diff options
Diffstat (limited to 'src/auth.c')
-rw-r--r-- | src/auth.c | 171 |
1 files changed, 0 insertions, 171 deletions
@@ -1435,177 +1435,6 @@ error: return rc; } -/** - * @brief Tries to automatically authenticate with public key and "none" - * - * It may fail, for instance it doesn't ask for a password and uses a default - * asker for passphrases (in case the private key is encrypted). - * - * @param[in] session The ssh session to authenticate with. - * - * @param[in] passphrase Use this passphrase to unlock the privatekey. Use NULL - * if you don't want to use a passphrase or the user - * should be asked. - * - * @returns SSH_AUTH_ERROR: A serious error happened\n - * SSH_AUTH_DENIED: Authentication failed: use another method\n - * SSH_AUTH_PARTIAL: You've been partially authenticated, you still - * have to use another method\n - * SSH_AUTH_SUCCESS: Authentication success - * - * @see ssh_userauth_kbdint() - * @see ssh_userauth_password() - */ -int ssh_userauth_autopubkey(ssh_session session, const char *passphrase) { - struct ssh_iterator *it; - ssh_private_key privkey; - ssh_public_key pubkey; - ssh_string pubkey_string; - int type = 0; - int rc; - - enter_function(); - - /* Always test none authentication */ - rc = ssh_userauth_none(session, NULL); - if (rc == SSH_AUTH_ERROR || rc == SSH_AUTH_SUCCESS) { - leave_function(); - return rc; - } - - /* Try authentication with ssh-agent first */ -#ifndef _WIN32 - rc = ssh_userauth_agent(session, NULL); - if (rc == SSH_AUTH_ERROR || rc == SSH_AUTH_SUCCESS) { - leave_function(); - return rc; - } - -#endif - - for (it = ssh_list_get_iterator(session->identity); - it != NULL; - it = it->next) { - const char *privkey_file = it->data; - int privkey_open = 0; - - privkey = NULL; - - ssh_log(session, SSH_LOG_PROTOCOL, "Trying to read privatekey %s", privkey_file); - - rc = ssh_try_publickey_from_file(session, privkey_file, &pubkey_string, &type); - if (rc == 1) { - char *publickey_file; - size_t len; - - privkey = privatekey_from_file(session, privkey_file, type, passphrase); - if (privkey == NULL) { - ssh_log(session, SSH_LOG_RARE, - "Reading private key %s failed (bad passphrase ?)", - privkey_file); - leave_function(); - return SSH_AUTH_ERROR; - } - privkey_open = 1; - - pubkey = publickey_from_privatekey(privkey); - if (pubkey == NULL) { - privatekey_free(privkey); - ssh_set_error_oom(session); - leave_function(); - return SSH_AUTH_ERROR; - } - - pubkey_string = publickey_to_string(pubkey); - type = pubkey->type; - publickey_free(pubkey); - if (pubkey_string == NULL) { - ssh_set_error_oom(session); - leave_function(); - return SSH_AUTH_ERROR; - } - - len = strlen(privkey_file) + 5; - publickey_file = malloc(len); - if (publickey_file == NULL) { - ssh_set_error_oom(session); - leave_function(); - return SSH_AUTH_ERROR; - } - snprintf(publickey_file, len, "%s.pub", privkey_file); - rc = ssh_publickey_to_file(session, publickey_file, pubkey_string, type); - if (rc < 0) { - ssh_log(session, SSH_LOG_PACKET, - "Could not write public key to file: %s", publickey_file); - } - SAFE_FREE(publickey_file); - } else if (rc < 0) { - continue; - } - - rc = ssh_userauth_offer_pubkey(session, NULL, type, pubkey_string); - if (rc == SSH_AUTH_ERROR){ - ssh_string_free(pubkey_string); - ssh_log(session, SSH_LOG_RARE, "Publickey authentication error"); - leave_function(); - return rc; - } else { - if (rc != SSH_AUTH_SUCCESS){ - ssh_log(session, SSH_LOG_PROTOCOL, "Publickey refused by server"); - ssh_string_free(pubkey_string); - continue; - } - } - - /* Public key accepted by server! */ - if (!privkey_open) { - ssh_log(session, SSH_LOG_PROTOCOL, "Trying to read privatekey %s", - privkey_file); - privkey = privatekey_from_file(session, privkey_file, type, passphrase); - if (privkey == NULL) { - ssh_log(session, SSH_LOG_RARE, - "Reading private key %s failed (bad passphrase ?)", - privkey_file); - ssh_string_free(pubkey_string); - continue; /* continue the loop with other pubkey */ - } - } - - rc = ssh_userauth_pubkey(session, NULL, pubkey_string, privkey); - if (rc == SSH_AUTH_ERROR) { - ssh_string_free(pubkey_string); - privatekey_free(privkey); - leave_function(); - return rc; - } else { - if (rc != SSH_AUTH_SUCCESS){ - ssh_log(session, SSH_LOG_RARE, - "The server accepted the public key but refused the signature"); - ssh_string_free(pubkey_string); - privatekey_free(privkey); - continue; - } - } - - /* auth success */ - ssh_log(session, SSH_LOG_PROTOCOL, - "Successfully authenticated using %s", privkey_file); - ssh_string_free(pubkey_string); - privatekey_free(privkey); - - leave_function(); - return SSH_AUTH_SUCCESS; - } - - /* at this point, pubkey is NULL and so is privkeyfile */ - ssh_log(session, SSH_LOG_PROTOCOL, - "Tried every public key, none matched"); - ssh_set_error(session,SSH_NO_ERROR,"No public key matched"); - - leave_function(); - return SSH_AUTH_DENIED; -} - ssh_kbdint kbdint_new(void) { ssh_kbdint kbd; |