diff options
| author | Aris Adamantiadis <aris@0xbadc0de.be> | 2009-12-20 18:05:02 +0100 |
|---|---|---|
| committer | Aris Adamantiadis <aris@0xbadc0de.be> | 2009-12-20 18:05:02 +0100 |
| commit | 2e22d6ef9931156d837f6747aa9e46943bc51edb (patch) | |
| tree | db9269139bbaa5d736923e3a65801be5cdab4d01 | |
| parent | 6509b6e7421f480e481d087d613f334779cfb38b (diff) | |
| download | libssh-2e22d6ef9931156d837f6747aa9e46943bc51edb.tar.gz libssh-2e22d6ef9931156d837f6747aa9e46943bc51edb.tar.xz libssh-2e22d6ef9931156d837f6747aa9e46943bc51edb.zip | |
Add key validation in server side authentication
| -rw-r--r-- | include/libssh/libssh.h | 7 | ||||
| -rw-r--r-- | include/libssh/server.h | 1 | ||||
| -rw-r--r-- | libssh/messages.c | 10 | ||||
| -rw-r--r-- | libssh/server.c | 7 |
4 files changed, 20 insertions, 5 deletions
diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h index 4ea7430b..114b9931 100644 --- a/include/libssh/libssh.h +++ b/include/libssh/libssh.h @@ -186,6 +186,13 @@ enum ssh_channel_requests_e { SSH_CHANNEL_REQUEST_WINDOW_CHANGE, }; +enum ssh_publickey_state_e { + SSH_PUBLICKEY_STATE_ERROR=-1, + SSH_PUBLICKEY_STATE_NONE=0, + SSH_PUBLICKEY_STATE_VALID=1, + SSH_PUBLICKEY_STATE_WRONG=2 +}; + /* status flags */ #define SSH_CLOSED 0x01 #define SSH_READ_PENDING 0x02 diff --git a/include/libssh/server.h b/include/libssh/server.h index 9bfade62..993a1402 100644 --- a/include/libssh/server.h +++ b/include/libssh/server.h @@ -148,6 +148,7 @@ LIBSSH_API int ssh_message_reply_default(ssh_message msg); LIBSSH_API char *ssh_message_auth_user(ssh_message msg); LIBSSH_API char *ssh_message_auth_password(ssh_message msg); LIBSSH_API ssh_public_key ssh_message_auth_publickey(ssh_message msg); +LIBSSH_API enum ssh_publickey_state_e ssh_message_auth_publickey_state(ssh_message msg); LIBSSH_API int ssh_message_auth_reply_success(ssh_message msg,int partial); LIBSSH_API int ssh_message_auth_reply_pk_ok(ssh_message msg, ssh_string algo, ssh_string pubkey); LIBSSH_API int ssh_message_auth_set_methods(ssh_message msg, int methods); diff --git a/libssh/messages.c b/libssh/messages.c index c6cec583..6d0d62d8 100644 --- a/libssh/messages.c +++ b/libssh/messages.c @@ -220,7 +220,7 @@ static ssh_message handle_userauth_request(ssh_session session){ if (msg->auth_request.public_key == NULL) { goto error; } - msg->auth_request.signature_state = 0; + msg->auth_request.signature_state = SSH_PUBLICKEY_STATE_NONE; // has a valid signature ? if(has_sign) { SIGNATURE *signature = NULL; @@ -231,7 +231,7 @@ static ssh_message handle_userauth_request(ssh_session session){ sign = buffer_get_ssh_string(session->in_buffer); if(sign == NULL) { ssh_log(session, SSH_LOG_PACKET, "Invalid signature packet from peer"); - msg->auth_request.signature_state = -2; + msg->auth_request.signature_state = SSH_PUBLICKEY_STATE_ERROR; goto error; } signature = signature_from_string(session, sign, public_key, @@ -241,7 +241,7 @@ static ssh_message handle_userauth_request(ssh_session session){ (digest != NULL && signature != NULL && sig_verify(session, public_key, signature, buffer_get(digest), buffer_get_len(digest)) < 0)) { - ssh_log(session, SSH_LOG_PACKET, "Invalid signature from peer"); + ssh_log(session, SSH_LOG_PACKET, "Wrong signature from peer"); string_free(sign); sign = NULL; @@ -250,7 +250,7 @@ static ssh_message handle_userauth_request(ssh_session session){ signature_free(signature); signature = NULL; - msg->auth_request.signature_state = -1; + msg->auth_request.signature_state = SSH_PUBLICKEY_STATE_WRONG; goto error; } else @@ -263,7 +263,7 @@ static ssh_message handle_userauth_request(ssh_session session){ signature_free(signature); signature = NULL; - msg->auth_request.signature_state = 1; + msg->auth_request.signature_state = SSH_PUBLICKEY_STATE_VALID; } SAFE_FREE(service_c); leave_function(); diff --git a/libssh/server.c b/libssh/server.c index d465c81e..bb260e3f 100644 --- a/libssh/server.c +++ b/libssh/server.c @@ -760,6 +760,13 @@ ssh_public_key ssh_message_auth_publickey(ssh_message msg){ return msg->auth_request.public_key; } +enum ssh_publickey_state_e ssh_message_auth_publickey_state(ssh_message msg){ + if (msg == NULL) { + return -1; + } + return msg->auth_request.signature_state; +} + int ssh_message_auth_set_methods(ssh_message msg, int methods) { if (msg == NULL || msg->session == NULL) { return -1; |