBCRYPTO
-                rsa=PEM_read_RSAPrivateKey(file,NULL, session->options->passphrase_function,"RSA private key");
+              rsa = PEM_read_RSAPrivateKey(file, NULL, pem_get_password, session);
-            else
+            } else {
-                rsa=PEM_read_RSAPrivateKey(file,NULL,(void *)default_get_password, "RSA private key");
+              rsa = PEM_read_RSAPrivateKey(file, NULL, NULL, NULL);
            }
        } else {
          rsa = PEM_read_RSAPrivateKey(file, NULL, NULL, (void *) passphrase);
        }
        else
            rsa=PEM_read_RSAPrivateKey(file,NULL,(void *)get_password_specified,passphrase);
        fclose(file);
        if(!rsa){
            ssh_set_error(session,SSH_FATAL,"parsing private key %s"
--- a/libssh/options.c
+++ b/libssh/options.c
@ -101,7 +101,8 @@ SSH_OPTIONS *ssh_options_copy(SSH_OPTIONS *opt){
    for(i=0;i<10;++i)
        if(opt->wanted_methods[i])
            ret->wanted_methods[i]=strdup(opt->wanted_methods[i]);
-    ret->passphrase_function=opt->passphrase_function;
+    ret->auth_function=opt->auth_function;
    ret->auth_userdata=opt->auth_userdata;
    ret->connect_status_function=opt->connect_status_function;
    ret->connect_status_arg=opt->connect_status_arg;
    ret->timeout=opt->timeout;
@ -571,6 +572,14 @@ int ssh_options_getopt(SSH_OPTIONS *options, int *argcptr, char **argv){
        return 0 ;   
 }
 void ssh_options_set_auth_callback(SSH_OPTIONS *opt, ssh_auth_callback cb,
    void *userdata) {
  if (opt == NULL) {
    return;
  }
  opt->auth_function = cb;
  opt->auth_userdata = userdata;
 }
 /** @} */
--- a/sample.c
+++ b/sample.c
@ -454,7 +454,7 @@ int main(int argc, char **argv){
    printf("\n");
    /* no ? you should :) */
-    auth=ssh_userauth_autopubkey(session);
+    auth=ssh_userauth_autopubkey(session, NULL);
    if(auth==SSH_AUTH_ERROR){
        fprintf(stderr,"Authenticating with pubkey: %s\n",ssh_get_error(session));
 	    ssh_finalize();