diff options
| -rw-r--r-- | include/libssh/session.h | 6 | ||||
| -rw-r--r-- | src/bind.c | 32 | ||||
| -rw-r--r-- | src/server.c | 59 | ||||
| -rw-r--r-- | src/session.c | 5 |
4 files changed, 41 insertions, 61 deletions
diff --git a/include/libssh/session.h b/include/libssh/session.h index 3b79f42..123050e 100644 --- a/include/libssh/session.h +++ b/include/libssh/session.h @@ -129,8 +129,10 @@ struct ssh_session_struct { struct ssh_kbdint_struct *kbdint; int version; /* 1 or 2 */ /* server host keys */ - ssh_private_key rsa_key; - ssh_private_key dsa_key; + struct { + ssh_key rsa_key; + ssh_key dsa_key; + } srv; /* auths accepted by server */ int auth_methods; int hostkeys; /* contains type of host key wanted by client, in server impl */ @@ -333,8 +333,6 @@ void ssh_bind_free(ssh_bind sshbind){ int ssh_bind_accept(ssh_bind sshbind, ssh_session session) { - ssh_key dsa = NULL; - ssh_key rsa = NULL; socket_t fd = SSH_INVALID_SOCKET; int i; @@ -392,42 +390,20 @@ int ssh_bind_accept(ssh_bind sshbind, ssh_session session) { ssh_socket_set_fd(session->socket, fd); ssh_socket_get_poll_handle_out(session->socket); - /* FIXME */ -#if 0 if (sshbind->dsa) { - session->dsa_key = ssh_key_dup(sshbind->dsa); - if (session->dsa_key == NULL) { + session->srv.dsa_key = ssh_key_dup(sshbind->dsa); + if (session->srv.dsa_key == NULL) { ssh_set_error_oom(sshbind); return SSH_ERROR; } } if (sshbind->rsa) { - session->rsa_key = ssh_key_dup(sshbind->rsa); - if (session->rsa_key == NULL) { + session->srv.rsa_key = ssh_key_dup(sshbind->rsa); + if (session->srv.rsa_key == NULL) { ssh_set_error_oom(sshbind); return SSH_ERROR; } } -#else - if (sshbind->dsa) { - dsa = ssh_key_dup(sshbind->dsa); - if (dsa == NULL) { - ssh_set_error_oom(sshbind); - return SSH_ERROR; - } - session->dsa_key = ssh_pki_convert_key_to_privatekey(dsa); - } - - if (sshbind->rsa) { - rsa = ssh_key_dup(sshbind->rsa); - if (rsa == NULL) { - ssh_set_error_oom(sshbind); - return SSH_ERROR; - } - session->rsa_key = ssh_pki_convert_key_to_privatekey(rsa); - } - -#endif return SSH_OK; } diff --git a/src/server.c b/src/server.c index 6ee16e0..b189d56 100644 --- a/src/server.c +++ b/src/server.c @@ -54,7 +54,7 @@ #include "libssh/socket.h" #include "libssh/session.h" #include "libssh/misc.h" -#include "libssh/keys.h" +#include "libssh/pki.h" #include "libssh/dh.h" #include "libssh/messages.h" @@ -89,12 +89,12 @@ static int server_set_kex(ssh_session session) { ZERO_STRUCTP(server); ssh_get_random(server->cookie, 16, 0); - if (session->dsa_key != NULL && session->rsa_key != NULL) { + if (session->srv.dsa_key != NULL && session->srv.rsa_key != NULL) { if (ssh_options_set_algo(session, SSH_HOSTKEYS, "ssh-dss,ssh-rsa") < 0) { return -1; } - } else if (session->dsa_key != NULL) { + } else if (session->srv.dsa_key != NULL) { if (ssh_options_set_algo(session, SSH_HOSTKEYS, "ssh-dss") < 0) { return -1; } @@ -155,11 +155,11 @@ SSH_PACKET_CALLBACK(ssh_packet_kexdh_init){ } static int dh_handshake_server(ssh_session session) { + ssh_key pubkey; + ssh_key privkey; + ssh_string pubkey_blob; + ssh_string sig_blob; ssh_string f; - ssh_string pubkey; - ssh_string sign; - ssh_public_key pub; - ssh_private_key