diff options
| author | Andreas Schneider <mail@cynapses.org> | 2009-04-30 13:58:20 +0000 |
|---|---|---|
| committer | Andreas Schneider <mail@cynapses.org> | 2009-04-30 13:58:20 +0000 |
| commit | 567cc5984abc6b1380f8a807a0a8f197bb8a3b93 (patch) | |
| tree | e8a58771a88ff810214c93ed27db853a632a4abb | |
| parent | 06a0dea2add09bdadc870a7f664c17c00a326f89 (diff) | |
| download | libssh-567cc5984abc6b1380f8a807a0a8f197bb8a3b93.tar.gz libssh-567cc5984abc6b1380f8a807a0a8f197bb8a3b93.tar.xz libssh-567cc5984abc6b1380f8a807a0a8f197bb8a3b93.zip | |
Improve the autopubkey authentication.
git-svn-id: svn+ssh://svn.berlios.de/svnroot/repos/libssh/trunk@658 7dcaeef0-15fb-0310-b436-a5af3365683c
| -rw-r--r-- | include/libssh/libssh.h | 6 | ||||
| -rw-r--r-- | libssh/CMakeLists.txt | 1 | ||||
| -rw-r--r-- | libssh/auth.c | 13 | ||||
| -rw-r--r-- | libssh/keyfiles.c | 33 | ||||
| -rw-r--r-- | libssh/libssh.map | 2 |
5 files changed, 22 insertions, 33 deletions
diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h index d2e6219..828655e 100644 --- a/include/libssh/libssh.h +++ b/include/libssh/libssh.h @@ -256,9 +256,9 @@ PUBLIC_KEY *publickey_from_privatekey(PRIVATE_KEY *prv); void privatekey_free(PRIVATE_KEY *prv); STRING *publickey_from_file(SSH_SESSION *session, const char *filename, int *type); -STRING *publickey_from_next_file(SSH_SESSION *session, - struct keys_struct *keytab, size_t keytab_size, - char **privkeyfile, int *type, unsigned int *count); +STRING *try_publickey_from_file(SSH_SESSION *session, + struct keys_struct keytab, + char **privkeyfile, int *type); int ssh_is_server_known(SSH_SESSION *session); int ssh_write_knownhost(SSH_SESSION *session); diff --git a/libssh/CMakeLists.txt b/libssh/CMakeLists.txt index 260d743..114a026 100644 --- a/libssh/CMakeLists.txt +++ b/libssh/CMakeLists.txt @@ -88,6 +88,7 @@ set(libssh_SRCS socket.c string.c wrapper.c + libssh.map ) if (WITH_SFTP) diff --git a/libssh/auth.c b/libssh/auth.c index ea25134..235ec23 100644 --- a/libssh/auth.c +++ b/libssh/auth.c @@ -738,7 +738,7 @@ int ssh_userauth_autopubkey(SSH_SESSION *session, const char *passphrase) { char *privkeyfile = NULL; char *id = NULL; size_t size; - unsigned int count = 0; + unsigned int i = 0; int type = 0; int rc; @@ -834,8 +834,15 @@ int ssh_userauth_autopubkey(SSH_SESSION *session, const char *passphrase) { keytab[size - 1].public = id; } - while ((pubkey = publickey_from_next_file(session, keytab, size, - &privkeyfile, &type, &count))) { + for (i = 0, pubkey = try_publickey_from_file(session, keytab[i], + &privkeyfile, &type); + i < size; + pubkey = try_publickey_from_file(session, keytab[++i], + &privkeyfile, &type)) { + if (pubkey == NULL) { + continue; + } + rc = ssh_userauth_offer_pubkey(session, NULL, type, pubkey); if (rc == SSH_AUTH_ERROR){ if (id != NULL) { diff --git a/libssh/keyfiles.c b/libssh/keyfiles.c index b6f84da..6b2cbec 100644 --- a/libssh/keyfiles.c +++ b/libssh/keyfiles.c @@ -919,18 +919,8 @@ STRING *publickey_from_file(SSH_SESSION *session, const char *filename, return str; } - -/* - * Why a recursive function? - * - * publickey_from_next_file() will be executed until NULL is returned - * We can't return NULL if one of the possible keys is wrong. We want to - * test them before getting over - */ -STRING *publickey_from_next_file(SSH_SESSION *session, - struct keys_struct *keytab, size_t keytab_size, - char **privkeyfile, int *type, - unsigned int *count) { +STRING *try_publickey_from_file(SSH_SESSION *session, struct keys_struct keytab, + char **privkeyfile, int *type) { static char *home = NULL; char public[256] = {0}; @@ -948,36 +938,28 @@ STRING *publickey_from_next_file(SSH_SESSION *session, } } - if (*count >= keytab_size) { - return NULL; - } - - pub = keytab[*count].public; + pub = keytab.public; if (pub == NULL) { return NULL; } - priv = keytab[*count].private; + priv = keytab.private; if (priv == NULL) { return NULL; } - (*count)++; - /* are them readable ? */ snprintf(public, sizeof(public), pub, home); ssh_log(session, SSH_LOG_PACKET, "Trying to open public key %s", public); if (!ssh_file_readaccess_ok(public)) { ssh_log(session, SSH_LOG_PACKET, "Failed"); - return publickey_from_next_file(session, keytab, keytab_size, - privkeyfile, type, count); + return NULL; } snprintf(private, sizeof(private), priv, home); ssh_log(session, SSH_LOG_PACKET, "Trying to open private key %s", private); if (!ssh_file_readaccess_ok(private)) { ssh_log(session, SSH_LOG_PACKET, "Failed"); - return publickey_from_next_file(session, keytab, keytab_size, - privkeyfile, type, count); + return NULL; } ssh_log(session, SSH_LOG_PACKET, "Success reading public and private key"); @@ -992,8 +974,7 @@ STRING *publickey_from_next_file(SSH_SESSION *session, "Wasn't able to open public key file %s: %s", public, ssh_get_error(session)); - return publickey_from_next_file(session, keytab, keytab_size, - privkeyfile, type, count); + return NULL; } new = realloc(*privkeyfile, strlen(private) + 1); diff --git a/libssh/libssh.map b/libssh/libssh.map index a6e13da..c28d2e1 100644 --- a/libssh/libssh.map +++ b/libssh/libssh.map @@ -12,7 +12,7 @@ SSH_0.3 { ssh_get_pubkey_hash; ssh_get_pubkey; ssh_fd_poll; ssh_select; publickey_free; privatekey_from_file; publickey_to_string; publickey_from_privatekey; - private_key_free; publickey_from_file; publickey_from_next_file; + private_key_free; publickey_from_file; try_publickey_from_file; ssh_is_server_known; ssh_write_knownhost; channel_new; channel_open_forward; channel_open_session; channel_free; channel_request_pty; channel_request_pty_size; channel_change_pty_size; |