prv; if (dh_generate_y(session) < 0) { ssh_set_error(session, SSH_FATAL, "Could not create y number"); @@ -178,31 +178,32 @@ static int dh_handshake_server(ssh_session session) { switch(session->hostkeys){ case SSH_KEYTYPE_DSS: - prv = session->dsa_key; + privkey = session->srv.dsa_key; break; case SSH_KEYTYPE_RSA: - prv = session->rsa_key; + privkey = session->srv.rsa_key; break; default: - prv = NULL; + privkey = NULL; } - pub = publickey_from_privatekey(prv); - if (pub == NULL) { + pubkey = ssh_pki_publickey_from_privatekey(privkey); + if (pubkey == NULL) { ssh_set_error(session, SSH_FATAL, "Could not get the public key from the private key"); ssh_string_free(f); return -1; } - pubkey = publickey_to_string(pub); - publickey_free(pub); - if (pubkey == NULL) { - ssh_set_error(session, SSH_FATAL, "Not enough space"); + + pubkey_blob = ssh_pki_export_pubkey_blob(pubkey); + ssh_key_free(pubkey); + if (pubkey_blob == NULL) { + ssh_set_error_oom(session); ssh_string_free(f); return -1; } - dh_import_pubkey(session, pubkey); + dh_import_pubkey(session, pubkey_blob); if (dh_build_k(session) < 0) { ssh_set_error(session, SSH_FATAL, "Could not import the public key"); ssh_string_free(f); @@ -215,35 +216,35 @@ static int dh_handshake_server(ssh_session session) { return -1; } - sign = ssh_sign_session_id(session, prv); - if (sign == NULL) { + sig_blob = ssh_srv_pki_do_sign_sessionid(session, privkey); + if (sig_blob == NULL) { ssh_set_error(session, SSH_FATAL, "Could not sign the session id"); ssh_string_free(f); return -1; } /* Free private keys as they should not be readable after this point */ - if (session->rsa_key) { - privatekey_free(session->rsa_key); - session->rsa_key = NULL; + if (session->srv.rsa_key) { + ssh_key_free(session->srv.rsa_key); + session->srv.rsa_key = NULL; } - if (session->dsa_key) { - privatekey_free(session->dsa_key); - session->dsa_key = NULL; + if (session->srv.dsa_key) { + ssh_key_free(session->srv.dsa_key); + session->srv.dsa_key = NULL; } if (buffer_add_u8(session->out_buffer, SSH2_MSG_KEXDH_REPLY) < 0 || - buffer_add_ssh_string(session->out_buffer, pubkey) < 0 || + buffer_add_ssh_string(session->out_buffer, pubkey_blob) < 0 || buffer_add_ssh_string(session->out_buffer, f) < 0 || - buffer_add_ssh_string(session->out_buffer, sign) < 0) { + buffer_add_ssh_string(session->out_buffer, sig_blob) < 0) { ssh_set_error(session, SSH_FATAL, "Not enough space"); buffer_reinit(session->out_buffer); ssh_string_free(f); - ssh_string_free(sign); + ssh_string_free(sig_blob); return -1; } ssh_string_free(f); - ssh_string_free(sign); + ssh_string_free(sig_blob); if (packet_send(session) == SSH_ERROR) { return -1; } diff --git a/src/session.c b/src/session.c index ed82e50..eddcd5f 100644 --- a/src/session.c +++ b/src/session.c @@ -207,8 +207,9 @@ void ssh_free(ssh_session session) { SAFE_FREE(session->client_kex.methods); SAFE_FREE(session->server_kex.methods); - privatekey_free(session->dsa_key); - privatekey_free(session->rsa_key); + ssh_key_free(session->srv.dsa_key); + ssh_key_free(session->srv.rsa_key); + if(session->ssh_message_list){ ssh_message msg; while((msg=ssh_list_pop_head(ssh_message ,session->ssh_message_list)) |